Ok, I uninstalled Spybot & SuperAntiSpyware and rebooted. On reboot prior to my user desktop appearing, a new hardware wizard box appeared asking me where I wanted to search for install software, I had to select from local (recommended) or disc so I picked local then a box appeared to select cancel so I did. My pc then loaded my user desktop as normal... OTL logfile created on: 20/12/2012 7:58:07 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = H:\Documents and Settings\Gemma\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.25 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 73.18% Memory free 5.09 Gb Paging File | 4.26 Gb Available in Paging File | 83.76% Paging File free Paging file location(s): H:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files Drive H: | 465.75 Gb Total Space | 360.21 Gb Free Space | 77.34% Space Free | Partition Type: NTFS Drive M: | 931.51 Gb Total Space | 19.98 Gb Free Space | 2.14% Space Free | Partition Type: NTFS Computer Name: TONKA | User Name: Gemma | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/20 07:56:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Gemma\Desktop\OTL.exe PRC - [2012/12/11 19:01:49 | 001,343,032 | ---- | M] (Bitdefender) -- H:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe PRC - [2012/12/11 19:00:41 | 000,055,544 | ---- | M] (Bitdefender) -- H:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe PRC - [2012/12/11 19:00:31 | 001,613,368 | ---- | M] (Bitdefender) -- H:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe PRC - [2012/12/05 12:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe PRC - [2012/12/04 02:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/11/30 13:06:58 | 001,263,512 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2012/11/13 11:21:55 | 000,309,424 | ---- | M] (Bitdefender) -- H:\Program Files\Bitdefender\Bitdefender 2013\downloader.exe PRC - [2012/11/13 11:21:50 | 000,082,824 | ---- | M] (Bitdefender) -- H:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- H:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- H:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE PRC - [2011/09/16 12:08:18 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- H:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe PRC - [2009/07/23 18:23:56 | 000,178,720 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe PRC - [2009/07/23 18:23:54 | 000,387,616 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe PRC - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) -- H:\WINDOWS\system32\HPZipm12.exe PRC - [2005/05/12 01:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- H:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe ========== Modules (No Company Name) ========== MOD - [2012/12/19 06:52:47 | 000,521,728 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\otengines_00005_004\ashttpdsp.mdl MOD - [2012/12/19 06:52:46 | 001,959,936 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\otengines_00005_004\ashttpph.mdl MOD - [2012/12/19 06:52:45 | 000,967,680 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\otengines_00005_004\ashttprbl.mdl MOD - [2012/12/19 06:52:44 | 000,644,096 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\otengines_00005_004\ashttpbr.mdl MOD - [2012/12/11 19:01:50 | 000,003,072 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\ui\accessl.ui MOD - [2012/12/11 19:01:39 | 000,099,304 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\imsecurityal.dll MOD - [2012/12/11 19:01:37 | 000,004,608 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\ui\imsecurityal.ui MOD - [2012/12/11 19:00:28 | 000,092,600 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll MOD - [2012/12/11 18:58:18 | 000,203,840 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll MOD - [2012/12/05 12:15:15 | 000,460,904 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll MOD - [2012/12/05 12:15:14 | 004,008,040 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll MOD - [2012/12/05 12:14:29 | 000,587,880 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\libglesv2.dll MOD - [2012/12/05 12:14:28 | 000,124,520 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\libegl.dll MOD - [2012/12/05 12:14:21 | 000,157,304 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avutil-51.dll MOD - [2012/12/05 12:14:20 | 000,275,576 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avformat-54.dll MOD - [2012/12/05 12:14:19 | 002,168,952 | ---- | M] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll MOD - [2012/12/04 02:40:50 | 000,357,224 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\nView\nvShell.dll MOD - [2012/11/30 13:07:48 | 000,100,248 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2012/11/30 13:06:58 | 001,263,512 | ---- | M] () -- H:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2012/11/18 11:55:37 | 000,627,200 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\43b92a8dac90d1d6426274274abb69a6\System.Transactions.ni.dll MOD - [2012/11/18 11:55:23 | 000,627,712 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\18a9c594469dc027497b448fb945aaca\System.EnterpriseServices.ni.dll MOD - [2012/11/18 11:54:22 | 000,971,264 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll MOD - [2012/11/18 11:51:16 | 005,450,752 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll MOD - [2012/11/18 11:51:11 | 012,433,920 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll MOD - [2012/11/18 11:50:59 | 001,592,320 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll MOD - [2012/11/18 11:50:47 | 006,616,576 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll MOD - [2012/11/18 11:49:58 | 007,977,472 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll MOD - [2012/11/18 11:49:52 | 011,492,352 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll MOD - [2012/11/18 11:49:01 | 002,933,248 | ---- | M] () -- H:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012/11/18 11:48:47 | 000,303,104 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012/11/18 11:48:45 | 000,261,632 | ---- | M] () -- H:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2012/11/18 11:28:19 | 003,391,488 | ---- | M] () -- h:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_63d9324c\mscorlib.dll MOD - [2012/11/18 11:28:17 | 000,843,776 | ---- | M] () -- h:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_66a01e83\system.drawing.dll MOD - [2012/11/18 11:28:13 | 002,088,960 | ---- | M] () -- h:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b5ca47f3\system.xml.dll MOD - [2012/11/18 11:28:10 | 003,035,136 | ---- | M] () -- h:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_02546ef7\system.windows.forms.dll MOD - [2012/11/18 11:28:03 | 001,966,080 | ---- | M] () -- h:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f0478446\system.dll MOD - [2012/11/18 11:27:57 | 002,064,384 | ---- | M] () -- h:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2012/11/18 11:27:55 | 001,232,896 | ---- | M] () -- h:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012/11/13 11:21:48 | 000,918,696 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender Safebox\system.data.sqlite.dll MOD - [2012/11/13 11:20:59 | 000,394,408 | ---- | M] () -- \\?\H:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll MOD - [2012/06/16 08:58:14 | 000,471,040 | ---- | M] () -- h:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2012/03/11 15:55:40 | 000,088,656 | ---- | M] () -- H:\WINDOWS\system32\cpwmon2k.dll MOD - [2011/11/14 21:17:06 | 000,132,176 | ---- | M] () -- H:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll MOD - [2011/10/03 19:26:03 | 001,339,392 | ---- | M] () -- h:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2011/09/25 13:55:15 | 000,774,144 | ---- | M] () -- h:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll MOD - [2011/09/18 17:10:18 | 000,065,536 | ---- | M] () -- h:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll MOD - [2011/09/18 17:10:13 | 000,380,928 | ---- | M] () -- h:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll MOD - [2011/09/18 17:10:02 | 001,032,192 | ---- | M] () -- h:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll MOD - [2011/09/18 17:10:02 | 000,004,096 | ---- | M] () -- h:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll MOD - [2011/09/18 17:10:01 | 000,163,840 | ---- | M] () -- h:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll MOD - [2011/09/18 17:10:00 | 000,053,248 | ---- | M] () -- h:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll MOD - [2011/09/18 17:09:59 | 000,512,000 | ---- | M] () -- h:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll MOD - [2011/09/18 17:09:59 | 000,015,360 | ---- | M] () -- h:\windows\assembly\gac\interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll MOD - [2011/09/18 17:09:59 | 000,010,752 | ---- | M] () -- h:\windows\assembly\gac\interop.hpqimgr\3.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll MOD - [2011/09/18 17:09:58 | 000,364,544 | ---- | M] () -- h:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll MOD - [2011/09/18 17:09:58 | 000,188,416 | ---- | M] () -- h:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll MOD - [2011/09/18 17:09:58 | 000,069,632 | ---- | M] () -- h:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll MOD - [2011/09/18 17:09:58 | 000,057,344 | ---- | M] () -- h:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll MOD - [2011/09/18 17:09:58 | 000,045,056 | ---- | M] () -- h:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll MOD - [2011/09/18 17:09:58 | 000,036,864 | ---- | M] () -- h:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll MOD - [2011/09/18 17:09:58 | 000,020,480 | ---- | M] () -- h:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll MOD - [2011/09/18 17:09:57 | 000,589,824 | ---- | M] () -- h:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll MOD - [2011/09/18 17:09:57 | 000,024,576 | ---- | M] () -- h:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll MOD - [2011/09/18 17:08:16 | 000,065,536 | ---- | M] () -- h:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll MOD - [2011/09/18 17:08:16 | 000,057,344 | ---- | M] () -- h:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll MOD - [2011/09/18 17:08:15 | 000,430,080 | ---- | M] () -- h:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll MOD - [2011/09/18 17:08:15 | 000,090,112 | ---- | M] () -- h:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll MOD - [2011/09/18 17:08:15 | 000,086,016 | ---- | M] () -- h:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll MOD - [2011/09/18 17:08:15 | 000,077,824 | ---- | M] () -- h:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll MOD - [2011/09/18 17:08:15 | 000,069,632 | ---- | M] () -- h:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll MOD - [2011/09/18 17:08:15 | 000,040,960 | ---- | M] () -- h:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll MOD - [2011/09/18 17:08:14 | 000,225,280 | ---- | M] () -- h:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll MOD - [2011/09/18 17:08:14 | 000,069,632 | ---- | M] () -- h:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll MOD - [2011/09/18 17:08:14 | 000,036,864 | ---- | M] () -- h:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll MOD - [2011/09/18 17:06:04 | 000,007,680 | ---- | M] () -- h:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/07/23 18:23:56 | 000,178,720 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe MOD - [2009/07/23 18:23:54 | 000,387,616 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe MOD - [2009/07/23 18:23:48 | 000,436,768 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll MOD - [2009/07/23 18:23:08 | 000,068,128 | ---- | M] () -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012/12/16 17:53:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/11 19:01:49 | 001,343,032 | ---- | M] (Bitdefender) [Auto | Running] -- H:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV) SRV - [2012/12/11 19:00:41 | 000,055,544 | ---- | M] (Bitdefender) [Auto | Running] -- H:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV) SRV - [2012/12/11 18:58:00 | 000,061,736 | ---- | M] (Bitdefender) [Disabled | Stopped] -- H:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental) SRV - [2012/12/04 02:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/11/13 11:21:50 | 000,082,824 | ---- | M] (Bitdefender) [Auto | Running] -- H:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- H:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- H:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- H:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2009/07/23 18:23:56 | 000,178,720 | ---- | M] () [Auto | Running] -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2009/07/23 18:23:54 | 000,387,616 | ---- | M] () [Auto | Running] -- H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) SRV - [2007/08/09 18:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- H:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\DOCUME~1\Gemma\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vbtenum.sys -- (BTHidEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio) DRV - [2012/12/19 19:37:43 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon) DRV - [2012/12/11 19:00:56 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avchv.sys -- (avchv) DRV - [2012/11/13 11:21:14 | 000,343,456 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\trufos.sys -- (trufos) DRV - [2012/10/26 19:30:02 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\avc3.sys -- (avc3) DRV - [2012/10/26 19:28:52 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- H:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr) DRV - [2012/10/26 19:28:24 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avckf.sys -- (avckf) DRV - [2012/10/26 19:28:21 | 000,066,392 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\bdsandbox.sys -- (BDSandBox) DRV - [2012/10/01 15:24:16 | 000,161,312 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt) DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- H:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/07/06 16:13:08 | 000,116,248 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- H:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys -- (Bdfndisf) DRV - [2012/04/17 15:40:22 | 000,072,704 | ---- | M] (BitDefender) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\bdvedisk.sys -- (BDVEDISK) DRV - [2011/11/14 21:16:26 | 000,130,640 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- H:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif) DRV - [2009/07/01 12:53:34 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2009/07/01 12:53:30 | 000,066,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2009/02/11 13:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:windows update [binary data] IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238 IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local IE - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 200.76.23.165:80 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: H:\Program Files\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: H:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: H:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll (Commonwealth Government of Australia) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: H:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/16 19:33:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: H:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012/09/06 11:56:29 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = H:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = H:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: ABR_AUSkey Mozilla Plugin (Enabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\ABR\Plug-In\bin\npAUSkeyPlugin.dll CHR - plugin: Google Update (Enabled) = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: CSI Mozilla Plugin (Enabled) = H:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = H:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = H:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: iTunes Application Detector (Enabled) = H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Disabled) = H:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = H:\Documents and Settings\Gemma\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012/12/19 06:18:11 | 000,444,027 | R--- | M]) - H:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15277 more lines... O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - H:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found. O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found. O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - H:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] H:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [bdagent] H:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender) O4 - HKLM..\Run: [DivXMediaServer] H:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] H:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] H:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] H:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004..\Run: [FileHippo.com] H:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004..\Run: [HP Photosmart 6510 series (NET)] H:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1645522239-1993962763-839522115-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353196746656 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348748221718 (MUWebControl Class) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D9776FA-00BD-402A-9319-AAA9F5A244A1}: DhcpNameServer = 10.1.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/12/20 07:56:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\Gemma\Desktop\OTL.exe [2012/12/19 21:57:02 | 000,000,000 | ---D | C] -- H:\Program Files\AGEIA Technologies [2012/12/19 18:11:19 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Gemma\Desktop\mbar [2012/12/18 23:44:40 | 000,000,000 | RH-D | C] -- H:\Documents and Settings\Gemma\Recent [2012/12/18 22:31:59 | 000,000,000 | -HSD | C] -- H:\RECYCLER [2012/12/18 22:02:45 | 000,518,144 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWREG.exe [2012/12/18 22:02:45 | 000,406,528 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWSC.exe [2012/12/18 22:02:45 | 000,212,480 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWXCACLS.exe [2012/12/18 22:02:45 | 000,060,416 | ---- | C] (NirSoft) -- H:\WINDOWS\NIRCMD.exe [2012/12/18 22:02:35 | 000,000,000 | ---D | C] -- H:\Qoobox [2012/12/18 21:54:15 | 005,012,571 | R--- | C] (Swearware) -- H:\Documents and Settings\Gemma\Desktop\ComboFix.exe [2012/12/18 21:47:17 | 000,000,000 | ---D | C] -- M:\Gemma's Stuff\ProcAlyzer Dumps [2012/12/18 08:11:05 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2012/12/18 08:10:32 | 000,000,000 | ---D | C] -- H:\Program Files\iPod [2012/12/18 08:10:26 | 000,000,000 | ---D | C] -- H:\Program Files\iTunes [2012/12/18 08:10:26 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/12/17 19:31:00 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Gemma\Desktop\RK_Quarantine [2012/12/17 10:28:21 | 000,688,992 | R--- | C] (Swearware) -- H:\Documents and Settings\Gemma\Desktop\dds.com [2012/12/16 19:37:27 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Gemma\Application Data\DDMSettings [2012/12/16 19:25:35 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\CCleaner [2012/12/01 18:57:25 | 000,000,000 | ---D | C] -- H:\Other Videos [2012/11/25 14:17:54 | 000,000,000 | ---D | C] -- H:\Program Files\Spybot - Search & Destroy 2 [2012/11/25 14:10:49 | 000,000,000 | ---D | C] -- H:\Program Files\CCleaner ========== Files - Modified Within 30 Days ========== [2012/12/20 08:01:00 | 000,000,332 | ---- | M] () -- H:\WINDOWS\tasks\HP Photo Creations Messager.job [2012/12/20 07:56:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Gemma\Desktop\OTL.exe [2012/12/20 07:56:37 | 000,484,544 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat [2012/12/20 07:56:37 | 000,080,814 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat [2012/12/20 07:53:15 | 000,000,830 | ---- | M] () -- H:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/12/20 07:52:07 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat [2012/12/19 21:55:28 | 001,070,792 | ---- | M] () -- H:\WINDOWS\System32\nvdrsdb1.bin [2012/12/19 21:55:28 | 000,000,001 | ---- | M] () -- H:\WINDOWS\System32\nvdrssel.bin [2012/12/19 21:55:24 | 001,070,792 | ---- | M] () -- H:\WINDOWS\System32\nvdrsdb0.bin [2012/12/19 21:27:52 | 000,013,646 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl [2012/12/19 21:27:00 | 000,000,978 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1004UA.job [2012/12/19 21:26:00 | 000,000,994 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1005UA.job [2012/12/19 20:40:00 | 000,000,460 | ---- | M] () -- H:\WINDOWS\tasks\At2.job [2012/12/19 19:37:43 | 000,035,144 | ---- | M] () -- H:\WINDOWS\System32\drivers\mbamchameleon.sys [2012/12/19 18:10:55 | 013,485,902 | ---- | M] () -- H:\Documents and Settings\Gemma\Desktop\mbar-1.01.0.1011.zip [2012/12/19 06:18:11 | 000,444,027 | R--- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts [2012/12/19 06:15:44 | 000,444,027 | R--- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts.20121219-061811.backup [2012/12/18 22:43:00 | 000,000,460 | ---- | M] () -- H:\WINDOWS\tasks\At3.job [2012/12/18 22:14:59 | 000,000,027 | ---- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts.20121219-061544.backup [2012/12/18 21:55:06 | 005,012,571 | R--- | M] (Swearware) -- H:\Documents and Settings\Gemma\Desktop\ComboFix.exe [2012/12/18 21:47:12 | 000,000,360 | RHS- | M] () -- H:\boot.ini [2012/12/18 08:11:05 | 000,001,542 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\iTunes.lnk [2012/12/17 19:20:43 | 000,148,400 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT [2012/12/17 10:28:23 | 000,688,992 | R--- | M] (Swearware) -- H:\Documents and Settings\Gemma\Desktop\dds.com [2012/12/16 19:33:29 | 000,001,371 | ---- | M] () -- H:\Documents and Settings\Gemma\Desktop\DivX Movies.lnk [2012/12/16 19:33:17 | 000,000,777 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk [2012/12/16 19:33:05 | 000,000,817 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk [2012/12/16 19:29:52 | 000,002,262 | ---- | M] () -- H:\Documents and Settings\Gemma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/12/16 19:29:51 | 000,002,284 | ---- | M] () -- H:\Documents and Settings\Gemma\Desktop\Google Chrome.lnk [2012/12/16 19:25:57 | 000,001,632 | ---- | M] () -- H:\Documents and Settings\Gemma\Desktop\Update Checker.lnk [2012/12/16 19:25:35 | 000,000,682 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2012/12/16 19:00:00 | 000,000,256 | ---- | M] () -- H:\WINDOWS\tasks\Malwarebytes' Anti-Malware.job [2012/12/11 19:00:56 | 000,242,504 | ---- | M] (BitDefender) -- H:\WINDOWS\System32\drivers\avchv.sys [2012/12/04 02:40:50 | 002,283,884 | ---- | M] () -- H:\WINDOWS\System32\nvdata.data [2012/12/04 02:40:50 | 000,012,951 | ---- | M] () -- H:\WINDOWS\System32\nvinfo.pb [2012/12/03 22:24:42 | 000,000,664 | ---- | M] () -- H:\WINDOWS\System32\d3d9caps.dat [2012/12/01 19:00:10 | 000,000,260 | ---- | M] () -- H:\WINDOWS\tasks\Disk Cleanup.job [2012/11/26 16:27:01 | 000,000,926 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1004Core.job [2012/11/26 14:26:00 | 000,000,942 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1993962763-839522115-1005Core.job [2012/11/26 14:00:00 | 000,000,460 | ---- | M] () -- H:\WINDOWS\tasks\At4.job [2012/11/25 22:14:21 | 000,000,164 | ---- | M] () -- M:\Gemma's Stuff\cc_20121125_221416.reg [2012/11/25 22:14:00 | 000,000,830 | ---- | M] () -- M:\Gemma's Stuff\cc_20121125_221338.reg [2012/11/25 22:13:21 | 000,213,628 | ---- | M] () -- M:\Gemma's Stuff\cc_20121125_220713.reg [2012/11/25 16:35:44 | 000,444,088 | R--- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts.20121126-153422.backup [2012/11/25 16:35:18 | 000,444,088 | R--- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts.20121125-163544.backup ========== Files Created - No Company Name ========== [2012/12/19 19:37:43 | 000,035,144 | ---- | C] () -- H:\WINDOWS\System32\drivers\mbamchameleon.sys [2012/12/19 07:36:31 | 013,485,902 | ---- | C] () -- H:\Documents and Settings\Gemma\Desktop\mbar-1.01.0.1011.zip [2012/12/18 22:02:45 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe [2012/12/18 22:02:45 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe [2012/12/18 22:02:45 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe [2012/12/18 22:02:45 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe [2012/12/18 22:02:45 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe [2012/12/18 08:11:05 | 000,001,542 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\iTunes.lnk [2012/11/25 22:14:18 | 000,000,164 | ---- | C] () -- M:\Gemma's Stuff\cc_20121125_221416.reg [2012/11/25 22:13:42 | 000,000,830 | ---- | C] () -- M:\Gemma's Stuff\cc_20121125_221338.reg [2012/11/25 22:07:22 | 000,213,628 | ---- | C] () -- M:\Gemma's Stuff\cc_20121125_220713.reg [2012/11/25 14:10:50 | 000,000,682 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2012/11/12 13:44:51 | 000,000,385 | ---- | C] () -- H:\Documents and Settings\Gemma\Application Datauser_gensett.xml [2012/09/16 17:22:52 | 002,283,884 | ---- | C] () -- H:\WINDOWS\System32\nvdata.data [2012/09/06 23:41:13 | 000,000,057 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\Ament.ini [2012/03/18 18:19:36 | 000,047,104 | ---- | C] () -- H:\WINDOWS\AKDeInstall.exe [2012/02/15 18:11:47 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll [2011/11/13 20:02:09 | 000,000,664 | ---- | C] () -- H:\WINDOWS\System32\d3d9caps.dat [2011/09/25 15:59:19 | 000,000,214 | ---- | C] () -- H:\WINDOWS\HP_InstantSHareJPG.ini [2011/09/25 13:55:13 | 000,000,217 | ---- | C] () -- H:\WINDOWS\HP_IZClosingDiscErrorPatch.ini [2011/09/25 12:58:08 | 000,000,227 | ---- | C] () -- H:\WINDOWS\HP_CounterReport_Update_HPSU.ini [2011/09/19 09:20:28 | 000,000,128 | ---- | C] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\fusioncache.dat [2011/04/09 13:05:17 | 000,000,695 | ---- | C] () -- H:\WINDOWS\MYOBP.INI [2011/04/09 13:05:17 | 000,000,057 | ---- | C] () -- H:\WINDOWS\MYOB.INI [2011/04/09 12:16:48 | 000,000,663 | ---- | C] () -- H:\WINDOWS\openrda.ini [2011/04/09 12:16:38 | 000,000,000 | ---- | C] () -- H:\WINDOWS\drvxl32.INI [2011/04/09 12:16:34 | 000,000,000 | ---- | C] () -- H:\WINDOWS\drvwd32.INI [2011/03/15 18:39:22 | 000,000,214 | ---- | C] () -- H:\WINDOWS\HP_48BitScanUpdatePatch.ini [2010/08/08 23:35:00 | 000,079,872 | ---- | C] () -- H:\Documents and Settings\Gemma\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2011/04/09 12:11:25 | 000,000,227 | RHS- | M] () -- H:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/17 03:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 23:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 11:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/12/03 22:10:19 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Administrator\Application Data\Bitdefender [2012/12/18 08:10:58 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/07/03 22:43:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\BDLogging [2012/09/06 11:58:18 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Bitdefender [2011/10/15 18:37:19 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\CheckPoint [2010/08/08 18:10:04 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Kaspersky SDK [2010/09/12 09:31:06 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2010/09/12 09:34:48 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\PC Suite [2010/08/08 22:31:41 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/07/11 17:43:24 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{4C0DBD62-F011-4A41-B11D-BE5CFA6DEDD7} [2012/10/01 15:21:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Elizabeth\Application Data\Bitdefender [2010/09/20 14:06:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Elizabeth\Application Data\CheckPoint [2010/09/20 14:06:12 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Elizabeth\Application Data\MailFrontier [2012/11/19 17:26:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\AUSkey [2012/09/06 22:11:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\Bitdefender [2010/08/08 18:01:39 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\CheckPoint [2012/12/16 19:37:27 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\DDMSettings [2012/01/31 20:21:53 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\Image Zone Express [2011/07/11 15:55:31 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\MailFrontier [2010/09/12 09:34:45 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\PC Suite [2012/07/03 22:38:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Gemma\Application Data\QuickScan ========== Purity Check ========== < End of report > OTL Extras logfile created on: 20/12/2012 7:58:07 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = H:\Documents and Settings\Gemma\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.25 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 73.18% Memory free 5.09 Gb Paging File | 4.26 Gb Available in Paging File | 83.76% Paging File free Paging file location(s): H:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files Drive H: | 465.75 Gb Total Space | 360.21 Gb Free Space | 77.34% Space Free | Partition Type: NTFS Drive M: | 931.51 Gb Total Space | 19.98 Gb Free Space | 2.14% Space Free | Partition Type: NTFS Computer Name: TONKA | User Name: Gemma | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "H:\Program Files\Windows Live\Messenger\wlcsdk.exe" = H:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" = H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "H:\Program Files\Bonjour\mDNSResponder.exe" = H:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.) "H:\Program Files\Windows Live\Messenger\wlcsdk.exe" = H:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" = H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "H:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe" = H:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Photosmart 6510 series) -- (Hewlett-Packard Co.) "H:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe" = H:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Photosmart 6510 series) -- (Hewlett-Packard Co.) "H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "H:\Program Files\iTunes\iTunes.exe" = H:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1 "{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert "{1976B721-8F15-4B86-92D2-725364AF8CE0}" = AUSkey software 1.4.0.3 "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1 "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder "{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS "{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config "{8272813D-F806-4AD1-95E0-9F4340F4B329}" = HP Photosmart 6510 series Product Improvement Study "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99E420FC-372C-4107-BA85-4CC44E265C2A}" = MYOB AccountRight Plus v19 "{A06176AF-7494-4B29-BE74-F01323AD3233}" = MYOB BusinessBasics v1 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}" = HP Photosmart 6510 series Help "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI "{AF06FEB8-B5BB-44EA-B554-B825A65025EC}" = HP Photosmart 6510 series Basic Device Software "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2 "{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter "{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface "{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010 "{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express "{FF7DD5BE-42FF-44B8-AF36-4A46CD2C6D42}" = AUSkey software 1.4.0.6 "AC3Filter_is1" = AC3Filter 1.63b "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Alt.Binz" = Alt.Binz 0.25.0 "Bitdefender" = Bitdefender Total Security 2013 "CCleaner" = CCleaner "Common-Use Signing Interface" = Common-Use Signing Interface "CutePDF Writer Installation" = CutePDF Writer 3.0 "Direct WAV MP3 Splitter_is1" = Direct WAV MP3 Splitter version 2.6.0.21 "DivX Setup" = DivX Setup "DVD Flick_is1" = DVD Flick 1.3.0.7 "FileHippo.com" = FileHippo.com Update Checker "HP Photo & Imaging" = HP Image Zone 5.3 "HP Photo Creations" = HP Photo Creations "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "InstallShield_{99E420FC-372C-4107-BA85-4CC44E265C2A}" = MYOB AccountRight Plus v19 "InstallShield_{A06176AF-7494-4B29-BE74-F01323AD3233}" = MYOB BusinessBasics v1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "mpegable DS" = mpegable DS decoder "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Non Driver CIO Components" = Non Driver CIO Components "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "oggcodecs" = oggcodecs 0.71.0946 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WET7Cable" = Windows Easy Transfer for Windows 7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 (32-bit) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XP Codec Pack" = XP Codec Pack "Xvid_is1" = Xvid 1.1.3 final uninstall ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1645522239-1993962763-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 3/12/2012 7:27:54 AM | Computer Name = TONKA | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03237e30. Error - 3/12/2012 7:27:59 AM | Computer Name = TONKA | Source = Application Error | ID = 1001 Description = Fault bucket 879003832. [ System Events ] Error - 19/12/2012 4:38:32 PM | Computer Name = TONKA | Source = DCOM | ID = 10010 Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout. Error - 19/12/2012 4:48:06 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023 Description = The Automatic Updates service terminated with the following error: %%126 Error - 19/12/2012 4:48:36 PM | Computer Name = TONKA | Source = DCOM | ID = 10010 Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout. Error - 19/12/2012 4:52:41 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023 Description = The BITS service terminated with the following error: %%126 Error - 19/12/2012 4:52:41 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023 Description = The Automatic Updates service terminated with the following error: %%126 Error - 19/12/2012 4:53:40 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023 Description = The Automatic Updates service terminated with the following error: %%126 Error - 19/12/2012 4:54:10 PM | Computer Name = TONKA | Source = DCOM | ID = 10010 Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout. Error - 19/12/2012 4:58:29 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023 Description = The BITS service terminated with the following error: %%126 Error - 19/12/2012 4:58:57 PM | Computer Name = TONKA | Source = Service Control Manager | ID = 7023 Description = The Automatic Updates service terminated with the following error: %%126 Error - 19/12/2012 4:58:59 PM | Computer Name = TONKA | Source = DCOM | ID = 10010 Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout. < End of report >