not detected by malwarebytes

[googly_eyes]

Hello all

(I did have this post on another section of the forum but Ive been advised to move it here in order to get some advice on how to kill, cure or overcome this)......

Currently my avast is popping up regularly on random but not every site (most common is the bbc news site amongst random others) stating "malicious url blocked. OBJECT: INFECTION URL:MAL"

After trawling through malware and antivirus forums of many kinds, there is very little info on the infection, but what info I have seen generally advises to download malwarebytes run a scan and send a log.

Well, not only have I downloaded Malwarebytes as suggested, I also have purchased the full version. I have run quick scan, the first detected several items (probably not related) and was quarantined and afterwards I have ran full scan nothing showed up as infected?! Yet I have not eradicated the problem.

So Im here now, hoping that a guru out there knows of this infection and can suggest steps for removal.

Im running google chrome, windows XP service pack 3.

I have attached the log of my latest scan.

Thanks in advance for any help.

mbam-log-2012-04-04 (12-21-52).txt

mbam-log-2012-06-13 (13-39-48).txt

mbam-log-2012-06-13 (13-54-11).txt

mbam-log-2012-06-25 (15-22-30).txt

Edited June 27, 2012 by Maurice Naggar
url removed

[Maniac]

Hello googly_eyes! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Your problem is due to what Malwarebytes' Anti-Malware is found, but obviously missed something. Now we will investigate further.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
    

[googly_eyes]

Hi Maniac

Yes I am a paid up user but I thought the forums might offer me a instant solution.

As requested, I have followed your instructions to the letter and now you can see what the log produced below. Thanks in advance....

OTL logfile created on: 27/06/2012 13:39:57 - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Simon\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.49 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 64.01% Memory free

5.32 Gb Paging File | 3.64 Gb Available in Paging File | 68.42% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 35.84 Gb Free Space | 24.05% Space Free | Partition Type: NTFS

Drive D: | 4.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 3.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: VTUK | User Name: Simon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/27 13:37:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Simon\My Documents\Downloads\OTL.exe

PRC - [2012/06/06 10:59:37 | 006,380,440 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/03/07 00:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2012/02/01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2011/12/23 12:33:44 | 001,407,248 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

PRC - [2011/12/23 12:33:40 | 000,370,960 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe

PRC - [2011/12/23 12:33:36 | 000,882,960 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

PRC - [2011/12/23 11:16:20 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2011/12/23 11:01:06 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

PRC - [2011/12/23 10:58:28 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

PRC - [2011/12/10 11:25:36 | 002,756,608 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe

PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

PRC - [2011/11/09 17:38:04 | 000,132,768 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe

PRC - [2011/08/22 16:12:52 | 003,507,088 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

PRC - [2011/08/11 12:28:10 | 000,862,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe

PRC - [2011/08/11 12:27:16 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\redirector.exe

PRC - [2011/08/11 12:27:02 | 000,358,336 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe

PRC - [2011/08/02 10:47:34 | 000,063,488 | ---- | M] () -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe

PRC - [2011/07/19 22:00:34 | 001,034,152 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Streaming Client\RadeSvc.exe

PRC - [2011/07/19 22:00:00 | 000,210,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Streaming Client\RadeHlprSvc.exe

PRC - [2011/07/19 18:59:04 | 000,964,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe

PRC - [2011/06/16 18:15:34 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

PRC - [2011/05/03 07:47:58 | 000,321,448 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe

PRC - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe

PRC - [2011/03/25 13:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe

PRC - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe

PRC - [2011/03/23 14:12:34 | 002,032,952 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe

PRC - [2011/03/04 02:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/01/13 03:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe

PRC - [2010/03/09 23:56:02 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2010/03/09 23:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\WDM\stacsv.exe

PRC - [2009/09/12 16:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2009/09/12 16:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2009/09/12 16:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2009/07/07 02:06:46 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe

PRC - [2008/04/30 16:26:22 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe

PRC - [2008/04/14 00:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/03/21 20:32:04 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe

PRC - [2007/10/25 17:23:36 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe

PRC - [2007/09/21 04:40:00 | 000,062,776 | ---- | M] (Echelon Corporation) -- C:\LonWorks\bin\LnsMtsSvc.exe

PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe

PRC - [2005/03/01 19:49:30 | 001,691,741 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe

PRC - [2005/03/01 19:49:18 | 000,036,962 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe

PRC - [2005/03/01 19:49:14 | 000,110,689 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

PRC - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\system32\Crypserv.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/27 07:44:51 | 001,774,592 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12062700\algo.dll

MOD - [2012/06/14 11:58:49 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\767d9fbc5fc15334dd6b6f3f7822be5c\Inkjet.DeviceSettings.ni.dll

MOD - [2012/06/14 11:58:48 | 000,283,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\1ebc49b064658f6bb33a8da26bf5db65\Inkjet.Utilities.ni.dll

MOD - [2012/06/14 11:58:48 | 000,237,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\8862f33cee6152a145575065da1d9f7c\Inkjet.Localization.ni.dll

MOD - [2012/06/14 11:58:47 | 000,824,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\436a3f34aeda5601e7b353522528d7f0\Inkjet.Hardware.ni.dll

MOD - [2012/06/14 10:49:13 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll

MOD - [2012/06/14 10:49:03 | 000,488,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorUtil\88d62aa57be5877c553de0485b6897ed\IAStorUtil.ni.dll

MOD - [2012/06/14 10:49:02 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll

MOD - [2012/06/14 10:01:53 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll

MOD - [2012/06/14 10:01:44 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll

MOD - [2012/06/14 09:53:48 | 000,169,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\587d19c0eb157f347e2db37681c294fa\Inkjet.Automation.ni.dll

MOD - [2012/06/14 09:53:41 | 000,105,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\da1c99c0e65ff84f293bb8ec15c78da1\Inkjet.Diagnostics.ni.dll

MOD - [2012/05/11 12:16:58 | 000,080,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\8a113d17ac02d8e4285ea1db21a3f286\Inkjet.Configuration.ni.dll

MOD - [2012/05/11 12:16:57 | 000,180,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\683ccae865dd1941a8ec53c781a01bdc\Inkjet.Statistics.ni.dll

MOD - [2012/05/11 12:16:49 | 000,172,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c5119837c6e401c4912b8acbc7f6f8a9\IsdiInterop.ni.dll

MOD - [2012/05/11 12:16:46 | 000,014,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8d6a7009a6619a46892dfec9e13fd1ef\IAStorCommon.ni.dll

MOD - [2012/05/11 12:11:07 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/11 12:11:05 | 000,228,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\7fceb73cf92eaf827dda4a45c7dbab18\IAStorDataMgr.ni.dll

MOD - [2012/05/11 12:11:00 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll

MOD - [2012/05/11 12:10:58 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\93271673d4ac2b490bb2f78234aab670\IAStorDataMgrSvc.ni.exe

MOD - [2012/05/10 03:12:07 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll

MOD - [2012/05/10 03:10:46 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll

MOD - [2012/05/10 03:10:39 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll

MOD - [2012/05/10 03:10:29 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll

MOD - [2012/02/01 16:25:38 | 000,059,904 | ---- | M] () -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

MOD - [2011/11/11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

MOD - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe

MOD - [2011/11/03 16:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

MOD - [2011/08/02 18:29:10 | 000,277,896 | ---- | M] () -- C:\Program Files\Smart PDF Converter\ExplorerExt.dll

MOD - [2011/08/02 10:47:34 | 000,063,488 | ---- | M] () -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe

MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2011/03/25 13:25:14 | 000,158,208 | ---- | M] () -- C:\Program Files\Virgin Media\Service Manager\Windows7Features.dll

MOD - [2011/03/01 23:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll

MOD - [2011/03/01 23:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll

MOD - [2011/03/01 23:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll

MOD - [2011/03/01 23:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll

MOD - [2011/03/01 23:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll

MOD - [2011/02/28 23:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll

MOD - [2011/02/24 02:57:18 | 000,555,112 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll

MOD - [2011/01/13 02:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll

MOD - [2011/01/13 02:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll

MOD - [2009/04/22 22:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll

MOD - [2009/04/10 00:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll

MOD - [2009/03/03 23:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll

MOD - [2009/03/03 23:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll

MOD - [2009/03/03 23:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll

MOD - [2009/03/03 23:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll

MOD - [2009/03/03 23:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll

MOD - [2009/03/03 23:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll

MOD - [2009/03/03 23:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll

MOD - [2009/03/03 23:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll

MOD - [2009/03/03 23:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll

MOD - [2008/04/14 00:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2008/04/14 00:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2005/03/01 19:49:22 | 000,073,808 | ---- | M] () -- C:\Program Files\CheckPoint\SecuRemote\bin\Bind82.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/06/21 10:48:15 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/07 00:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/03/05 15:04:14 | 000,745,472 | ---- | M] (Visonic Technologies / ELPAS) [On_Demand | Stopped] -- C:\Eiris\e41srv\EirisServer.exe -- (EirisServer)

SRV - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2011/12/23 12:33:40 | 000,370,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

SRV - [2011/12/23 12:33:36 | 000,882,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2011/12/23 11:16:20 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2011/12/23 10:58:28 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)

SRV - [2011/11/09 17:38:04 | 000,132,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) Intel®

SRV - [2011/08/02 10:47:34 | 000,063,488 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe -- (CDMA Device Service)

SRV - [2011/07/19 22:00:34 | 001,034,152 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\Streaming Client\RadeSvc.exe -- (RadeSvc)

SRV - [2011/07/19 22:00:00 | 000,210,864 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\Streaming Client\RadeHlprSvc.exe -- (RadeHlprSvc)

SRV - [2011/06/22 16:44:36 | 002,146,304 | ---- | M] (Visonic Technologies) [On_Demand | Stopped] -- C:\Eiris\Utilities\EirisRedundancyWatchdog\EirisRedundancyWatchdog.exe -- (EirisWatchdogLite)

SRV - [2011/06/16 18:15:34 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)

SRV - [2011/05/03 07:47:58 | 000,321,448 | ---- | M] (Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe -- (CdfSvc)

SRV - [2011/04/08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)

SRV - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)

SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/03/04 02:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2010/03/09 23:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/09/12 16:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007/09/21 04:40:00 | 000,066,872 | ---- | M] (Echelon Corporation) [On_Demand | Stopped] -- C:\LonWorks\bin\LdvxBroker.exe -- (LdvxBroker)

SRV - [2007/09/21 04:40:00 | 000,062,776 | ---- | M] (Echelon Corporation) [Auto | Running] -- C:\LonWorks\bin\LnsMtsSvc.exe -- (LnsMtsSvc) Echelon Support Service for Microsoft Terminal Services (MTS)

SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2005/03/01 19:49:18 | 000,036,962 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_WatchDog)

SRV - [2005/03/01 19:49:14 | 000,110,689 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)

SRV - [2000/06/29 09:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/03/07 00:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/03/07 00:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/03/07 00:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012/03/07 00:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/03/07 00:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/03/07 00:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/03/06 23:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/12/12 08:05:02 | 007,477,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwNx32.sys -- (NETwNx32) ___ Intel®

DRV - [2011/10/20 19:19:43 | 000,250,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®

DRV - [2011/08/10 23:20:24 | 000,066,776 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)

DRV - [2011/07/18 05:24:08 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2011/07/18 05:24:08 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2011/07/18 05:24:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2011/06/30 07:49:02 | 000,205,144 | ---- | M] (Citrix Systems, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\CtxSbx.sys -- (CtxSbx)

DRV - [2011/06/30 07:49:02 | 000,060,248 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxpidmn.sys -- (ctxpidmn)

DRV - [2011/06/16 18:15:34 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)

DRV - [2011/06/16 18:15:33 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)

DRV - [2011/06/16 18:15:32 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)

DRV - [2011/06/16 18:15:14 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)

DRV - [2011/06/16 16:28:23 | 000,007,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX)

DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - [2011/05/05 09:10:20 | 000,063,360 | ---- | M] (Citrix Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvhdbus2kxp.sys -- (cvhdbus)

DRV - [2011/03/04 02:30:26 | 004,333,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)

DRV - [2011/03/04 02:29:00 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2011/03/01 15:24:36 | 000,031,280 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdfdrv.sys -- (cdfdrv)

DRV - [2010/06/25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2010/05/19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2010/03/09 23:56:02 | 001,656,499 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2009/09/15 11:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®

DRV - [2009/04/21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)

DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2009/02/12 15:11:24 | 000,022,312 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rsdrv.sys -- (ElRawDisk)

DRV - [2008/04/18 22:43:40 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/09/21 04:40:00 | 000,029,404 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FTD2XX.sys -- (FTD2XX)

DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)

DRV - [2005/03/01 19:49:36 | 002,041,904 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fw.sys -- (FW1)

DRV - [2005/03/01 19:49:30 | 000,017,456 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\scap.sys -- (Scap)

DRV - [2005/03/01 19:49:28 | 000,014,924 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OMVA.sys -- (OMVA)

DRV - [2005/03/01 19:49:24 | 000,670,128 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vpn.sys -- (VPN-1)

DRV - [2000/02/03 20:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@citrix.com/Citrix Offline Plug-in: C:\Program Files\Citrix\Streaming Client\nprade.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Simon\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: vShare.tv plug-in (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll

CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll

CHR - plugin: Service Manager (Enabled) = C:\Program Files\Virgin Media\Service Manager\nprpspa.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Simple Pool Game = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\acjijhekaonkmkedfdabbageicfhhlgo\0.0.3_0\

CHR - Extension: Simple Pool Game = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\acjijhekaonkmkedfdabbageicfhhlgo\0.0.3_0\~

CHR - Extension: 8 Ball Pool = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhljoejlbnebcpflalenbmpnanjbikof\2.0_0\

CHR - Extension: Old West = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhngnpkhondjmhflomdlhfdoilcjljod\1.0_0\

CHR - Extension: YouTube = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Shogun's Fate = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdliblldgjdficcbflpdknckckdfdkbo\1.0.9_0\

CHR - Extension: Striker Manager = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\chmachfiimeggafocgeldapnchdnoiib\5_0\

CHR - Extension: Google Search = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: WGT Golf Challenge = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\32.1.0_0\

CHR - Extension: Realm of the Mad God = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\

CHR - Extension: Realm of the Mad God = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~

CHR - Extension: VshareComplete plugin for chrome = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\

CHR - Extension: Multiplayer Pool = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fppbghobbfgnifknfaakaemepjaogldf\1.0.3_0\

CHR - Extension: 3D Bowling = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm\1.9_0\

CHR - Extension: AirMech = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn\10176_0\

CHR - Extension: Bubble Shooter = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln\2.0_0\

CHR - Extension: Isoball 3 = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.2.1_0\

CHR - Extension: avast! WebRep = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

CHR - Extension: Lord of Ultima = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.12_0\

CHR - Extension: Galaxy Bowl = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbcnfnbjmfinbadnegmjkhpomcfpoeff\3_0\

CHR - Extension: Cargo Bridge = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\

CHR - Extension: SparkChess = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\5.2.0.1_0\

CHR - Extension: vshare plugin = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\

CHR - Extension: WarTime = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkobmjibnppfleogmodpjgocgdbdiikp\1.23_0\

CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\

CHR - Extension: Shooting Games = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lpnflgjnaodohepcidmeajmnognomdac\1.5_0\

CHR - Extension: Zombie Pandemic = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhkicdgidnfmdfnhhllffoplpaldkljl\1_0\

CHR - Extension: Plants vs Zombies = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\

CHR - Extension: Yontoo = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\

CHR - Extension: Gmail = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/21 10:43:51 | 000,001,794 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 adobe.activate.com

O1 - Hosts: 127.0.0.1 adobeereg.com

O1 - Hosts: 127.0.0.1 www.adobeereg.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 125.252.224.90

O1 - Hosts: 127.0.0.1 125.252.224.91

O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com

O2 - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Documents and Settings\Simon\Application Data\VshareComplete\VshareComplete.dll (SimplyGen)

O2 - BHO: (CtxIEInterceptorBHO Class) - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)

O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)

O4 - HKLM..\Run: [EKAIO2StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe (Eastman Kodak Company)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)

O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [serviceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)

O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [bitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)

O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [F44BE43CC11D91D3DC25D5C54CC07C7B74D7AEB3._service_run] C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)

O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [YouSendIt.exe] C:\Program Files\YouSendIt\Express\YouSendIt.exe (YouSendIt)

O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)

O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\Simon\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O7 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKU\S-1-5-21-1957994488-651377827-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1957994488-651377827-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O15 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\..Trusted Domains: visonic.com ([citrix] https in Trusted sites)

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BF04655-AE85-46CE-AD14-5C25A7CFF0D9}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ckpNotify: DllName - (ckpNotify.dll) - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/06/16 11:57:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010/09/24 15:53:20 | 000,000,048 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{34762c18-d7ea-11e0-a2ef-b22b5a169f65}\Shell - "" = AutoRun

O33 - MountPoints2\{34762c18-d7ea-11e0-a2ef-b22b5a169f65}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{34762c18-d7ea-11e0-a2ef-b22b5a169f65}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 11:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\Hub Security Steve Turton Elpas pricing and information

[2012/06/25 10:18:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2012/06/21 10:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Start Menu\Programs\Google Chrome

[2012/06/13 13:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Local Settings\Application Data\Logitech® Webcam Software

[2012/06/13 10:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2012/06/13 10:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2012/06/01 13:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Simon\Desktop\All right now

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/27 13:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/06/27 13:33:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-651377827-1801674531-1003UA.job

[2012/06/27 10:33:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-651377827-1801674531-1003Core.job

[2012/06/27 09:41:01 | 000,289,341 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2012/06/25 10:07:46 | 000,289,341 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

[2012/06/21 10:52:03 | 000,497,468 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/06/21 10:52:03 | 000,085,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/06/21 10:49:26 | 000,002,296 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\Google Chrome.lnk

[2012/06/21 10:45:11 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2012/06/21 10:44:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/06/21 10:43:51 | 000,001,794 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/06/14 10:04:30 | 003,567,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/06/14 09:55:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/06/13 14:10:13 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/06/13 13:39:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/13 13:09:53 | 000,053,936 | ---- | M] () -- C:\Documents and Settings\Simon\Desktop\bookmarks_6_13_12.html

[2012/06/13 10:59:25 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2012/06/12 02:00:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-VTUK-Simon.job

[2012/06/07 11:53:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/06/06 11:13:06 | 000,001,261 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software .lnk

[2012/06/06 11:06:04 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk

[2012/06/06 11:06:04 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/21 10:49:26 | 000,002,296 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\Google Chrome.lnk

[2012/06/21 10:48:19 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/06/21 10:28:45 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-651377827-1801674531-1003UA.job

[2012/06/21 10:28:45 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-651377827-1801674531-1003Core.job

[2012/06/13 13:39:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/13 13:09:53 | 000,053,936 | ---- | C] () -- C:\Documents and Settings\Simon\Desktop\bookmarks_6_13_12.html

[2012/06/13 10:59:25 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2012/06/06 11:06:04 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk

[2012/05/23 15:01:04 | 000,000,132 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2012/05/10 21:08:17 | 000,515,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2012/03/29 15:23:41 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2012/03/29 15:23:41 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2012/03/29 15:23:41 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2012/03/15 15:56:23 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Crypkey.ini

[2012/03/15 15:56:20 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe

[2012/03/15 15:56:20 | 000,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys

[2012/03/15 15:56:20 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll

[2012/03/15 15:56:20 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe

[2012/02/16 02:59:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/01/17 18:15:14 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll

[2012/01/17 18:15:10 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe

[2012/01/17 18:15:09 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe

[2012/01/17 18:15:06 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\office.exe

[2011/12/15 23:43:50 | 000,001,424 | ---- | C] () -- C:\WINDOWS\Spiderl.ini

[2011/10/06 10:35:31 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\drivers\default.bin

[2011/10/06 10:35:31 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\default.bin

[2011/10/06 10:34:26 | 000,106,591 | ---- | C] () -- C:\WINDOWS\System32\fwnetcfg.dll

[2011/10/06 10:33:57 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini

[2011/09/15 17:23:39 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Simon\g2mdlhlpx.exe

[2011/09/11 01:20:16 | 000,501,118 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1957994488-651377827-1801674531-1003-0.dat

[2011/09/11 01:20:16 | 000,358,622 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2011/09/10 11:30:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2011/08/09 15:23:47 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys

[2011/08/09 15:23:47 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\CA6262783B.sys

[2011/08/05 14:35:30 | 000,001,056 | ---- | C] () -- C:\WINDOWS\System32\EKaio2WiaCoInst.ini

[2011/07/26 17:26:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe

[2011/07/26 17:26:46 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll

[2011/07/26 17:26:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll

[2011/07/26 17:26:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll

[2011/07/26 17:26:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

[2011/07/14 20:24:53 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat

[2011/07/08 13:57:13 | 000,006,650 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini

[2011/07/05 18:55:57 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\Simon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/23 13:41:45 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

[2011/06/23 13:09:35 | 000,115,320 | ---- | C] () -- C:\WINDOWS\hpgins21.dat

[2011/06/23 13:09:35 | 000,000,282 | ---- | C] () -- C:\WINDOWS\hpgmdl21.dat

[2011/06/16 12:54:40 | 000,289,341 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2011/06/16 12:49:44 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2011/06/16 12:49:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011/06/16 12:48:27 | 003,567,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/06/16 12:00:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/06/16 11:55:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011/03/04 02:26:22 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll

[2011/03/04 02:26:22 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe

[2011/03/04 02:26:16 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll

[2011/03/04 02:14:50 | 000,027,362 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2011/02/10 05:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

========== LOP Check ==========

[2011/06/16 18:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2012/01/23 15:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY

[2011/06/17 11:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2011/10/06 10:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2012/03/29 15:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius

[2011/06/16 16:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FNET

[2011/11/22 13:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak

[2011/07/08 14:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2012/06/06 10:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint

[2011/07/15 16:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2011/09/09 11:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung

[2012/04/30 12:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

[2011/06/17 13:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/07/08 14:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB

[2011/06/17 11:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media

[2011/12/21 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Temp

[2011/10/27 15:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Temp

[2011/06/16 18:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Acronis

[2012/06/27 13:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\BitTorrent

[2011/06/25 13:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\ezNZB

[2011/06/22 14:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\ICAClient

[2011/10/20 13:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Image Zone Express

[2012/05/13 20:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Leadertech

[2011/11/07 14:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\PriceGong

[2012/06/18 12:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\PrimoPDF

[2011/06/23 13:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Printer Info Cache

[2011/06/17 11:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Radialpoint

[2011/09/09 11:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Samsung

[2011/11/06 14:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\searchquband

[2011/11/06 14:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\searchqutoolbar

[2011/09/12 19:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Smart PDF Converter

[2011/10/23 23:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Sports Interactive

[2012/04/17 12:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\SystemRequirementsLab

[2012/02/01 17:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\TeamViewer

[2011/10/26 15:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Temp

[2012/01/17 18:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\UDC Profiles

[2012/03/01 00:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Unity

[2011/06/17 11:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\Virgin Media

[2012/01/31 21:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\VshareComplete

[2012/05/25 08:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\YouSendIt

[2011/12/21 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser\Application Data\Temp

[2012/06/21 10:45:11 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AAB2E68

< End of report >

[Maniac]

Where is Extras.txt?

[googly_eyes]

Here you go Manaic

OTL Extras logfile created on: 27/06/2012 13:39:57 - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Simon\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.49 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 64.01% Memory free

5.32 Gb Paging File | 3.64 Gb Available in Paging File | 68.42% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 35.84 Gb Free Space | 24.05% Space Free | Partition Type: NTFS

Drive D: | 4.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive E: | 3.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: VTUK | User Name: Simon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1957994488-651377827-1801674531-1003\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DoNotAllowExceptions" = 0

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353

"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Veetle\Player\VeetleNet.exe" = C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)

"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe" = C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)

"C:\Program Files\StarCraft II\Versions\Base18574\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base18574\SC2.exe:*:Enabled:StarCraft II

"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)

"C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)

"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)

"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)

"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

"C:\Program Files\Veetle\Player\VeetleNet.exe" = C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()

"C:\Eiris\e41srv\EirisServer.exe" = C:\Eiris\e41srv\EirisServer.exe:*:Enabled:EirisServer Application -- (Visonic Technologies / ELPAS)

"C:\Program Files\Steam\steamapps\common\football manager 2011\fm.exe" = C:\Program Files\Steam\steamapps\common\football manager 2011\fm.exe:*:Enabled:Football Manager 2011 -- (Sports Interactive)

"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service -- (Check Point Software Technologies)

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application -- (Check Point Software Technologies)

"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line -- (Check Point Software Technologies)

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent -- (Check Point Software Technologies)

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics -- ()

"C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)

"C:\Eiris\apache\bin\httpd.exe" = C:\Eiris\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server

"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)

"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)

"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)

"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)

"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)

"C:\Documents and Settings\Simon\My Documents\Downloads\AA_v3.exe" = C:\Documents and Settings\Simon\My Documents\Downloads\AA_v3.exe:*:Enabled:Ammyy Admin -- ()

"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

"C:\LonWorks\bin\ptserv32.exe" = C:\LonWorks\bin\ptserv32.exe:*:Enabled:FastObjects Server 9.5 -- (POET Software)

"C:\Program Files\Steam\steamapps\common\football manager 2012\fm.exe" = C:\Program Files\Steam\steamapps\common\football manager 2012\fm.exe:*:Enabled:Football Manager 2012 -- (Sports Interactive)

"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

"C:\Program Files\Elpas Local Controller\ELC Programmer.exe" = C:\Program Files\Elpas Local Controller\ELC Programmer.exe:*:Enabled:ELC Programmer -- ()

"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4

"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension

"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0B74F57C-4636-4D70-A7A9-95074DF21802}" = Citrix Receiver(Aero)

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{164B26C5-9BC9-48E8-8FB5-C3C0AC0FE1C8}" = Citrix Receiver Inside

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}" = HDD Regenerator

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D316CFB-1825-4030-A13A-29D18DC6B177}" = OfficeSharedAddInSetup

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD

"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56BA241F-580C-43D2-8403-947241AAE633}" = center

"{5f6460bd-391e-43ce-bcf3-130ef02f8cb2}_is1" = VshareComplete

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel® Network Connections 16.8.46.0

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{696A666D-7CB6-40f6-B394-BD3EEDAA2B99}" = HP Scanjet G3010 and 4370 9.0

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{70BB990A-1461-4178-943D-7F771067D95C}" = Citrix Offline Plug-in

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone

"{74A18186-FFC5-488A-80D3-0D4ABA1125D8}" = Elpas Local Controller

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA

"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture

"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw

"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP

"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content

"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters

"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav

"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express

"{8F9C77FF-C017-4B12-BA71-A3A53BD52775}_is1" = AnyBizSoft PDF Converter (Build 2.5.0)

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9026A8AB-A7B2-4260-B93F-BB19E717980B}" = Eiris

"{90B45DFA-5DD9-47F0-BCC7-F25B9562A738}" = Citrix Receiver(USB)

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{993DAF7C-A5F8-42EA-81D4-DAE3C9D2D1F7}_is1" = Remo Recover

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{9FCF2FC0-8268-11D4-A313-0006290D766E}" = Check Point VPN-1 SecureClient NG_AI_R56

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AD6E2415-407E-40D3-A550-126E67509D84}" = Citrix Receiver(DV)

"{AE2E0F4A-E08F-4A15-B4DC-D8FC9CEFF9C7}" = Online Plug-in

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.70

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B9272341-39C4-40D6-8B31-54D85409116F}" = hpg3010

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials

"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA

"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer

"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr

"{C012BF9F-79EA-4601-9778-BFE9B3CE83A1}" = hpg3010QFolder

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis True Image Home

"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension

"{CEC0C2C2-921F-4EB8-8D7E-4F2F03ED02AA}" = ScannerCopy

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D1D603C4-8C68-40F3-85AE-6DBEF3B712B5}" = Citrix Receiver (HDX Flash Redirection)

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq

"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core

"{DE39D99E-62CD-440D-BB51-800D5BA5D181}" = Intel® PROSet/Wireless WiFi Software

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{EACDEFA8-8BCD-4E9D-BC41-DF59ACD748BB}" = Echelon LNS Server

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr

"{EFE86519-31A1-46C3-9850-F7A132E04EFD}" = Echelon OpenLDV 3.4

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F78E43E9-79D6-4E53-A06E-C0DEB417FF89}" = FMRTE

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"American Civil War - Gettysburg" = American Civil War - Gettysburg (remove only)

"Ares" = Ares 2.1.7

"avast" = avast! Free Antivirus

"AVS Image Converter_is1" = AVS Image Converter 2.1.2.169

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4

"BitTorrent" = BitTorrent

"BitTorrentBar Toolbar" = BitTorrentBar Toolbar

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"CitrixOnlinePluginPackWeb" = Citrix Receiver

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ezNZB_is1" = ezNZB v3.1.0

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPOCR" = HP OCR Software 9.0

"ImTOO PDF to PowerPoint Converter" = ImTOO PDF to PowerPoint Converter

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express

"jZip" = jZip

"Logitech Vid" = Logitech Vid HD

"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)

"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4

"Oval Office" = Oval Office (remove only)

"PcCloneEX" = PcCloneEX

"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software

"ProInst" = Intel PROSet Wireless

"QueTek File Scavenger 3.2 (en)" = File Scavenger 3.2 (en)

"RadialpointClientGateway_is1" = Virgin Media Service Manager 3.7.47

"RadialpointHomeSecurityDashboard_is1" = Virgin Media Digital Home Support 2.1.27

"RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.19

"Searchqu 102 MediaBar" = Windows Searchqu Toolbar

"Simpo PDF to PowerPoint_is1" = Simpo PDF to PowerPoint 1.2.0.0

"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)

"Smart PDF Converter_is1" = Smart PDF Converter 6.1.0.441

"SopCast" = SopCast 3.4.0

"Spider32" = Spider32

"StarCraft II" = StarCraft II

"Steam App 34220" = Football Manager 2011

"Steam App 71270" = Football Manager 2012

"TeamViewer 6" = TeamViewer 6

"TeamViewer 7" = TeamViewer 7

"Universal Document Converter_is1" = Universal Document Converter (Demo)

"Veetle TV" = Veetle TV

"VLC media player" = VLC media player 1.1.10

"vShare plugin" = vShare plugin 1.3

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.2

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-651377827-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"f031ef6ac137efc5" = Dell Driver Download Manager

"Google Chrome" = Google Chrome

"GoToMeeting" = GoToMeeting 5.1.0.880

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 16/03/2012 17:36:09 | Computer Name = VTUK | Source = Application Hang | ID = 1002

Description = Hanging application chrome.exe, version 17.0.963.79, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 16/03/2012 17:36:10 | Computer Name = VTUK | Source = Application Hang | ID = 1002

Description = Hanging application chrome.exe, version 17.0.963.79, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 16/03/2012 17:40:15 | Computer Name = VTUK | Source = nview_info | ID = 11141121

Description =

Error - 16/03/2012 18:06:39 | Computer Name = VTUK | Source = nview_info | ID = 11141121

Description =

Error - 16/03/2012 18:06:43 | Computer Name = VTUK | Source = Application Error | ID = 1000

Description = Faulting application , version 0.0.0.0, faulting module unknown, version

0.0.0.0, fault address 0x00000000.

Error - 16/03/2012 18:06:43 | Computer Name = VTUK | Source = Application Error | ID = 1000

Description = Faulting application , version 0.0.0.0, faulting module unknown, version

0.0.0.0, fault address 0x00000000.

Error - 19/03/2012 06:09:19 | Computer Name = VTUK | Source = Application Error | ID = 1000

Description = Faulting application wfica32.exe, version 13.0.0.6685, faulting module

sslsdk_b.dll, version 12.1.4.56357, fault address 0x00013cde.

Error - 21/03/2012 07:45:59 | Computer Name = VTUK | Source = Application Error | ID = 1000

Description = Faulting application skype.exe, version 5.5.0.124, faulting module

flash11e.ocx, version 11.1.102.55, fault address 0x001df7ac.

Error - 22/03/2012 09:35:23 | Computer Name = VTUK | Source = Application Error | ID = 1000

Description = Faulting application , version 0.0.0.0, faulting module unknown, version

0.0.0.0, fault address 0x00000000.

Error - 27/03/2012 10:10:24 | Computer Name = VTUK | Source = Application Hang | ID = 1002

Description = Hanging application wfica32.exe, version 13.0.0.6685, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]

Error - 07/07/2011 17:49:07 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19961

seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/10/2011 04:42:28 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 556

seconds with 0 seconds of active time. This session ended with a crash.

Error - 20/10/2011 08:43:59 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 154049

seconds with 0 seconds of active time. This session ended with a crash.

Error - 04/11/2011 20:23:47 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 43786

seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/11/2011 12:51:44 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 95412

seconds with 1560 seconds of active time. This session ended with a crash.

Error - 18/11/2011 20:22:47 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 29184 seconds with 120 seconds of active time. This session ended with a

crash.

Error - 18/11/2011 20:22:47 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 27032

seconds with 540 seconds of active time. This session ended with a crash.

Error - 06/12/2011 14:33:49 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 28306

seconds with 600 seconds of active time. This session ended with a crash.

Error - 15/03/2012 06:00:07 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 856335

seconds with 5160 seconds of active time. This session ended with a crash.

Error - 27/03/2012 19:50:10 | Computer Name = VTUK | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 47411

seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 26/06/2012 15:09:57 | Computer Name = VTUK | Source = FW1 | ID = 1

Description = FW1: -->ookup failed (5)

Error - 26/06/2012 15:10:01 | Computer Name = VTUK | Source = FW1 | ID = 1

Description = FW1: FW-1: fwconn_chain_get_something: fwconn_chain_l-->

Error - 26/06/2012 15:10:01 | Computer Name = VTUK | Source = FW1 | ID = 1

Description = FW1: -->ookup failed (5)

Error - 26/06/2012 15:10:04 | Computer Name = VTUK | Source = FW1 | ID = 1

Description = FW1: FW-1: fwconn_chain_get_something: fwconn_chain_l-->

Error - 26/06/2012 15:10:04 | Computer Name = VTUK | Source = FW1 | ID = 1

Description = FW1: -->ookup failed (5)

Error - 26/06/2012 17:03:12 | Computer Name = VTUK | Source = FW1 | ID = 1

Description = FW1: FW-1: fwconn_chain_get_something: fwconn_chain_l-->

Error - 26/06/2012 17:03:12 | Computer Name = VTUK | Source = FW1 | ID = 1

Description = FW1: -->ookup failed (5)

Error - 27/06/2012 04:40:47 | Computer Name = VTUK | Source = Service Control Manager | ID = 7031

Description = The avast! Antivirus service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 5000 milliseconds:

Restart the service.

Error - 27/06/2012 04:40:47 | Computer Name = VTUK | Source = SCardSvr | ID = 610

Description = Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL

GET_STATE: The device has been removed.

Error - 27/06/2012 05:15:38 | Computer Name = VTUK | Source = Service Control Manager | ID = 7031

Description = The avast! Antivirus service terminated unexpectedly. It has done

this 2 time(s). The following corrective action will be taken in 5000 milliseconds:

Restart the service.

< End of report >

[Maniac]

Thanks!

Step 1

Please uninstall the following applications:

VshareComplete

Yontoo 1.10.02

Ares 2.1.7

BitTorrent

BitTorrentBar Toolbar

vShare plugin 1.3

Windows Searchqu Toolbar

Step 2

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
  CHR - plugin: vShare.tv plug-in (Enabled) = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
  CHR - Extension: VshareComplete plugin for chrome = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
  CHR - Extension: vshare plugin = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
  CHR - Extension: Yontoo = C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
  O2 - BHO: (VshareComplete) - {222f31fb-a14e-4af2-bb14-997f28294370} - C:\Documents and Settings\Simon\Application Data\VshareComplete\VshareComplete.dll (SimplyGen)
  O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
  O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
  O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
  O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O3 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit0.dll (Conduit Ltd.)
  O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
  O4 - HKU\S-1-5-21-1957994488-651377827-1801674531-1003..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
  [2012/06/06 11:06:04 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
  [2012/06/06 11:06:04 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
  [2012/06/06 11:06:04 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
  [2012/06/27 13:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\BitTorrent
  [2011/11/07 14:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\PriceGong
  [2012/01/31 21:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Simon\Application Data\VshareComplete
  
  :files
  C:\Program Files\BitTorrent
  C:\Program Files\BitTorrentBar
  C:\Program Files\Windows Searchqu Toolbar
  C:\Program Files\Yontoo
  C:\Program Files\Ares
  
  :Commands
  [emptytemp]
  [clearallrestorepoints]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Please post the OTL fix log in your next reply.
  

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 3

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• OTL Fix log
  
• Malwarebytes' Anti-Malware log

[googly_eyes]

Hi Manaiac

Ive just logged in from my other laptop to ask if it is normal for the "killing processes" to be active this long? I think there is a progress bar at the bottom but nothing seems to be happening other than the killing process message.

Just seeking clarification that this is normal as it has been running for an hour now.

Cheers

Simon

[googly_eyes]

p..... sorry for name typo :-)

[Maniac]

Stop it and run it again in Safe mode with Networking:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx

[googly_eyes]

OK that worked

This is the log......while you read I shall embark on step 3....

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-1957994488-651377827-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.

File C:\Program Files\BitTorrentBar\prxtbBit0.dll not found.

File C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll not found.

File C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0 not found.

File C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0 not found.

File C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0 not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{222f31fb-a14e-4af2-bb14-997f28294370}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{222f31fb-a14e-4af2-bb14-997f28294370}\ not found.

File C:\Documents and Settings\Simon\Application Data\VshareComplete\VshareComplete.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.

File C:\Program Files\BitTorrentBar\prxtbBit0.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

File C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.

File C:\Program Files\Yontoo\YontooIEClient.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.

File C:\Program Files\BitTorrentBar\prxtbBit0.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

File C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.

Registry value HKEY_USERS\S-1-5-21-1957994488-651377827-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.

File C:\Program Files\BitTorrentBar\prxtbBit0.dll not found.

Registry value HKEY_USERS\S-1-5-21-1957994488-651377827-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ares deleted successfully.

File C:\Program Files\Ares\Ares.exe not found.

Registry value HKEY_USERS\S-1-5-21-1957994488-651377827-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent deleted successfully.

File C:\Program Files\BitTorrent\BitTorrent.exe not found.

File C:\Documents and Settings\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk not found.

File C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk not found.

File C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk not found.

Folder C:\Documents and Settings\Simon\Application Data\BitTorrent\ not found.

C:\Documents and Settings\Simon\Application Data\PriceGong\Data folder moved successfully.

C:\Documents and Settings\Simon\Application Data\PriceGong folder moved successfully.

Folder C:\Documents and Settings\Simon\Application Data\VshareComplete\ not found.

========== FILES ==========

File\Folder C:\Program Files\BitTorrent not found.

File\Folder C:\Program Files\BitTorrentBar not found.

C:\Program Files\Windows Searchqu Toolbar\Datamngr folder moved successfully.

C:\Program Files\Windows Searchqu Toolbar folder moved successfully.

File\Folder C:\Program Files\Yontoo not found.

File\Folder C:\Program Files\Ares not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ctx_StreamingSvc

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Simon

->Temp folder emptied: 490748406 bytes

->Temporary Internet Files folder emptied: 86592061 bytes

->Java cache emptied: 7068610 bytes

->Google Chrome cache emptied: 6852440 bytes

->Flash cache emptied: 11230 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 6450192 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1558835 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 395765217 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 493324128 bytes

Total Files Cleaned = 1,420.00 mb

Unable to start System Restore Service. Error code 10

OTL by OldTimer - Version 3.2.53.0 log created on 06272012_154823

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[googly_eyes]

<p>OK step 3 completed, see below log...</p>

<p> </p>

<p> </p>

<div>Malwarebytes Anti-Malware (PRO) 1.61.0.1400</div>

<div>www.malwarebytes.org</div>

<div> </div>

<div>Database version: v2012.06.27.06</div>

<div> </div>

<div>Windows XP Service Pack 3 x86 NTFS</div>

<div>Internet Explorer 6.0.2900.5512</div>

<div>Simon :: VTUK [administrator]</div>

<div> </div>

<div>Protection: Enabled</div>

<div> </div>

<div>27/06/2012 15:59:49</div>

<div>mbam-log-2012-06-27 (15-59-49).txt</div>

<div> </div>

<div>Scan type: Quick scan</div>

<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>

<div>Scan options disabled: P2P</div>

<div>Objects scanned: 243587</div>

<div>Time elapsed: 10 minute(s), 15 second(s)</div>

<div> </div>

<div>Memory Processes Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Memory Modules Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Keys Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Values Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Data Items Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Folders Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Files Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>(end)</div>

<div> </div>

[googly_eyes]

Have just tried to open the usual sites and it seems that the everything has cleared up!

Thanks Maniac!!!!!

[Maniac]

Glad everything is fine!

Please run OTL and click on CleanUp button.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing!

[googly_eyes]

cheers!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!