Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan win32.generic!BT Removal Help


  • Please log in to reply

#1
JackDog75

JackDog75

    New Member

  • Member
  • Pip
  • 4 posts
Hi,

I ran an Ad-Aware scan the other night and it picked up that I had "trojan win32.generic!BT". I've done a bit googling and came across this site; I've followed the advice of Essexboy in this thread here

The logs requested are below, I'm grateful for any help you can give me.

OTL logfile created on: 11/21/2012 10:03:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Simon\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 58.28% Memory free
7.79 Gb Paging File | 5.94 Gb Available in Paging File | 76.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.01 Gb Total Space | 535.12 Gb Free Space | 78.81% Space Free | Partition Type: NTFS

Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/21 22:02:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Downloads\OTL.exe
PRC - [2012/10/24 15:13:26 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/10/24 15:13:22 | 001,367,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/10/24 15:13:18 | 001,100,320 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/05/03 17:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/05/03 17:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/04/03 21:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/19 12:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/09/06 18:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 18:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/04/22 16:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/22 03:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/01/24 21:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/01/24 21:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010/12/21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/19 18:17:34 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012/11/19 18:13:39 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/19 18:13:14 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/19 18:13:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/19 18:12:56 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/19 18:12:52 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/19 18:12:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/19 18:12:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/19 18:12:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/19 18:12:36 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/19 18:12:31 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/04/22 16:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2010/12/17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/16 18:34:32 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/06/16 18:24:18 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/06/16 18:21:32 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/11/29 21:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/11/18 02:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/07 19:00:00 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/08 18:04:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2012/05/03 17:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/04/03 21:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/12/19 12:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/04/22 16:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/22 03:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/01/24 21:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/01/24 21:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/01/24 21:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/12/21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/29 19:20:58 | 000,236,016 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/08/26 02:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/19 20:07:43 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/09/19 20:07:43 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/26 23:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/09 11:17:49 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/09 11:17:49 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2011/12/19 11:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/12/19 11:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2011/12/19 11:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/12/09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/29 05:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/11/15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/10/26 13:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/09/29 11:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/09/29 11:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/06/22 09:10:08 | 008,596,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/17 15:27:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/05/17 15:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/05/17 15:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/04/22 16:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/26 09:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/04 05:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/02/10 22:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 22:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/24 08:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/01/20 17:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/13 01:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/17 17:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/16 22:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/15 17:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/12/13 17:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/12 14:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2010/11/29 21:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 03:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 16:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/20 19:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/07/13 02:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/06/11 16:14:00 | 001,799,808 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:64bit: - [2010/03/19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 07:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/03/26 23:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/10/26 13:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-644736899-2993296726-1249337723-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del...c=uk&l=en&s=gen
IE - HKU\S-1-5-21-644736899-2993296726-1249337723-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-644736899-2993296726-1249337723-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-644736899-2993296726-1249337723-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Simon\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found


[2010/10/14 04:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-644736899-2993296726-1249337723-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-644736899-2993296726-1249337723-1002..\Run: [Facebook Update] C:\Users\Simon\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-644736899-2993296726-1249337723-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8F58F1-B897-489B-80D3-EABEAE6C4184}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{41cf766c-defe-11e1-b64c-4c80930c8ced}\Shell - "" = AutoRun
O33 - MountPoints2\{41cf766c-defe-11e1-b64c-4c80930c8ced}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{714f1f1e-ba31-11e1-b116-4c80930c8ced}\Shell - "" = AutoRun
O33 - MountPoints2\{714f1f1e-ba31-11e1-b116-4c80930c8ced}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a352a3f2-7ff8-11e1-b4e6-4c80930c8ced}\Shell - "" = AutoRun
O33 - MountPoints2\{a352a3f2-7ff8-11e1-b4e6-4c80930c8ced}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/21 20:24:49 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Facebook
[2012/11/21 18:20:00 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/11/20 20:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/11/20 20:09:36 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012/11/20 20:09:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/11/20 20:08:24 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Programs
[2012/11/18 21:51:57 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/18 21:51:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/18 21:45:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/18 21:45:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/18 21:45:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/18 21:45:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/18 21:45:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/18 21:45:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/18 21:45:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/18 21:45:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/18 21:45:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/18 21:45:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/18 21:45:28 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/18 21:45:28 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/18 21:45:26 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/18 21:45:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/18 21:45:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/18 21:42:58 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/18 21:42:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/18 21:42:57 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/18 21:42:57 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/15 18:38:18 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/15 18:38:18 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/15 18:38:18 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/15 18:28:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/15 18:28:08 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/15 18:28:08 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/15 18:28:07 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/15 18:28:07 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/15 18:28:07 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/15 18:27:47 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/15 18:27:47 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/11 21:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/05 21:01:42 | 000,000,000 | ---D | C] -- C:\FFOutput
[2012/11/05 21:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/11/05 21:01:25 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2012/11/05 21:01:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime
[2012/11/05 20:23:32 | 000,000,000 | ---D | C] -- C:\Users\Simon\Documents\Aunsoft
[2012/11/05 20:23:32 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Aunsoft
[2012/11/05 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aunsoft
[2012/11/04 22:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix
[2012/11/04 22:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVToolNix
[2012/10/24 18:17:36 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\mkvtoolnix

========== Files - Modified Within 30 Days ==========

[2012/11/21 22:03:26 | 000,000,507 | ---- | M] () -- C:\Users\Simon\Desktop\trojan win32.generic!BT returns after reboot [Solved] - Geeks to Go Forums.website
[2012/11/21 21:53:35 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/21 21:53:35 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/21 21:47:07 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-644736899-2993296726-1249337723-1002UA.job
[2012/11/21 21:47:07 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-644736899-2993296726-1249337723-1002Core.job
[2012/11/21 21:45:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/21 21:44:15 | 000,026,941 | ---- | M] () -- C:\Users\Simon\Desktop\bookmarks-2012-11-21.json
[2012/11/21 21:17:51 | 000,461,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/21 20:59:30 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/21 20:59:30 | 000,664,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/21 20:59:30 | 000,125,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/21 18:23:42 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/21 18:23:42 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/21 18:23:39 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/20 18:15:03 | 000,004,580 | ---- | M] () -- C:\Users\Simon\Documents\cc_20121120_181458.reg
[2012/11/13 20:20:27 | 000,000,232 | ---- | M] () -- C:\Users\Simon\Desktop\The Walking Dead - Season 3 [720p HDTV] - RapidRisers - LinkSharing Community.URL
[2012/11/11 22:01:24 | 000,000,241 | ---- | M] () -- C:\Users\Simon\Desktop\Local eBay Deals Mapper.URL
[2012/11/07 18:59:59 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/07 18:59:59 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/11/21 22:03:26 | 000,000,507 | ---- | C] () -- C:\Users\Simon\Desktop\trojan win32.generic!BT returns after reboot [Solved] - Geeks to Go Forums.website
[2012/11/21 21:44:15 | 000,026,941 | ---- | C] () -- C:\Users\Simon\Desktop\bookmarks-2012-11-21.json
[2012/11/21 21:17:31 | 000,461,464 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/20 20:09:42 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/11/20 18:15:01 | 000,004,580 | ---- | C] () -- C:\Users\Simon\Documents\cc_20121120_181458.reg
[2012/11/18 21:52:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/18 21:42:57 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/13 20:20:27 | 000,000,232 | ---- | C] () -- C:\Users\Simon\Desktop\The Walking Dead - Season 3 [720p HDTV] - RapidRisers - LinkSharing Community.URL
[2012/11/12 21:25:33 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-644736899-2993296726-1249337723-1002UA.job
[2012/11/12 21:25:33 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-644736899-2993296726-1249337723-1002Core.job
[2012/11/11 22:01:24 | 000,000,241 | ---- | C] () -- C:\Users\Simon\Desktop\Local eBay Deals Mapper.URL
[2012/03/27 18:18:22 | 000,000,000 | ---- | C] () -- C:\Users\Simon\AppData\Local\rx_image32.Cache
[2012/02/29 21:16:21 | 006,908,648 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/02/05 13:56:54 | 000,003,584 | ---- | C] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/29 21:21:47 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WSContextMenu.dll
[2012/01/25 19:34:03 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/01/25 19:34:03 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/01/25 19:34:02 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/01/25 19:34:02 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/01/25 19:34:02 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/01/22 20:20:45 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/01/22 15:44:24 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/22 15:44:24 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/18 19:48:21 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/01/18 19:48:21 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/18 19:48:21 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/01/09 11:07:04 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin
[2012/01/09 11:07:04 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin
[2012/01/09 11:07:04 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin
[2012/01/09 11:07:03 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin
[2012/01/09 11:07:03 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin
[2012/01/09 11:07:03 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin
[2012/01/09 11:07:03 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin
[2012/01/09 11:07:03 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin
[2012/01/09 11:07:03 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin
[2012/01/09 11:07:03 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin
[2012/01/09 11:07:03 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin
[2012/01/09 11:07:03 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin
[2012/01/09 11:07:03 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin
[2012/01/09 11:07:03 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin
[2012/01/09 11:07:03 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin
[2012/01/09 11:07:03 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin
[2012/01/09 11:07:03 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin
[2012/01/09 11:07:03 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin
[2012/01/09 11:07:03 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin
[2012/01/09 11:07:03 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin
[2012/01/09 11:07:03 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin
[2012/01/09 11:07:03 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin
[2012/01/09 11:07:03 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin
[2012/01/09 11:07:03 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin
[2012/01/09 11:07:02 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin
[2012/01/09 11:07:02 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin
[2012/01/09 11:07:02 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin
[2012/01/09 11:07:02 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin
[2012/01/09 11:07:02 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin
[2012/01/09 11:07:02 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin
[2012/01/09 11:05:57 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012/01/09 11:05:13 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/01/09 11:05:11 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/01/09 11:05:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/02/10 16:10:51 | 000,788,116 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2012/01/09 11:17:51 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/01/09 11:17:51 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/01/09 11:17:51 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/01/09 11:17:51 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 03:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/01/09 11:17:51 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/01/09 11:17:51 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 03:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2012/10/24 15:13:56 | 003,899,928 | ---- | M] (Safer-Networking Ltd.) MD5=BDE07AF546A54F26C6669C3762C22113 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 03:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 03:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 03:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = \Device\Tcpip_{C7AE890C-4EAB-4F30- [Binary data over 200 bytes]
"Route" = "Tcpip" "{C7AE890C-4EAB-4F30-B907- [Binary data over 200 bytes]
"Export" = \Device\NetBT_Tcpip_{C7AE890C-4EAB [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{1011FA27-FC97-4C54-B409-1761C41049FD}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{6D7BEA31-9179-4AA5-88A4-6EAFA1090E32}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{771D412A-FE44-4DA6-9914-9821ADB22F17}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C7AE890C-4EAB-4F30-B907-09086D2C1ED5}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{EA8F58F1-B897-489B-80D3-EABEAE6C4184}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = 01 00 04 80 B4 00 00 00 C0 00 00 00 00 00 00 00 14 00 00 00 02 00 A0 00 07 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 25 02 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 13 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 14 00 00 00 00 00 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 0A 01 07 01 05 01 03 01 00 01 08 01 01 01 0B 01 09 01 06 01 04 01 02 [binary data]
"Bind" = \Device\NetBT_Tcpip_{C7AE890C-4EAB [Binary data over 200 bytes]
"Route" = "NetBT" "Tcpip" "{C7AE890C-4EAB-4F [Binary data over 200 bytes]
"Export" = \Device\NetBIOS_NetBT_Tcpip_{C7AE8 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 11
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< >

< End of report >

Edited by JackDog75, 22 November 2012 - 12:12 PM.

  • 0

Advertisements


#2
JackDog75

JackDog75

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Second report here:

OTL Extras logfile created on: 11/21/2012 10:03:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Simon\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 58.28% Memory free
7.79 Gb Paging File | 5.94 Gb Available in Paging File | 76.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.01 Gb Total Space | 535.12 Gb Free Space | 78.81% Space Free | Partition Type: NTFS

Computer Name: -PC | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{044E07AB-9240-4B41-BAA1-1BF8828FA5C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{077D4C9E-72E4-43A8-8467-1E9D961B72D2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1B1FC034-0699-42B0-BA2B-9AF8C0F491B4}" = rport=445 | protocol=6 | dir=out | app=system |
"{2D3B6646-18C0-4F66-B276-1DCC06B0BDA7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F3D0420-A870-4940-B205-DF2D55F3C043}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{2FC35FFF-6F4C-4079-A110-BBE82A9069B1}" = rport=139 | protocol=6 | dir=out | app=system |
"{303DDFDD-D153-4098-B1FD-911873011F77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4FBF318C-D13B-43D3-8C2B-050C27CE0C51}" = lport=10243 | protocol=6 | dir=in | app=system |
"{632F7E19-9120-4351-B841-977DEDC15FEE}" = rport=138 | protocol=17 | dir=out | app=system |
"{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{78400E8C-2CC7-4D32-B53A-CBA15C3574CF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8C188282-0EBC-4C60-BFAB-69947749207C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E2F5220-9BE6-495B-ABCA-6E8EEFCD5615}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9A371DFF-09A4-4D29-9592-8939F83CCBEE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A592C48D-C850-44FC-9591-1F67482AEB2F}" = lport=138 | protocol=17 | dir=in | app=system |
"{A6767020-DDC1-4505-9761-4BFB0568D88A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC5790CC-2FB0-4DEE-A527-BA611A2F2B33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B218AD50-4A1B-4A2D-BA99-93F04396ADD1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B5553AF7-3569-4F79-85B0-6B7ADE691EE7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDDB07E3-D9B4-44F0-80A1-8B0D895D83DC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CF315346-2D5A-47B6-BB36-AA15894C46F1}" = lport=137 | protocol=17 | dir=in | app=system |
"{F2CCCA12-A9E0-4950-B50B-66D55B3878D3}" = lport=139 | protocol=6 | dir=in | app=system |
"{FA2BC205-B7D7-4733-A90A-847B19B21CB9}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AC0BD1F-3E74-44FF-8F58-40EFAFA14731}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{12DC3CDA-6CB8-4FAC-B725-49BD3E75AE1C}" = protocol=1 | dir=out | [email protected],-28544 |
"{1D2040F1-3D72-4130-8EEA-E4CD7A357465}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1D802CAD-D84C-4D65-9100-C17BF60EE9E8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{20E0ACDD-A6F8-4F0C-A9F2-525B24BC233F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{26749C9E-8C96-4A9C-BCC1-D661F42D96F5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2FDCC322-F3CC-488B-9D13-17E430FFC11E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{35D6D0E9-3475-4D5B-90C1-29FF35613CF4}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{386DB2BC-6D69-4777-912A-B016B1A64B46}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{39B51D9C-EBF7-44D0-A48D-39847A6445B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40F60865-AF0B-4265-BB59-B766ECC9D739}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{45A983B9-C610-48F5-98BB-CA5AD6742528}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5220425E-495D-4AC6-8A20-D0397AC3A8C5}" = protocol=1 | dir=in | [email protected],-28543 |
"{528FA85A-01E8-4E05-BFB1-F4F5CBD7D328}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53ACA02A-C62F-4105-AC9D-D0D277355D17}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{624FAFA3-D9BC-470D-A4EE-D048FF9D7E26}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69BDD774-1911-425C-9422-463939CB6190}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6BB9A480-018F-4BF0-89C1-29E71E7E06EA}" = protocol=58 | dir=in | [email protected],-28545 |
"{99779564-AAF1-4838-BD97-6C00927DDE51}" = dir=in | app=c:\users\simon\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9A0E74F3-146E-4CDC-9105-781ACDDC8594}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{9A3BE1B5-FDE4-4AF3-8BA2-0B2212880574}" = protocol=58 | dir=out | [email protected],-28546 |
"{A07F1646-2BA2-48E6-9739-32FC8DF883FB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B45BAEB8-603E-4D35-B38E-B274607B7E6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9FFC8F0-B239-4E81-85E1-06115ECD7A34}" = protocol=6 | dir=out | app=system |
"{CCD63741-48E3-4951-AFC9-72CFD676BE8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0C10E50-40D6-4617-A6BA-0F8831A2CC55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7275A61-3D8C-4F5A-8983-9B24FCFD1E30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB37EE0A-E35C-40A3-8716-EEEB3C1A959F}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{DD22A6FD-3E87-47E5-9786-01833DD92342}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{DD71B94D-2342-4327-A726-F1DC7BBF903F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DEE006AA-64E6-42E6-B104-5E45BC35C589}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E77A0FBC-9A10-401C-842E-483B3668D49A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EDDAA9E2-49C6-4908-91F1-C1613DD847CA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F798BB6E-08B2-4A1A-9BC7-D2F070907F57}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF98C1C5-1CE5-4D37-9DC8-2D8381C5CE4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0F22C1B1-EAB2-4F7A-A41D-37FB4E88683A}C:\users\simon\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C419013B-DBE3-4CB1-B500-A88779997F31}C:\users\simon\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\simon\appdata\roaming\spotify\spotify.exe |
"UDP Query User{59CB437B-6E5D-42B4-96DD-0911F6F300DB}C:\users\simon\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\spotify\spotify.exe |
"UDP Query User{7C2A018D-7100-4794-8C6D-1CE88423B445}C:\users\simon\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\simon\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{451A5ECC-C9A5-4944-B28D-23656C9E03D0}" = Intel® PROSet/Wireless WiFi Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.30
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"PC-Doctor for Windows" = Dell Support Center
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel® WiDi
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1" = Free FLAC to MP3 Converter 1.0
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AEAB754A-426C-4738-89C1-52FCB389FCDF}" = calibre
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AnyDVD" = AnyDVD
"Ashampoo WinOptimizer 8_is1" = Ashampoo WinOptimizer 8 v.8.13
"AVerMedia H339 Hybrid TV Tuner" = AVerMedia H339 Hybrid TV Tuner 2.2.64.64
"BTHomeHub" = BTHomeHub
"CDisplayEx_is1" = CDisplayEx 1.8
"Dell Webcam Central" = Dell Webcam Central
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"FormatFactory" = FormatFactory 3.00
"GoToAssist" = GoToAssist Corporate
"HandBrake" = HandBrake 0.9.6
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Full)
"MakeMKV" = MakeMKV v1.7.8
"MediaMonkey_is1" = MediaMonkey 4.0
"MKVToolNix" = MKVToolNix 5.8.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"Update Engine" = Sony Ericsson Update Engine

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-644736899-2993296726-1249337723-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2012 4:13:36 PM | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/15/2012 1:47:21 PM | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/16/2012 2:34:02 PM | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/18/2012 1:04:11 PM | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/20/2012 10:24:21 AM | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/21/2012 4:51:29 PM | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/22/2012 1:54:22 PM | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/23/2012 1:39:12 PM | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/24/2012 1:13:19 PM | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/25/2012 6:27:30 PM | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 8/8/2012 10:54:43 AM | Computer Name = Simon-PC | Source = MCUpdate | ID = 0
Description = 15:54:43 - Error connecting to the internet. 15:54:43 - Unable
to contact server..

Error - 8/8/2012 10:55:05 AM | Computer Name = Simon-PC | Source = MCUpdate | ID = 0
Description = 15:54:49 - Error connecting to the internet. 15:54:49 - Unable
to contact server..

Error - 8/8/2012 11:57:54 AM | Computer Name = Simon-PC | Source = MCUpdate | ID = 0
Description = 16:57:54 - Error connecting to the internet. 16:57:54 - Unable
to contact server..

Error - 8/8/2012 11:58:03 AM | Computer Name = Simon-PC | Source = MCUpdate | ID = 0
Description = 16:57:59 - Error connecting to the internet. 16:57:59 - Unable
to contact server..

Error - 8/9/2012 11:41:53 AM | Computer Name = Simon-PC | Source = MCUpdate | ID = 0
Description = 16:41:53 - Error connecting to the internet. 16:41:53 - Unable
to contact server..

Error - 8/9/2012 11:42:07 AM | Computer Name = Simon-PC | Source = MCUpdate | ID = 0
Description = 16:41:59 - Error connecting to the internet. 16:41:59 - Unable
to contact server..

Error - 8/9/2012 12:42:13 PM | Computer Name = Simon-PC | Source = MCUpdate | ID = 0
Description = 17:42:13 - Error connecting to the internet. 17:42:13 - Unable
to contact server..

Error - 8/9/2012 12:42:20 PM | Computer Name = Simon-PC | Source = MCUpdate | ID = 0
Description = 17:42:18 - Error connecting to the internet. 17:42:18 - Unable
to contact server..

Error - 8/24/2012 3:18:06 PM | Computer Name = Simon-PC | Source = MCUpdate | ID = 0
Description = 20:18:05 - Error connecting to the internet. 20:18:06 - Unable
to contact server..

Error - 8/24/2012 3:18:17 PM | Computer Name = Simon-PC | Source = MCUpdate | ID = 0
Description = 20:18:11 - Error connecting to the internet. 20:18:11 - Unable
to contact server..

[ System Events ]
Error - 8/2/2012 1:15:03 PM | Computer Name = Simon-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1153.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 8/3/2012 3:18:20 AM | Computer Name = Simon-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1153.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 8/7/2012 2:27:12 AM | Computer Name = Simon-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1448.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 8/7/2012 6:36:56 AM | Computer Name = Simon-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1448.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 8/7/2012 11:27:58 AM | Computer Name = Simon-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1448.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 8/7/2012 2:10:54 PM | Computer Name = Simon-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1448.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 8/8/2012 2:14:34 AM | Computer Name = Simon-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1448.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 8/8/2012 11:01:38 AM | Computer Name = Simon-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1448.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 8/8/2012 1:11:58 PM | Computer Name = Simon-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1448.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 8/9/2012 2:19:05 AM | Computer Name = Simon-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.131.1448.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >

Edited by JackDog75, 22 November 2012 - 12:10 PM.

  • 0

#3
JackDog75

JackDog75

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
And final aswMBR report here:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-21 22:18:29
-----------------------------
22:18:29.001 OS Version: Windows x64 6.1.7601 Service Pack 1
22:18:29.001 Number of processors: 8 586 0x2A07
22:18:29.003 ComputerName:
22:18:31.706 Initialize success
22:28:59.233 AVAST engine defs: 12112100
22:46:09.461 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:46:09.465 Disk 0 Vendor: Hitachi_ JF4O Size: 715404MB BusType: 3
22:46:09.504 Disk 0 MBR read successfully
22:46:09.510 Disk 0 MBR scan
22:46:09.561 Disk 0 Windows VISTA default MBR code
22:46:09.567 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
22:46:09.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 208896
22:46:09.646 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 695301 MB offset 41168896
22:46:09.724 Disk 0 scanning C:\Windows\system32\drivers
22:46:26.398 Service scanning
22:47:05.851 Modules scanning
22:47:05.868 Disk 0 trace - called modules:
22:47:05.905 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
22:47:06.251 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800495c790]
22:47:06.255 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004874b50]
22:47:06.258 5 stdcfltn.sys[fffff88001b2bc52] -> nt!IofCallDriver -> [0xfffffa80046e7a40]
22:47:06.262 7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800472c050]
22:47:08.841 AVAST engine scan C:\Windows
22:47:15.607 AVAST engine scan C:\Windows\system32
22:55:11.428 AVAST engine scan C:\Windows\system32\drivers
22:55:30.459 AVAST engine scan C:\Users\Simon
23:02:59.683 AVAST engine scan C:\ProgramData
23:05:24.426 Scan finished successfully
23:06:52.422 Disk 0 MBR has been saved successfully to "C:\Users\Simon\Desktop\MBR.dat"
23:06:52.427 The log file has been saved successfully to "C:\Users\Simon\Desktop\aswMBR.txt"
  • 0

#4
JackDog75

JackDog75

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Anyone?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP