[Sking0]

Hi.
I know it's a bit of an old chestnut but i am having trouble with this explorer.exe.
I have windows XP SP3. I use Zonealarm (bought) and no-script. Have used Zonealarm for about 8 years and never had this trouble before.
When i boot up i randomly get the wallpaper and no icons, task bar. I can use task manager, file, new task, explorer.exe to get the desktop running.
When i say this is random, it happens about 4 out of 10 start-ups. I have read loads about this and tried a few basic things but this doesn't seem to go away.
This problem has something to do with Zonealarm because zonealarm doesn't start up automatically when i get the blank screen, the two problems go hand in hand.
I have been to zonealarm forums but i haven't seen a solve for this. I have reinstalled Zonealrm twice. Have tried the 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution.options' but cannot even see explorer.exe in that folder. I don't even know if it should be in there as i have read so many things about this that i have lost my way :-( Oh and a couple of posts i read about it were way over my head.
I read somewhere that a repair reinstall of XP would work. I am wondering if, A. I will start having trouble with existing programs on my pc if i do this and B.I will have to get all the windows updates back by going to microsoft site and searching for recommended updates but would i have to manually get Service packs and if so do i have to install all three in the right order or can i just install SP3?
I have run full scan with Malwarebytes and it found 2 trojans but i still get the problem.
To be honest it is no hardship taking ten seconds to use task manager on the random occasion to get the desktop up so i would rather put up with it that do a repair reinstall but i was wondering if somebody knows a fix.
If there is anything i can do to provide more information let me know and i will update this post.
Thanks in advance. :-)

[Advertisements]

Hello Sking0 and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan/Fixes box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

• OTL log
• OTL Extras log
• GMER log

It would be helpful if you could post each log in separate post using "Add Reply" button

[maliprog]

Hello Sking0 and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan/Fixes box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

• OTL log
• OTL Extras log
• GMER log

It would be helpful if you could post each log in separate post using "Add Reply" button

[Sking0]

Hi. Thanks for the help. I have a problem. I ran the OTL and have the text documents but when i try and run GMER it freezes.
I tried it the 1st time and it froze after about 2 seconds of scanning, the second time it froze after about 2 seconds and the third time after about 5 seconds.
Each time it had a different file name at the bottom of the window so it wasn't freezing at the same point every time. I couldn't move the mouse cursor or open task manager.
I left it for about half an hour sitting like that because the green and red lights on the tower were solid so i thought it might be doing something.
I read the list of programs to shut down and i disabled my zonealarm and windows firewall. No other programs were running.
I did everything as you said but it just keeps freezing. :-(

[maliprog]

OK. Please post OTL log for now.

[Sking0]

OTL logfile created on: 23/07/2012 16:38:05 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Simon King\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.78 Gb Available Physical Memory | 85.68% Memory free
5.08 Gb Paging File | 4.78 Gb Available in Paging File | 93.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 625.79 Gb Free Space | 89.57% Space Free | Partition Type: NTFS
Drive D: | 639.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SIMON | User Name: Simon King | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/23 16:26:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon King\My Documents\OTL.exe
PRC - [2011/11/03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 13:25:10 | 000,598,016 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/01/29 13:24:46 | 000,163,840 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2007/12/27 16:39:30 | 000,166,520 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2007/12/27 16:39:20 | 000,051,816 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/19 16:39:34 | 000,013,120 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2010/11/04 09:51:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2008/01/29 13:25:10 | 000,598,016 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
MOD - [2008/01/29 13:24:46 | 000,163,840 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
MOD - [2008/01/29 13:18:40 | 000,454,656 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
MOD - [2008/01/29 13:17:38 | 000,102,400 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
MOD - [2007/12/27 16:39:30 | 000,166,520 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
MOD - [2007/12/27 16:39:20 | 000,051,816 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/18 20:18:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/26 08:41:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/12/06 17:05:52 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/11/03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/27 01:36:52 | 000,166,912 | ---- | M] (Softomotive) [On_Demand | Stopped] -- C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe -- (WinAutomation Service)
SRV - [2008/01/29 13:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/29 13:24:46 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2007/12/27 16:39:30 | 000,166,520 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2007/12/27 16:39:20 | 000,051,816 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- J:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- J:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- J:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\SIMONK~1\LOCALS~1\Temp\axtdypog.sys -- (axtdypog)
DRV - [2011/12/20 08:39:28 | 000,100,368 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/12/18 21:04:24 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/12/06 04:42:18 | 007,490,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/11/03 15:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/11/03 15:44:18 | 000,036,744 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2011/11/01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/11/01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/11/01 11:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/03/12 20:37:51 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2011/02/23 20:38:25 | 006,321,768 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/02/23 20:38:22 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2011/02/23 20:38:20 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/10/14 17:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/10/14 17:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/09/21 16:51:58 | 000,327,256 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/01/15 13:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/11/17 08:43:56 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/11/17 08:43:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/10/12 08:53:10 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/06/24 22:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007/06/24 22:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/06/24 22:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/06/04 19:25:14 | 000,016,048 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2007/06/04 19:25:12 | 000,162,096 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\CLBUDF.sys -- (CLBUDF)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/05 21:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/05 21:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 21:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007/03/05 21:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 21:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2005/11/03 11:52:38 | 000,035,200 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2005/05/25 04:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI Afterburner\RTCore32.sys -- (RTCore32)
DRV - [2003/04/10 12:42:56 | 000,048,384 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiNtHid.sys -- (SaiNtHid)
DRV - [2003/04/10 12:42:32 | 000,019,200 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiNtSub.sys -- (SaiNtSub)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {4E2BDC23-1E9B-46EC-9C46-ED1464135862}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4E2BDC23-1E9B-46EC-9C46-ED1464135862}: "URL" = http://www.google.co...&rlz=1I7GGHP_en
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Extreme Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Extreme Security Customized Web Search"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.3.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.12
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.7
FF - prefs.js..extensions.enabledItems: [email protected]:2011.10.27
FF - prefs.js..keyword.URL: "http://www.google.co...nt&hl=en-GB&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Fiddler2\FiddlerHook [2011/10/27 23:29:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/05 18:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/12/02 17:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2012/03/10 17:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/07/01 13:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/26 08:41:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/05 18:04:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/11/05 14:42:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2012/03/10 17:42:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Simon King\Application Data\IDM\idmmzcc3 [2011/11/15 22:14:13 | 000,000,000 | ---D | M]

[2011/02/23 12:17:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon King\Application Data\Mozilla\Extensions
[2012/07/22 20:40:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\extensions
[2011/12/02 18:00:19 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/06/11 21:48:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/07/22 20:40:05 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2012/05/19 21:00:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/02/17 19:17:09 | 000,000,000 | ---D | M] (New Tab King) -- C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2011/02/28 14:43:01 | 000,000,000 | ---D | M] (CyberShadow's Bejeweled Blitz 3 Cheat) -- C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\extensions\[email protected]
[2011/11/14 20:33:10 | 000,000,000 | ---D | M] (New tab on homepage) -- C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\extensions\jid1-5PJYJpAc76PKYw@jetpack
[2011/10/27 17:19:14 | 000,000,000 | ---D | M] (leethax.net extension) -- C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\extensions\[email protected]
[2011/10/21 22:47:36 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\searchplugins\conduit.xml
[2011/07/08 12:06:55 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\searchplugins\daemon-search.xml
[2012/04/17 07:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/19 15:26:26 | 000,525,390 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON KING\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ANB7UXOH.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011/10/30 08:59:29 | 000,148,816 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SIMON KING\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\ANB7UXOH.DEFAULT\EXTENSIONS\[email protected]
[2012/06/26 08:41:04 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/26 08:41:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/26 08:41:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ISW] File not found
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D94816B-E72D-488F-879B-72A38EF08273}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Simon King\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Simon King\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/23 11:43:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/23 07:50:12 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2003/08/23 07:43:32 | 000,000,000 | R--D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2003/08/23 07:50:12 | 000,074,996 | R--- | M] () - D:\autorun.bmp -- [ CDFS ]
O32 - AutoRun File - [2003/08/23 07:50:12 | 002,334,720 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/08/23 07:50:11 | 000,003,638 | R--- | M] () - D:\autorun.ico -- [ CDFS ]
O33 - MountPoints2\{cf71d065-a939-11e0-9f0c-001966812017}\Shell - "" = AutoRun
O33 - MountPoints2\{cf71d065-a939-11e0-9f0c-001966812017}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf71d065-a939-11e0-9f0c-001966812017}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{cf71d065-a939-11e0-9f0c-001966812017}\Shell\install\command - "" = J:\Setup\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 10:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/28 10:12:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/28 10:10:40 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Simon King\My Documents\mbam-setup-1.62.0.1300.exe
[2012/07/23 16:26:51 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Simon King\My Documents\OTL.exe
[2012/07/06 17:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon King\Application Data\.mono
[2012/07/06 17:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012/07/06 17:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon King\My Documents\Tiger Woods PGA TOUR 12 The Masters
[2012/07/06 15:59:51 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller
[2012/07/06 15:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon King\Application Data\Origin
[2012/07/06 15:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon King\Local Settings\Application Data\Origin
[2012/07/06 15:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Origin
[2012/07/06 15:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Origin
[2012/07/06 15:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2012/07/06 15:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/07/06 15:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2012/07/01 13:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/07/01 13:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon King\Local Settings\Application Data\ZoneAlarm_Security
[2012/07/01 13:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2012/07/01 13:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2012/06/30 10:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2012/06/30 10:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012/06/30 10:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2012/06/30 10:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/06/29 13:55:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Simon King\Recent
[2012/06/23 22:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon King\Local Settings\Application Data\VS Revo Group
[2012/06/23 22:45:51 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/06/23 22:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2012/06/23 22:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/06/23 22:44:53 | 007,902,008 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Simon King\My Documents\RevoUninProSetup.exe
[2011/12/19 16:05:58 | 000,102,400 | ---- | C] (Info-ZIP) -- C:\Program Files\srEXT_Unzip.dll
[2011/12/19 16:05:57 | 000,741,438 | ---- | C] (Hybrid Holding, Ltd.) -- C:\Program Files\sr.dll
[2011/12/19 16:05:57 | 000,127,592 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Intro_Video.exe
[2011/12/19 16:05:57 | 000,118,876 | ---- | C] (Hybrid Holding, Ltd.) -- C:\Program Files\srEXT_JPEGImporter.dll
[2011/12/19 16:05:57 | 000,090,185 | ---- | C] (Hybrid Holding, Ltd.) -- C:\Program Files\srDD_Glide3x.dll
[2011/12/19 16:05:57 | 000,057,434 | ---- | C] (Hybrid Holding, Ltd.) -- C:\Program Files\srEXT_LWOImporter.dll
[2011/12/19 16:05:57 | 000,053,337 | ---- | C] (Hybrid Holding, Ltd.) -- C:\Program Files\srEXT_default.dll
[2011/12/19 16:05:57 | 000,045,142 | ---- | C] (Hybrid Holding, Ltd.) -- C:\Program Files\srEXT_Inspector.dll
[2011/12/19 16:05:57 | 000,036,942 | ---- | C] (Hybrid Holding, Ltd.) -- C:\Program Files\srDD_OpenGL.dll
[2011/03/07 17:45:25 | 005,296,197 | ---- | C] (Dark Byte ) -- C:\Program Files\CheatEngine60.exe
[2011/03/06 21:21:00 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2011/03/06 20:31:26 | 000,670,992 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2011/02/26 20:41:38 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup44.exe
[2011/02/26 18:03:11 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/30 16:17:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/30 15:54:30 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-287218729-725345543-1004.job
[2012/07/30 15:54:25 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-287218729-725345543-1004.job
[2012/07/30 15:53:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/29 00:27:11 | 000,138,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/07/28 10:13:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 10:11:23 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Simon King\My Documents\mbam-setup-1.62.0.1300.exe
[2012/07/25 15:24:43 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/25 15:24:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/23 16:32:36 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Simon King\My Documents\40kckt93.exe
[2012/07/23 16:26:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon King\My Documents\OTL.exe
[2012/07/18 12:10:44 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/18 07:22:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/17 14:36:18 | 000,000,593 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2012/07/17 14:36:08 | 000,001,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tiger Woods PGA TOUR 2004.lnk
[2012/07/17 05:47:57 | 000,013,758 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/02 08:27:42 | 000,416,454 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/07/01 19:20:40 | 000,466,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/01 19:20:40 | 000,081,708 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/01 13:35:59 | 000,000,128 | ---- | M] () -- C:\WINDOWS\System32\pdfl.dat
[2012/06/30 10:20:10 | 000,000,241 | ---- | M] () -- C:\WINDOWS\QSync.INI
[2012/06/30 10:19:45 | 000,000,816 | ---- | M] () -- C:\WINDOWS\_delis32.ini
[2012/06/30 10:16:25 | 000,000,265 | ---- | M] () -- C:\WINDOWS\setup.iss
[2012/06/29 20:50:37 | 003,644,438 | ---- | M] () -- C:\Documents and Settings\Simon King\My Documents\DSC08561.JPG
[2012/06/23 22:45:52 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/06/23 22:45:23 | 007,902,008 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Simon King\My Documents\RevoUninProSetup.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/28 10:13:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/23 16:32:36 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Simon King\My Documents\40kckt93.exe
[2012/07/18 07:16:18 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/07/17 14:36:08 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tiger Woods PGA TOUR 2004.lnk
[2012/07/03 18:47:06 | 003,644,438 | ---- | C] () -- C:\Documents and Settings\Simon King\My Documents\DSC08561.JPG
[2012/07/01 13:37:58 | 000,416,454 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/06/30 10:20:02 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2012/06/30 10:17:06 | 000,000,816 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2012/06/30 10:16:23 | 000,000,265 | ---- | C] () -- C:\WINDOWS\setup.iss
[2012/06/23 22:45:52 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/06/23 16:00:39 | 000,000,593 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2012/05/03 03:54:46 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2012/03/02 18:56:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\rtvcvfw32.dll
[2012/03/02 18:03:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/03/02 18:03:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/03/02 18:03:44 | 000,608,507 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/03/02 18:03:44 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/12/19 16:07:05 | 000,705,848 | ---- | C] () -- C:\Program Files\Installed.hid
[2011/12/19 16:07:05 | 000,270,336 | ---- | C] () -- C:\Program Files\Uninstall.exe
[2011/12/19 16:05:57 | 000,003,233 | ---- | C] () -- C:\Program Files\readme.htm
[2011/12/18 21:46:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\SaiCfg.dll
[2011/12/18 21:46:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\NX.exe
[2011/12/18 21:46:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\E2.exe
[2011/12/18 21:37:02 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\nY.exe
[2011/12/14 20:43:15 | 000,021,036 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/12/14 20:43:15 | 000,015,132 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/12/14 20:43:15 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/12/05 23:04:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/12/05 23:03:52 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/11/27 11:18:35 | 000,101,900 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1322388995.bdinstall.bin
[2011/11/27 11:14:44 | 000,061,417 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1322388806.bdinstall.bin
[2011/11/24 18:00:45 | 000,609,597 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1322151705.bdinstall.bin
[2011/11/23 23:31:31 | 000,629,263 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1322084635.bdinstall.bin
[2011/09/20 15:34:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/15 15:14:45 | 000,001,471 | ---- | C] () -- C:\Program Files\gameid-112.zip
[2011/07/07 17:15:55 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2011/05/04 11:43:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Simon King\Local Settings\Application Data\{429D598B-82CB-43E2-AF6B-BA419A59D9B6}
[2011/04/24 02:16:35 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Simon King\PCTuneUp.config
[2011/03/31 16:51:27 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2011/03/14 09:37:39 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/14 09:37:38 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/14 09:37:38 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/14 09:37:28 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/02/25 19:05:10 | 007,133,675 | ---- | C] () -- C:\Program Files\xfire_installer_43094.exe
[2011/02/24 20:46:59 | 000,138,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/02/24 20:46:50 | 000,202,448 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/02/24 20:46:44 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/02/23 20:54:04 | 000,046,592 | ---- | C] () -- C:\Documents and Settings\Simon King\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/23 19:11:35 | 000,000,397 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2011/02/23 19:02:27 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2011/02/23 15:11:39 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011/02/23 12:16:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/23 12:07:35 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2011/02/23 12:07:35 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2011/02/23 12:07:35 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2011/02/23 11:49:29 | 000,003,636 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/02/23 11:49:02 | 000,005,870 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/02/23 11:49:01 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/02/23 11:44:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/02/23 11:41:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/02/23 11:33:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/02/23 11:31:45 | 000,274,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/22 20:00:00 | 000,565,313 | ---- | C] () -- C:\Program Files\Supreme_v1.035.exe
[2010/12/22 20:00:00 | 000,565,313 | ---- | C] () -- C:\Program Files\Supreme.exe
[2010/11/14 08:00:00 | 000,030,720 | ---- | C] () -- C:\Program Files\Display_Config.exe
[2010/09/02 08:33:54 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\bdmjpeg.dll
[2010/09/02 08:32:52 | 000,058,368 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll

========== LOP Check ==========

[2011/03/16 20:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2012/07/01 13:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/07/08 12:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/02/23 20:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2012/07/06 17:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012/06/19 18:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
[2012/07/06 17:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011/12/08 19:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/08/26 10:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FREEzeFlipSA
[2012/03/10 17:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/02/23 12:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2012/03/10 17:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2012/03/14 17:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2012/07/06 17:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2011/03/12 22:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/05/03 17:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/02/24 21:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softomotive
[2011/03/01 16:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/11/04 10:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/24 21:43:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A873B996-98E1-4641-B671-D1B514B55224}
[2011/06/21 13:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\.minecraft
[2012/07/06 17:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\.mono
[2011/08/28 23:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\Amazon
[2011/04/08 12:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\AnvSoft
[2011/08/25 19:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\Audacity
[2012/06/07 14:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\Azureus
[2011/05/04 11:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\BANDISOFT
[2011/02/23 12:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\CheckPoint
[2012/01/23 07:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\DAEMON Tools Lite
[2011/11/25 10:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\DMCache
[2011/02/23 20:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\DriverCure
[2012/02/09 11:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\ElevatedDiagnostics
[2011/07/08 10:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\Firstload
[2011/07/12 12:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\FreeFLVConverter
[2011/12/02 18:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\Garmin
[2011/11/14 20:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\GetRightToGo
[2011/11/15 22:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\IDM
[2011/11/16 20:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\jdast
[2011/02/23 12:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\MailFrontier
[2012/03/10 18:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\Nokia
[2012/03/10 18:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\Nokia Suite
[2012/07/06 15:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\Origin
[2012/03/14 17:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\PC Suite
[2011/03/01 16:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\Publish Providers
[2011/11/23 22:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\QuickScan
[2011/05/18 09:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\Rovio
[2011/03/01 22:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\Sony
[2011/02/23 17:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\SystemRequirementsLab
[2011/04/08 12:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\Sytexis Software
[2011/11/05 14:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\Thunderbird
[2011/07/12 11:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\Youtube Downloader HD
[2011/07/12 12:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon King\Application Data\Youtube to MP3 Converter
[2012/06/23 12:21:37 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\expresszipShakeIcon.job
[2012/06/14 16:33:43 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionDowngrade.job
[2012/06/14 16:33:44 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2008/04/29 16:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/07/01 14:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
[2008/07/01 14:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Simon King\My Documents\ZASPSetupWeb_101_065_000.exe:BDU
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

[Sking0]

OTL Extras logfile created on: 23/07/2012 16:38:05 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Simon King\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.78 Gb Available Physical Memory | 85.68% Memory free
5.08 Gb Paging File | 4.78 Gb Available in Paging File | 93.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 625.79 Gb Free Space | 89.57% Space Free | Partition Type: NTFS
Drive D: | 639.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SIMON | User Name: Simon King | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"H:\Release\Orange.exe" = H:\Release\Orange.exe:*:Enabled:Orange Wireless Router Installation
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\amd driver updater, xp, 32 bit\Setup.exe" = C:\Program Files\Steam\steamapps\common\amd driver updater, xp, 32 bit\Setup.exe:*:Enabled:AMD Driver Updater, XP, 32 bit -- (Advanced Micro Devices, Inc.)
"C:\Program Files\Steam\steamapps\common\skyrim\SkyrimLauncher.exe" = C:\Program Files\Steam\steamapps\common\skyrim\SkyrimLauncher.exe:*:Enabled:The Elder Scrolls V: Skyrim -- (Bethesda Softworks)
"C:\Program Files\Origin Games\Tiger Woods 12\TWOLauncher.exe" = C:\Program Files\Origin Games\Tiger Woods 12\TWOLauncher.exe:*:Enabled:Tiger Woods PGA TOUR® 12: The Masters -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08ED1CD1-1CB1-B7CE-677E-110D0A118590}" = AMD Catalyst Install Manager
"{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4™
"{16EB8FB7-A791-B483-FBF2-81E56AD1E936}" = Catalyst Control Center Localization All
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1A47E3FB-A5FE-C27E-B080-8EAF73B782AC}" = Catalyst Control Center
"{1D89DBCF-9569-45F6-9392-9E64820ED2DD}" = ZoneAlarm Antivirus
"{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Hi-Def Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{245D1CB3-F7AF-C30E-715D-B065F433789D}" = ATI Problem Report Wizard
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 27
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C7946AF-8AE9-6369-0075-7A3419F59441}" = Catalyst Control Center InstallProxy
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{33AEE368-3F04-27E3-39C2-F41E1C4611B6}" = CCC Help English
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9E0E2F-B0D1-452B-B833-7A7300EA1231}" = Saitek NT Controller Drivers
"{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D43EA3E-6E75-5609-635A-1426449D7FE5}" = ATI AVIVO Codecs
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{67F5E390-8E09-4AE4-B7F2-705AFD23D86D}" = WinAutomation
"{6AC13432-7CC3-4afd-9896-F56597312D1F}" = Tiger Woods PGA TOUR® 12: The Masters
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E91306C-899F-45F3-B5E9-4B480A27A63D}" = Tiger Woods PGA TOUR 2004
"{7EB0954B-30A8-8414-092B-792BA3A82F20}" = ccc-utility
"{81AA0002-A4DB-4C18-A37E-0A37825F6C0E}" = ZoneAlarm DataLock
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8973F26D-3E74-481C-AF11-FDC7D0089E96}" = MOUSE Editor
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}" = Bluesoleil2.7.0.13 VoIP Release 071227
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35BEC3-AC61-F2F5-217A-70FA16DFD3C8}" = Catalyst Control Center Graphics Previews Common
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAB004F0-F04C-49DD-8118-AE4A7697C469}" = Quake 4™ Demo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"7-Zip" = 7-Zip 9.20
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2004
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Afterburner" = MSI Afterburner 2.1.0
"AI RoboForm" = RoboForm 7-6-4 (All Users)
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Any Video Converter_is1" = Any Video Converter 3.2.1
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"Call of Duty Game of the Year Edition" = Call of Duty Game of the Year Edition
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"Drakan - Order of the Flame" = Drakan - Order of the Flame
"DX-Ball 2" = DX-Ball 2
"Easy CD-DA Extractor 16" = Easy CD-DA Extractor 16
"ExpressZip" = Express Zip File Compression Software
"Fiddler2" = Fiddler2
"Free FLV Converter_is1" = Free FLV Converter V 6.98.0
"FREEzeFlipSA" = FREEzeFlip
"GameSpy Arcade" = GameSpy Arcade
"GoToAssist" = GoToAssist Corporate
"Halo Trial" = Microsoft Halo Trial
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4™
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{8973F26D-3E74-481C-AF11-FDC7D0089E96}" = Mouse Editor
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"InstallShield_{BAB004F0-F04C-49DD-8118-AE4A7697C469}" = Quake 4™ Demo
"Internet Download Manager" = Internet Download Manager
"JDs Auto Speed Tester" = JDs Auto Speed Tester
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mplayer.com" = Mplayer.com
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia Suite" = Nokia Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PC Tune-Up" = PC Tune-Up
"Pixillion" = Pixillion Image Converter
"Quake2UninstallKey" = Quake II
"RealPlayer 15.0" = RealPlayer
"Re-Volt" = Re-Volt
"Shockwave" = Shockwave
"Sniper Ghost Warrior_is1" = Sniper Ghost Warrior (1.0)
"Speccy" = Speccy
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SystemRequirementsLab" = System Requirements Lab
"WavePad" = WavePad Sound Editor
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinAutomation" = WinAutomation
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Xfire" = Xfire (remove only)
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.5
"Youtube to MP3 Converter_is1" = Youtube to MP3 Converter v. 1.2
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security
"ZoneAlarm_Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/06/2012 16:42:57 | Computer Name = SIMON | Source = Application Hang | ID = 1002
Description = Hanging application IKernel.exe, version 6.31.100.1221, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/06/2012 16:43:05 | Computer Name = SIMON | Source = Application Hang | ID = 1002
Description = Hanging application IKernel.exe, version 6.31.100.1221, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/06/2012 17:48:58 | Computer Name = SIMON | Source = Application Hang | ID = 1002
Description = Hanging application IKernel.exe, version 6.31.100.1221, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/06/2012 18:23:27 | Computer Name = SIMON | Source = Application Hang | ID = 1002
Description = Hanging application IKernel.exe, version 6.31.100.1221, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/06/2012 18:23:30 | Computer Name = SIMON | Source = Application Hang | ID = 1002
Description = Hanging application IKernel.exe, version 6.31.100.1221, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 24/06/2012 09:05:20 | Computer Name = SIMON | Source = Application Hang | ID = 1002
Description = Hanging application IKernel.exe, version 6.31.100.1221, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 24/06/2012 09:05:26 | Computer Name = SIMON | Source = Application Hang | ID = 1002
Description = Hanging application IKernel.exe, version 6.31.100.1221, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/06/2012 05:18:33 | Computer Name = SIMON | Source = Application Hang | ID = 1002
Description = Hanging application msiexec.exe, version 4.5.6001.22159, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 17/07/2012 09:39:46 | Computer Name = SIMON | Source = Application Hang | ID = 1002
Description = Hanging application IKernel.exe, version 6.31.100.1221, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 17/07/2012 09:39:53 | Computer Name = SIMON | Source = Application Hang | ID = 1002
Description = Hanging application IKernel.exe, version 6.31.100.1221, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 26/07/2012 02:07:03 | Computer Name = SIMON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 27/07/2012 01:28:13 | Computer Name = SIMON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 27/07/2012 10:15:04 | Computer Name = SIMON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 28/07/2012 01:11:32 | Computer Name = SIMON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 28/07/2012 04:59:59 | Computer Name = SIMON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 28/07/2012 09:29:53 | Computer Name = SIMON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 29/07/2012 01:38:59 | Computer Name = SIMON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 29/07/2012 05:57:07 | Computer Name = SIMON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 30/07/2012 01:10:43 | Computer Name = SIMON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 30/07/2012 10:53:48 | Computer Name = SIMON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >

[maliprog]

Step 1

We need to uninstall SuperAntiSpyware from your system. Please download

SUPERAntiSpyware Uninstaller Assistant

Run tool in order to uninstall SAS. Restart your system and tell me does it hang now.

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O33 - MountPoints2\{cf71d065-a939-11e0-9f0c-001966812017}\Shell - "" = AutoRun
  O33 - MountPoints2\{cf71d065-a939-11e0-9f0c-001966812017}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{cf71d065-a939-11e0-9f0c-001966812017}\Shell\AutoRun\command - "" = J:\autorun.exe
  O33 - MountPoints2\{cf71d065-a939-11e0-9f0c-001966812017}\Shell\install\command - "" = J:\Setup\Setup.exe
  [2011/12/18 21:46:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\NX.exe
  [2011/12/18 21:46:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\E2.exe
  [2011/12/18 21:37:02 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\nY.exe
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3


Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan


Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 4


Please don't forget to include these items in your reply:

• OTL fix log
• VRT log

It would be helpful if you could post each log in separate post using "Add Reply" button

[Sking0]

I uninstalled SAS and turned off all security etc and GMER froze as soon as i tried to run it. Haven't done any of the other steps as i didn't know if you wanted to know this 1st? .

[maliprog]

OK. Leave GMER for now. How is your system now after you remove SAS? Does explorer.exe starts now?

You can do other steps now and post both logs.

[Sking0]

Running Kaspersky. Done 10% says it has 8 hours left :-( (On my sons laptop atm). Will get back to you when it is done

[Sking0]

Right. Firstly i think i might have messed up. I did the VRT scan before i did the VRT fix!?
When the VRT finished it would not let me save the log. I tried three times but when i went in and tried to open it i just kept getting the 'Not responding' message.
When i clicked save the bar came up and just sat there, no loading/saving occured but there was still a file in my docs called VRT Log, it just would not respond.
I did manage to save the list of malware it found and will post it. I have to say i am thinking (in hindsight) that this problem may well have occured at around the
same time as i got that UO minimizer program which seems at the moment to be the culprit. Since i ran VRT the pc already seems to run better, faster start up and just
generally quicker on opening folders etc.
Anyway i will post the malware list (not that it's probably much use to you) and the OTL Fix. If i did do them in the wrong order i apologise.

[Sking0]

Status: Disinfected (events: 3)
24/07/2012 13:52:19 Disinfected Trojan program Backdoor.Win32.Delf.jtm C:\Documents and Settings\Simon King\My Documents\coduo_minimizer.zip/coduo_minimizer.exe//UPX High
24/07/2012 13:52:19 Disinfected Trojan program Backdoor.Win32.Delf.jtm C:\Documents and Settings\Simon King\My Documents\coduo_minimizer.zip/coduo_minimizer.exe High
24/07/2012 13:52:19 Disinfected Trojan program Backdoor.Win32.Delf.jtm C:\Documents and Settings\Simon King\My Documents\coduo_minimizer.zip High
Status: Deleted (events: 6)
24/07/2012 15:14:54 Deleted adware not-a-virus:AdWare.Win32.Shopper.eo C:\Program Files\FREEzeFlip\bin\2.0.3.0\FREEzeFlipUninstaller.exe//$PLUGINSDIR\Install.dll Medium
24/07/2012 15:14:54 Deleted adware not-a-virus:AdWare.Win32.Shopper.xv C:\Program Files\FREEzeFlip\bin\2.0.3.0\FREEzeFlipUninstaller.exe//data0003 Medium
24/07/2012 15:14:54 Deleted adware not-a-virus:AdWare.Win32.Shopper.xv C:\Program Files\FREEzeFlip\bin\2.0.3.0\FREEzeFlipUninstaller.exe Medium
24/07/2012 15:43:58 Deleted adware not-a-virus:AdWare.Win32.Shopper.eo C:\System Volume Information\_restore{F0D02E2F-34D8-4024-AD55-6DFBDD480639}\RP516\A0223046.exe//$PLUGINSDIR\Install.dll Medium
24/07/2012 15:43:58 Deleted adware not-a-virus:AdWare.Win32.Shopper.xv C:\System Volume Information\_restore{F0D02E2F-34D8-4024-AD55-6DFBDD480639}\RP516\A0223046.exe//data0003 Medium
24/07/2012 15:43:58 Deleted adware not-a-virus:AdWare.Win32.Shopper.xv C:\System Volume Information\_restore{F0D02E2F-34D8-4024-AD55-6DFBDD480639}\RP516\A0223046.exe Medium

[Sking0]

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf71d065-a939-11e0-9f0c-001966812017}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf71d065-a939-11e0-9f0c-001966812017}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf71d065-a939-11e0-9f0c-001966812017}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf71d065-a939-11e0-9f0c-001966812017}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf71d065-a939-11e0-9f0c-001966812017}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf71d065-a939-11e0-9f0c-001966812017}\ not found.
File J:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf71d065-a939-11e0-9f0c-001966812017}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf71d065-a939-11e0-9f0c-001966812017}\ not found.
File J:\Setup\Setup.exe not found.
C:\WINDOWS\system32\NX.exe moved successfully.
C:\WINDOWS\system32\E2.exe moved successfully.
C:\WINDOWS\system32\nY.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 11435743 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 2045744 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 1979760 bytes
->Temporary Internet Files folder emptied: 1803347 bytes

User: Simon King
->Temp folder emptied: 344816500 bytes
->Temporary Internet Files folder emptied: 50813260 bytes
->Java cache emptied: 339014 bytes
->FireFox cache emptied: 502580007 bytes
->Flash cache emptied: 1510 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1212648 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 916795812 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 461215949 bytes

Total Files Cleaned = 2,191.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07242012_183159

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[maliprog]

It's OK. I checked and you didn't do any damage

Time for testing. Test your system now and tell me how is it running now? Problems?

[Sking0]

Hi. I just got in and turned on the PC and it all went ok. I turned it off on on a few times last night and everything seems to be ok.
It is actually performing as good as new. The start up is almost like a fresh windows install and everything is just quicker and 'smoother'
(for want of a better word).
If i get a recurrence i will let you know but i think you have sorted it.
Thank you very much. I love GTG. Never had a problem that they can't fix, and all advice is sound. I appreciate you giving your time. :-)