Can you tell me if I'm infected?

**lamaline** · 27-08-2010

I tried to synch my iPad the other day, and iTunes crashed... After that, my computer began seriously to lag and I have some files on my desktop I can't delete as they seem to be undiscoverable. I have tried to delete them through the DOS but no joy.
After that ms outlook was a bit moody.
But I have run all your bits and for some reasons the computer seems to be back to its old self. I haven't tried the iPad synch again though...
I' ll try to run OTL again to complete the procedure.
Thanks for your help.

**broni** · 28-08-2010

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

**lamaline** · 29-08-2010

Here is OTL

OTL logfile created on: 29/08/2010 16:30:06 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 214.80 Gb Free Space | 72.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY-PC
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/29 16:29:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL (1).exe
PRC - [2010/08/18 02:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
PRC - [2010/07/07 13:06:01 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/06/22 06:19:01 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Admin\AppData\Local\Google\Update\1.2.183 .29\GoogleCrashHandler.exe
PRC - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/07 13:51:24 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/14 10:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2010/05/11 11:16:34 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/10/28 12:57:22 | 000,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/09/30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/14 10:54:04 | 000,225,362 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_2ba5baa4\stacsv.exe
PRC - [2008/08/14 10:54:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_2ba5baa4\AEstSrv.exe
PRC - [2008/06/05 16:26:36 | 001,804,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/06/05 16:26:36 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

========== Modules (SafeList) ==========

MOD - [2010/08/29 16:29:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL (1).exe
MOD - [2009/04/11 07

38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb7 2f96088b0de0\comctl32.dll
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 19:13:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/28 12:57:22 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/08/14 10:54:04 | 000,225,362 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_2ba5baa4\stacsv.exe -- (STacSV)
SRV - [2008/08/14 10:54:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_2ba5baa4\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Admin\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/01/26 03:46:02 | 000,061,984 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/03/08 18:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 08:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/14 10:54:06 | 000,382,976 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/04 03:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/05/21 05:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/02/24 03:40:18 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/02/15 19:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/29 19:46:58 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/01/29 18:54:02 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/01/29 18:54:02 | 000,017,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/01/29 18:54:00 | 000,100,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/07/30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/25 16:41:30 | 000,014,416 | ---- | M] (Portrait Displays, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pdihwctl.sys -- (PDIHWCTL)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2004/10/15 08:54:56 | 000,044,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\i1display.sys -- (i1display)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Games.co.uk - Free Online Games, Free Games Online, Flash Games!
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 6E CF D6 82 D4 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

[2010/03/09 16

46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/au...20100520091748 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi9 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer9 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave9 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/27 17:35:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/27 17:23:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/27 17:23:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/27 17:23:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/27 17:23:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/27 17:23:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/27 17:23:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/25 13:44:08 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/25 13:37:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2010/08/25 13:37:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/25 13:37:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/25 13:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/25 13:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/24 14:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/24 11:37:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Jane s Hotel
[2010/08/23 15:44:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Oberon Games
[2010/08/23 15:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Games.co.uk
[2010/08/23 12:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MumboJumbo
[2010/08/20 16:15:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2010/08/20 15:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\GoBit Games
[2010/08/19 16:08:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\NevoSoft Games
[2010/08/19 14:48:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\GamesCafe
[2010/08/18 14:29:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Boomzap
[2010/08/17 10:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy3_Russia
[2010/08/10 15:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\HipSoft
[2010/08/10 09:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/04 09:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Go Go Gourmet
[2010/08/03 16:32:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Menge
[2010/08/03 16:32:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Zylom Games
[2010/07/27 12:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\The Mirror Mysteries
[2010/07/27 10:53:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Virtual City
[2010/07/26 12:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kingdom
[2010/07/25 17:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/25 17:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/07 13:06:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/07/07 13:06:03 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/07/07 13:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/07/07 13:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/07/07 13:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/07/07 13:05:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Real
[2010/07/07 11:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/04 10:48:37 | 000,000,000 | ---D | C] -- C:\Users\Admin\{570b85df-a403-4be8-bcc8-4031aeeffd77}
[2010/07/04 10:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/07/04 10:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/07/04 10:46:16 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010/07/04 10:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/06/30 10:40:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Settlement. Colossus
[2010/06/28 12:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2010/06/28 11:32:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Zylomv1001
[2010/06/27 13:30:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\GretagMacbeth
[2010/06/27 13:22:56 | 000,014,416 | ---- | C] (Portrait Displays, Inc.) -- C:\Windows\System32\drivers\pdihwctl.sys
[2010/06/27 13:22:52 | 000,126,976 | ---- | C] (Portrait Displays, Inc.) -- C:\Windows\System32\drivers\direci2c.dll
[2010/06/27 13:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\GretagMacbeth
[2010/06/23 09:31:08 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Artogon
[2010/06/21 13:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/18 10:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\rionix
[2010/06/16 16:29:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Oberon Games
[2010/06/16 16:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Games
[2010/06/15 17:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Convert AVI to MP4
[2010/06/15 15:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/06/10 12:12:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\freshgames
[2010/06/10 12:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\freshgames
[2010/06/09 11:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\BC Soft Games
[2010/06/08 16:41:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft Games
[2010/06/08 11:15:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\JollyBear
[2010/06/08 11:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\JollyBear
[2010/06/07 10:20:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\LDW
[2010/06/04 11:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/06/02 11:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment

========== Files - Modified Within 90 Days ==========

[2010/08/29 16:29:40 | 005,242,880 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT
[2010/08/29 16:24:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-684716456-419228589-3536278410-1000UA.job
[2010/08/29 16:23:32 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/29 16:23:32 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/29 16:23:32 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/29 16:16:20 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/29 16:16:20 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/29 16:16:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/29 16:16:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/29 16:16:09 | 3215,867,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/27 19:18:05 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/27 19:18:03 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms
[2010/08/27 19:18:03 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/27 17:33:09 | 000,000,241 | ---- | M] () -- C:\Windows\system.ini
[2010/08/26 18:49:18 | 002,400,690 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2010/08/25 17:12:03 | 169,863,665 | ---- | M] () -- C:\Users\Admin\Desktop\The.Illusionist[2006]DvDrip[Eng]-aXXo.mp4
[2010/08/25 14:06:51 | 266,579,766 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/25 10:42:02 | 000,098,816 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 11:33:03 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-684716456-419228589-3536278410-1000Core.job
[2010/08/23 13:35:43 | 000,001,356 | ---- | M] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2010/08/13 11

00 | 000,061,440 | ---- | M] () -- C:\Users\Admin\Desktop\Menu 4 sept.doc
[2010/08/13 08:49:44 | 002,192,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/11 18

11 | 000,040,960 | ---- | M] () -- C:\Users\Admin\Documents\Liste anniv.doc
[2010/07/25 17:26:43 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/07 13:06:03 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/07/06 15:01:18 | 000,518,718 | ---- | M] () -- C:\Users\Admin\Documents\billet guillemette sept.pdf
[2010/07/04 11:06:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDrive r_01_09_00.Wdf
[2010/06/27 13:22:56 | 000,002,179 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logo Calibration Loader.lnk
[2010/06/27 13:22:56 | 000,002,059 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ProfileReminder.lnk
[2010/06/15 17:13:48 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\Convert AVI to MP4.lnk
[2010/06/15 15:44:32 | 000,000,943 | ---- | M] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/07 18:14:50 | 000,012,962 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Comma Separated Values (DOS).CAL
[2010/06/05 09:27:22 | 000,711,206 | ---- | M] () -- C:\Users\Admin\Documents\L-308S_Instr_Manual.pdf

========== Files Created - No Company Name ==========

[2010/08/27 17:23:52 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/27 17:23:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/27 17:23:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/27 17:23:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/27 17:23:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/25 14:10:30 | 3215,867,904 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/25 13:44:03 | 266,579,766 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/08/24 04:18:36 | 169,863,665 | ---- | C] () -- C:\Users\Admin\Desktop\The.Illusionist[2006]DvDrip[Eng]-aXXo.mp4
[2010/08/19 16:08:29 | 000,000,011 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\NevoSoft Gameslog.txt
[2010/08/12 17:45:28 | 000,061,440 | ---- | C] () -- C:\Users\Admin\Desktop\Menu 4 sept.doc
[2010/07/25 17:26:43 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/06 15:01:18 | 000,518,718 | ---- | C] () -- C:\Users\Admin\Documents\billet guillemette sept.pdf
[2010/07/04 11:06:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDrive r_01_09_00.Wdf
[2010/06/27 13:22:56 | 000,002,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logo Calibration Loader.lnk
[2010/06/27 13:22:56 | 000,002,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ProfileReminder.lnk
[2010/06/27 13:22:52 | 000,044,344 | ---- | C] () -- C:\Windows\System32\drivers\i1display.sys
[2010/06/15 17:13:48 | 000,000,837 | ---- | C] () -- C:\Users\Public\Desktop\Convert AVI to MP4.lnk
[2010/06/15 15:44:32 | 000,000,943 | ---- | C] () -- C:\Users\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/07 18:14:50 | 000,012,962 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Comma Separated Values (DOS).CAL
[2010/06/05 09:27:22 | 000,711,206 | ---- | C] () -- C:\Users\Admin\Documents\L-308S_Instr_Manual.pdf
[2010/03/27 09:58:08 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dprsx.dll
[2010/03/27 09:58:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\gpvbd.dll
[2010/03/27 09:58:08 | 000,027,136 | ---- | C] () -- C:\Windows\System32\AuthDVD.DLL
[2010/03/21 17:30:53 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/03/21 17:30:52 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/03/19 10:19:33 | 000,098,816 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/12 13

39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/08 19:08:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/08 17:41:22 | 000,017,513 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/03/08 06:45:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2010/03/08 06:40:15 | 000,001,356 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/02/19 07:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 14

00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/05/03 08:44:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon
[2010/06/23 09:31:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Artogon
[2010/05/26 11:37:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Big Fish Games
[2010/08/18 14:29:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Boomzap
[2010/05/27 09:41:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Curious Sense
[2010/04/12 08:30:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Farm Mania
[2010/04/13 16:11:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Farm Mania 2
[2010/05/02 17:44:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Flood Light Games
[2010/03/18 12:05:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FlyWheelGames
[2010/06/10 12:12:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\freshgames
[2010/08/19 14:48:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GamesCafe
[2010/08/20 16:15:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2010/06/27 13:30:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GretagMacbeth
[2010/03/23 16:29:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HiT-MM
[2010/03/24 09:57:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Image Zone Express
[2010/08/24 11:37:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Jane s Hotel
[2010/08/19 16:08:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NevoSoft Games
[2010/05/19 17:22:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nokia
[2010/04/26 19:13:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Oberon 3 Days Zoo Mystery
[2010/06/16 16:29:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Oberon Games
[2010/05/12 11:25:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Oberonv1001
[2010/03/08 15:24:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite
[2010/04/20 14:41:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Peace Craft
[2010/08/17 09:24:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PlayFirst
[2010/03/24 09:57:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Printer Info Cache
[2010/04/09 15:20:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\RobinsonCrusoeOM
[2010/06/30 10:40:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Settlement. Colossus
[2010/05/27 11:01:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ShinyTales
[2010/04/29 10:19:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SPIL Games
[2010/04/13 09:19:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TitanicMystery
[2010/07/27 10

13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Virtual City
[2010/08/23 12:14:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Zylom
[2010/06/28 11:32:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Zylomv1001
[2010/08/27 19:18:06 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/03/08 14:31:03 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/08/27 17:35:57 | 000,014,631 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/08/29 16:16:09 | 3215,867,904 | -HS- | M] () -- C:\hiberfil.sys
[2007/02/01 09:24:24 | 000,258,048 | ---- | M] (Hewlett-Packard) -- C:\hpzids01.dll
[2010/08/29 16:16:08 | 3529,482,240 | -HS- | M] () -- C:\pagefile.sys
[2010/08/27 09:25:54 | 000,001,065 | ---- | M] () -- C:\rkill.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/02/02 11:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4v2 .dll
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.d ll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/03/13 20:07:04 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SVXWVBPTSVBVVFN4TF1R VLNVCL1XYRVBHV9TJVHVVPVVVVVVVJVV
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SVXWV4PVSVVVV8N4TF1R VDNVCLPT4WP9HVM8G6XVFGVXVF5VVJVP
@Alternate Data Stream - 64 bytes -> C:\Users\Admin\Desktop\The.Illusionist[2006]DvDrip[Eng]-aXXo.mp4:TOC.WMV
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:EAB1AD1B
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:8C443193
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:51387F29
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:7A0A894A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:726A7C8D
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:41C283B2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:3965C4E8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:B310C233
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B8EA2C49
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F854B030
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B750A13
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B84EF836
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:956EC010
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5925E400
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:700B8E2E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6CC1CB6D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5E3FBF9D
< End of report >

Here is Extra

OTL Extras logfile created on: 29/08/2010 16:30:06 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 214.80 Gb Free Space | 72.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY-PC
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0CB3E9CA-4327-40D3-93F1-435575122DDE}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{0D6E6B1E-0113-4C60-82EC-4B7F8076F27A}" = rport=139 | protocol=6 | dir=out | app=system |
"{2F4DFF04-5857-4F88-8DFE-F28D5415B550}" = lport=445 | protocol=6 | dir=in | app=system |
"{358BF5FB-3383-47C6-9E6D-E1E9668AD379}" = lport=137 | protocol=17 | dir=in | app=system |
"{474D6818-B0E8-4C70-B64E-7146FDAB2717}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4C027858-7D43-4977-9FF4-AEE4FCE02BF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{63946178-889B-4CB5-B28E-314C3EFDC4A7}" = rport=137 | protocol=17 | dir=out | app=system |
"{BD162C4D-A0D3-40DF-A81D-971BEB4D35AB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D216198C-E127-400F-9563-B7C05C20359A}" = rport=445 | protocol=6 | dir=out | app=system |
"{D5E956C2-DF49-4ED6-ADC7-42D92221F2BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E5C685FF-E0BA-4245-9AD8-B8102CF6A0E1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ECB90964-2067-41DC-B8DB-999132B1D0F4}" = rport=138 | protocol=17 | dir=out | app=system |
"{EF8FBE36-23A2-4508-B7CC-E00DDF99BF8F}" = lport=139 | protocol=6 | dir=in | app=system |
"{F90716DD-BDB6-4D82-B2AA-1B25194A418D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{18A37D86-9B59-40A2-BD7D-10105DA1B8A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2073B6B0-7CDB-4305-84E4-7A6709AB0624}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3868FE2D-2BE3-4435-BB5D-7A7469AE54D4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5566A4FA-FE3D-4CA4-B39E-81D3CA3BFF01}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6EBDC9E4-003B-47A4-9F54-AA764CEFA6F9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6FCFBF0C-F63A-4430-B7B0-29BE1698EEEC}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.ex e |
"{84EC0059-30F0-45B9-9173-7DD149ABDB11}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C5E02AD-72BC-42E1-8B6A-98A4BFA570CA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{97238846-BCA5-49F0-B169-6A6CA5DE0E68}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A9E596D8-C7C7-4A47-846C-5E470D74F577}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.ex e |
"{B8D9C6FE-DDEA-4CB0-9254-2ED2F12A19C1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{BA64FA6B-0DF2-430C-A2CA-179571243399}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BF56507D-B477-491B-ABA3-984FC02DA8A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB225230-3C3B-4C55-A910-5C54EBB450B0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11D03BF4-A66F-325E-7762-4F64586C673F}" = Catalyst Control Center Graphics Full New
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 21
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}" = ccc-core-static
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{496C34BF-9DE5-9628-48CC-052DD6A8453E}" = Catalyst Control Center Core Implementation
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACBE725-9800-54D0-4B4B-4B1BD3E97E7E}" = FlipShare
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65E4B9D4-D276-B3BF-51E7-800D2ADFEB08}" = ATI Catalyst Install Manager
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79FBDD2E-DD2B-141A-DCF0-B8C125B5A008}" = Catalyst Control Center Graphics Previews Vista
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94333A1C-DC4A-E70F-FA92-16AB6F2443D6}" = Catalyst Control Center Graphics Full Existing
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{974BBAF1-048D-4230-2254-62FEA00B18E9}" = Skins
"{998D91BE-65FE-8B9D-5C6E-1D52401EAAA1}" = CCC Help English
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A4874CD2-6942-E7A7-3690-277B9CB56DF5}" = Catalyst Control Center Graphics Light
"{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ADC7FA12-E165-428a-AF13-4CE686E030AA}" = C5100
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AFE36C05-B442-4DEA-9BFB-2D72C8A1E153}" = Intel(R) PROSet/Wireless WiFi Driver
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B578DD15-CB17-CBB8-611E-D1AE7D5568AC}" = Catalyst Control Center Graphics Previews Common
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3171626-2269-7CF9-82AC-7BFC534A0E6A}" = ccc-utility
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AC3 Decoder v.1.2.4b" = AC3 Decoder v.1.2.4b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485 DF8CE.1" = Adobe Media Player
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Eye-One Match_is1" = Eye-One Match 3.6.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Nokia PC Suite" = Nokia PC Suite
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"RealPlayer 12.0" = RealPlayer
"STANDARDR" = Microsoft Office Standard 2007
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/08/2010 07:06:44 | Computer Name = Family-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4695536

Error - 27/08/2010 07:06:44 | Computer Name = Family-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4695536

Error - 27/08/2010 07:06:45 | Computer Name = Family-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27/08/2010 07:06:45 | Computer Name = Family-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4696613

Error - 27/08/2010 07:06:45 | Computer Name = Family-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4696613

Error - 27/08/2010 07:06:46 | Computer Name = Family-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27/08/2010 07:06:46 | Computer Name = Family-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4697673

Error - 27/08/2010 07:06:46 | Computer Name = Family-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4697673

Error - 27/08/2010 14:18:01 | Computer Name = Family-PC | Source = EventSystem | ID = 4621
Description =

Error - 29/08/2010 11:17:51 | Computer Name = Family-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 16/03/2010 17:01:59 | Computer Name = Family-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 644
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/03/2010 06:45:29 | Computer Name = Family-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 539 seconds with 480 seconds of active time. This session ended with a crash.

Error - 18/05/2010 12:47:02 | Computer Name = Family-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32157
seconds with 1620 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 19/05/2010 14:30:54 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description =

Error - 19/05/2010 14:35:13 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description =

Error - 19/05/2010 14:35:13 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description =

Error - 19/05/2010 14:35:13 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description =

Error - 19/05/2010 14:35:13 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description =

Error - 19/05/2010 14:35:13 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description =

Error - 19/05/2010 14:35:13 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description =

Error - 19/05/2010 14:35:13 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description =

Error - 19/05/2010 14:36:47 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description =

Error - 19/05/2010 14:36:47 | Computer Name = Family-PC | Source = DCOM | ID = 10016
Description =

< End of report >

**broni** · 29-08-2010

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SVXWVBPTSVBVVFN4TF1R VLNVCL1XYRVBHV9TJVHVVPVVVVVVVJVV
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SVXWV4PVSVVVV8N4TF1R VDNVCLPT4WP9HVM8G6XVFGVXVF5VVJVP
@Alternate Data Stream - 64 bytes -> C:\Users\Admin\Desktop\The.Illusionist[2006]DvDrip[Eng]-aXXo.mp4:TOC.WMV
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:EAB1AD1B
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:8C443193
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:51387F29
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:7A0A894A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:726A7C8D
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:41C283B2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:3965C4E8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:B310C233
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B8EA2C49
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F854B030
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B750A13
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B84EF836
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:956EC010
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5925E400
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:700B8E2E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6CC1CB6D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5E3FBF9D


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

================================================== ============

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

**lamaline** · 29-08-2010

Here is the log from OTL

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8 A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Int ernet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Inte rnet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717 E-7E19-11d0-97EE-00C04FD91972}\ not found.
Unable to delete ADS C:\ProgramData\TEMP:EAB1AD1B @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:8C443193 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:51387F29 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:7A0A894A @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:726A7C8D @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:41C283B2 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:3965C4E8 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:B310C233 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:550179F5 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B8EA2C49 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:F854B030 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A42A9F39 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B750A13 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:77846FFE @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B84EF836 @Alternate Data Str .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 1754322 bytes
->Temporary Internet Files folder emptied: 6887041 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 85958125 bytes
->Flash cache emptied: 2357 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 122359 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 90.00 mb

[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.11.0 log created on 08292010_171702

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Moving on with the last scans.

**lamaline** · 29-08-2010

Security check log:

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
Microsoft Security Essentials successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3.4
Japanese Fonts Support For Adobe Reader 9
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

------

**broni** · 29-08-2010

So far, so good

**lamaline** · 03-09-2010

i have problems with the kaspersky scan
takes ages and doesn't produce any report...
i have desactivated my firewall...

**broni** · 04-09-2010

Try this one instead....

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
IMPORTANT! UN-check Remove found threats
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

**lamaline** · 04-09-2010

here is the report.
only 1 threat found...

C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\ {ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\P laySushiFF.dll probably a variant of Win32/Adware.Gamevance.AG application

Can you tell me if I'm infected?

re: Can you tell me if I'm infected?

Similar Threads

Am I still infected?

I think I may be infected!

ahh help im infected!

I.E7 ' infected'?

Infected