FakeAlert Trojan will not die!!

[SamT]

Been told to post here rather than in other threads.

Cant get rid of FakeAlert trojan.

Here is MBAM log..

--------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4193

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

17/06/2010 21:53:12

mbam-log-2010-06-17 (21-53-12).txt

Scan type: Quick scan

Objects scanned: 129136

Time elapsed: 8 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

------------------------------------------------------------------------------------------------------------------------------

ran DeFogger OK.

had trouble downloading DDS - but managed in the end..DDS.txt Log here

------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86

Run by SamT at 1:02:00.99 on 18/06/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_19

Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.2038.1026 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\WTouch\WTouchService.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\WTouch\WTouchUser.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Pen_Tablet.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\WTablet\Pen_TabletUser.exe

C:\Windows\system32\Pen_Tablet.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe

C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\SamT\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.mytalktalk.co.uk

uWindow Title = Internet Explorer provided by Dell

uInternet Settings,ProxyOverride = *.local

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [Tuxc] rundll32 "c:\users\samt\appdata\roaming\netid3.dll",Ragx

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [M5T8QL3YW3] c:\users\samt\appdata\local\temp\Yg1.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [<NO NAME>]

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\samt\appdata\roaming\mozilla\firefox\profiles\cfyi8mkt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/

FF - component: c:\users\samt\appdata\roaming\mozilla\firefox\profiles\cfyi8mkt.default\extensions\zoterowinwordintegration@zotero.org\components\zoteroWinWordIntegration.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\samt\appdata\local\yahoo!\browserplus\2.8.1\plugins\npybrowserplus_2.8.1.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-7 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-7 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-7 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-7 60936]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-2 1153368]

R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-12-7 4408616]

R2 UI Assistant Service;UI Assistant Service;c:\program files\kanguru\AssistantServices.exe [2010-4-27 224256]

R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2009-12-7 112936]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2009-12-7 13224]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-11 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-31 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 TfBulk;TfBulk;c:\windows\system32\drivers\TfBulk.SYS [2007-5-31 13312]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-12-7 15656]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-6 1343400]

=============== Created Last 30 ================

2010-06-17 23:17:44 0 ----a-w- c:\users\samt\defogger_reenable

2010-06-15 10:39:55 363008 ----a-w- c:\windows\system32\CNMNPPM.DLL

2010-06-15 10:39:55 143360 ----a-w- c:\windows\system32\CNMNPUI.DLL

2010-06-13 19:15:10 0 d-----w- c:\programdata\RegCure

2010-06-13 19:07:00 0 d---a-w- c:\programdata\TEMP

2010-06-13 15:04:02 0 d-----w- c:\users\samt\appdata\roaming\Malwarebytes

2010-06-13 15:03:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-13 15:03:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-13 15:03:47 0 d-----w- c:\programdata\Malwarebytes

2010-06-13 15:03:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-11 10:30:52 67584 ----a-w- c:\windows\system32\asycfilt.dll

2010-06-11 10:30:52 2326528 ----a-w- c:\windows\system32\win32k.sys

2010-06-11 10:30:47 977920 ----a-w- c:\windows\system32\wininet.dll

2010-06-11 10:30:36 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-06-11 10:30:36 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-06-06 08:49:24 0 d-----w- c:\windows\system32\Wat

2010-06-04 17:02:46 0 d-----w- c:\program files\Topfield

2010-06-04 09:51:24 0 d-----w- c:\program files\iPod

2010-06-04 09:51:23 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-06-04 09:51:23 0 d-----w- c:\program files\iTunes

2010-06-02 13:03:53 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-06-02 13:03:53 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-06-02 12:09:29 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-02 12:05:19 0 d-----w- c:\programdata\Lavasoft

2010-06-02 12:05:19 0 d-----w- c:\program files\Lavasoft

2010-06-02 11:55:08 0 d-sh--w- c:\users\samt\appdata\roaming\lowsec

2010-06-02 10:22:33 0 d-----w- c:\users\samt\appdata\roaming\Avira

2010-06-02 10:15:34 85504 --sha-r- c:\users\samt\appdata\roaming\netid3.dll

2010-06-02 10:10:34 0 d-----w- c:\programdata\Identities

2010-06-02 10:10:08 0 d-----w- c:\program files\PVsyst5

2010-05-26 08:29:05 2048 ----a-w- c:\windows\system32\tzres.dll

2010-05-24 12:35:55 0 d-----w- c:\program files\PanaVue

==================== Find3M ====================

2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-04-16 16:41:07 87608 ----a-w- c:\users\samt\appdata\roaming\inst.exe

2010-04-16 16:41:07 47360 ----a-w- c:\users\samt\appdata\roaming\pcouffin.sys

2010-04-08 12:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-04-08 12:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2010-01-25 09:21:15 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2010-01-25 11:14:24 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 1:03:22.07 ===============

attach.txt is attached...

Every time I run GMER I now get a Blue Screen of Death.. Joy oh Joy..

Please please help!! I've got Uni work to hand in very soon and cannot afford to be having BSOD's

Attach.txt

[SamT]

Managed to get GMER to run in Safe Mode..

ark.txt is attached..

ark.zip

[sjpritch25]

• Download to your desktop.
  
• Double-Click on OTL to run it.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Under Custom scan's and fixes section paste in the below in bold
  

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  

• When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  

[SamT]

• Download to your desktop.
  
• Double-Click on OTL to run it.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Under Custom scan's and fixes section paste in the below in bold
  

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  

• When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  

Bizarre - note how your link to oldtimer is not showing in the post - however - I've got the link from the quote text above.

Thanks - I'll run it now.

[SamT]

Hi - logs below

Extras.txt

---------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 18/06/2010 09:26:25 - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\SamT\Desktop

An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.46 Gb Total Space | 28.41 Gb Free Space | 20.82% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.73 Gb Free Space | 57.28% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SAMT-LAPTOP

Current User Name: SamT

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 1

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600R" = Canon MP600R

"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20CA5883-A9E3-4F82-A2D4-8B6CB934C787}" = Radio Downloader

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 19

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3

"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7

"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings

"{74B58083-B5B9-46a5-847C-248F97FF2A56}" = Topfield Tools

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop

"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5

"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection

"{880A90B0-3783-4D92-A0A3-080B00BC8B24}" = Memory-Map OS Edition Version 5

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007

"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support

"{A0375E86-B34B-11D5-987A-000159C10101}" = Iagb5b

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Kanguru

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional

"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B346C3E7-AD3C-11D5-987A-30815AC10000}" = Iagb5

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver

"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{BEB79508-7D67-4A2F-9FB3-54C2B68E9532}" = PC Connectivity Solution

"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DEC2985C-18BB-4456-97E8-55ACBC446CF0}" = ArtRage 2

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings

"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)

"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)

"DivX Setup.divx.com" = DivX Setup

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"Flickr Uploadr" = Flickr Uploadr 3.2.1

"FLV Player" = FLV Player 2.0 (build 25)

"HDMI" = Intel® Graphics Media Accelerator Driver

"Indeo

[sjpritch25]

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

5)Restart your computer.

================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\SamT\AppData\Local\Temp\Yg1.exe File not found
  :commands
  [emptytemp]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

========================================

Click on Start Menu---> Right-Click on My Computer icon ---> Click on Properties ----> Click on the Device Manager ----> Under Network click on the + sign. I need to know if you have a Marvell Yukon Ethernet Controller.

In your next reply, please post a fresh otl log, run mbam again (don't forget to update to the latest def's) and post that log too. Thanks

[SamT]

Ok - done that..

Quick Scan is now running - here is the log created automatically by OTL after the reboot.

I will post log from the quick scan when its finished.

------------------------------------------------------------------------------------------------------------

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: doctemp

User: Public

User: SamT

->Temp folder emptied: 36166839 bytes

->Temporary Internet Files folder emptied: 108952093 bytes

->Java cache emptied: 32246633 bytes

->FireFox cache emptied: 40422246 bytes

->Google Chrome cache emptied: 6275755 bytes

->Flash cache emptied: 1972246 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1331271 bytes

RecycleBin emptied: 249462537 bytes

Total Files Cleaned = 455.00 mb

OTL by OldTimer - Version 3.2.6.0 log created on 06182010_161615

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[SamT]

here it is...

----------------------------------------------------------------------------------------------------

OTL logfile created on: 18/06/2010 16:22:33 - Run 2

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\SamT\Desktop

An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.46 Gb Total Space | 27.97 Gb Free Space | 20.50% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.73 Gb Free Space | 57.28% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SAMT-LAPTOP

Current User Name: SamT

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\SamT\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)

PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)

PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Kanguru\AssistantServices.exe ()

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Users\SamT\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)

MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\RpcRtRemote.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptsp.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)

SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (UI Assistant Service) -- C:\Program Files\Kanguru\AssistantServices.exe ()

SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)

DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)

DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)

DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)

DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)

DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)

DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)

DRV - (TfBulk) -- C:\Windows\System32\drivers\TfBulk.SYS (Topfield (visit www.topfield.co.kr))

DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)

DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 48 84 0D 40 77 CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072

FF - prefs.js..extensions.enabledItems: {1BCA7BD8-8977-11DC-A9BD-548555D89593}:1.5

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1

FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.3

FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.0a3

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/08 11:19:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/04 10:48:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/04 10:48:53 | 000,000,000 | ---D | M]

[2010/02/10 14:08:37 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Extensions

[2010/02/10 14:08:37 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com

[2009/12/07 15:10:09 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\b1znzzoo.default\extensions

[2010/06/18 00:22:01 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions

[2009/12/07 15:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\{1BCA7BD8-8977-11DC-A9BD-548555D89593}

[2010/03/01 15:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\{1BCA7BD8-8977-11DC-A9BD-548555D89593}-trash

[2010/04/29 15:00:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/12/07 15:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

[2009/12/07 15:31:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2010/05/08 08:13:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/12/07 15:31:53 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2008/01/31 17:37:03 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\en-US@dictionaries.addons.mozilla.org

[2010/05/08 08:13:46 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\zotero@chnm.gmu.edu

[2010/03/21 16:30:10 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\zoteroWinWordIntegration@zotero.org

[2010/04/02 15:17:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/03/12 23:59:08 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/03/12 23:59:08 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/03/12 23:59:08 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/03/12 23:59:08 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O4 - HKCU..\Run: [svchost] C:\Users\SamT\AppData\Local\Temp\svchost.exe File not found

O4 - HKCU..\Run: [Tuxc] C:\Users\SamT\AppData\Roaming\netid3.DLL (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.222.220

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/06/18 16:23:29 | 000,010,632 | ---- | M] () - C:\Autoztemon.txt -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/18 16:16:15 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/06/18 13:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\PVsyst5

[2010/06/18 13:56:18 | 028,910,106 | ---- | C] (ISE - University of Geneva) -- C:\Users\SamT\Desktop\PVsyst5_12_setup.exe

[2010/06/18 09:18:33 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\SamT\Desktop\OTL.exe

[2010/06/15 11:20:06 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Local\Canon Easy-PhotoPrint EX

[2010/06/13 20:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure

[2010/06/13 20:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure

[2010/06/13 20:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010/06/13 20:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

[2010/06/13 16:04:02 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Roaming\Malwarebytes

[2010/06/13 16:03:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/06/13 16:03:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/06/13 16:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/06/13 16:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/06/06 09:49:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

[2010/06/04 18:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Topfield

[2010/06/04 10:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/06/04 10:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/06/04 10:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/06/04 10:48:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/06/02 14:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/06/02 14:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/06/02 13:09:29 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/06/02 13:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2010/06/02 13:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2010/06/02 12:55:08 | 000,000,000 | -HSD | C] -- C:\Users\SamT\AppData\Roaming\lowsec

[2010/06/02 11:22:33 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Roaming\Avira

[2010/06/02 11:15:34 | 000,085,504 | RHS- | C] (Microsoft Corporation) -- C:\Users\SamT\AppData\Roaming\netid3.dll

[2010/06/02 11:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Identities

[2010/05/26 11:00:43 | 000,000,000 | ---D | C] -- C:\Users\SamT\Desktop\Bagshawemoosespinchofsalt_3d

[2010/05/24 13:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\PanaVue

[2010/05/14 08:53:06 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2010/05/10 19:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\RarZilla Free Unrar

[2010/05/10 11:40:29 | 000,000,000 | ---D | C] -- C:\Users\SamT\Documents\Downloaded Radio

[2010/05/10 11:37:02 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Roaming\www.nerdoftheherd.com

[2010/05/10 11:37:01 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Local\www.nerdoftheherd.com

[2010/05/10 11:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Radio Downloader

[2010/04/27 13:02:50 | 000,110,080 | ---- | C] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbnet.sys

[2010/04/27 13:02:50 | 000,105,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys

[2010/04/27 13:02:50 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys

[2010/04/27 13:02:50 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys

[2010/04/27 13:02:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\SupportAppCB

[2010/04/27 13:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Kanguru

[2010/04/23 11:30:24 | 000,136,704 | ---- | C] (Ligos Corporation) -- C:\Windows\System32\iacenc.dll

[2010/04/23 11:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ligos

[2010/04/23 09:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ordnance Survey

[2010/04/09 14:59:41 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Roaming\DivX

[2010/04/09 14:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine

[2010/04/09 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared

[2010/04/09 14:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2010/04/09 14:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2010/04/03 21:39:48 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Local\Yahoo!

[2010/04/02 15:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/04/02 15:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/04/02 15:06:07 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys

[2010/04/02 15:06:07 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys

[2010/04/02 09:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop

[2010/03/31 02:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl

[2010/03/30 10:14:21 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Roaming\Google

[2010/03/30 10:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

[2010/03/29 22:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Memory-Map

[2010/03/29 22:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/03/29 21:58:23 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/03/29 21:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2010/03/21 21:44:04 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information

[2010/03/21 21:43:35 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ

[1 C:\Users\SamT\Desktop\*.tmp files -> C:\Users\SamT\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/18 16:25:24 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/18 16:25:24 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/18 16:19:20 | 004,456,448 | -HS- | M] () -- C:\Users\SamT\ntuser.dat

[2010/06/18 16:18:08 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/18 16:18:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/06/18 16:18:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/18 16:17:52 | 1602,781,184 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/18 16:14:36 | 000,023,079 | ---- | M] () -- C:\Users\SamT\Desktop\Capture.PNG

[2010/06/18 16:11:34 | 001,478,810 | -H-- | M] () -- C:\Users\SamT\AppData\Local\IconCache.db

[2010/06/18 15:43:14 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/06/18 15:43:14 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/06/18 15:43:14 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/06/18 15:18:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/18 14:27:29 | 001,366,411 | ---- | M] () -- C:\Users\SamT\Desktop\CTL085.pdf

[2010/06/18 13:59:34 | 000,001,831 | ---- | M] () -- C:\Users\SamT\Desktop\PVSYST5_0.lnk

[2010/06/18 13:58:59 | 028,910,106 | ---- | M] (ISE - University of Geneva) -- C:\Users\SamT\Desktop\PVsyst5_12_setup.exe

[2010/06/18 09:18:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\SamT\Desktop\OTL.exe

[2010/06/18 01:40:26 | 000,000,996 | ---- | M] () -- C:\Users\SamT\Desktop\ark.zip

[2010/06/18 01:08:25 | 000,004,094 | ---- | M] () -- C:\Users\SamT\Desktop\Attach.zip

[2010/06/18 01:07:26 | 305,602,666 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/06/18 01:01:47 | 000,525,824 | ---- | M] () -- C:\Users\SamT\Desktop\dds.scr

[2010/06/18 00:25:50 | 000,293,376 | ---- | M] () -- C:\Users\SamT\Desktop\lp81r92c.exe

[2010/06/18 00:17:44 | 000,000,000 | ---- | M] () -- C:\Users\SamT\defogger_reenable

[2010/06/18 00:16:56 | 000,050,477 | ---- | M] () -- C:\Users\SamT\Desktop\Defogger.exe

[2010/06/17 23:35:22 | 000,038,492 | ---- | M] () -- C:\Users\SamT\Desktop\PV schematic.PNG

[2010/06/17 22:45:37 | 000,058,447 | ---- | M] () -- C:\Users\SamT\Desktop\Inverter efficiency.pdf

[2010/06/16 17:00:02 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job

[2010/06/16 09:35:08 | 000,869,125 | ---- | M] () -- C:\Users\SamT\Desktop\16062010380.jpg

[2010/06/16 09:34:58 | 000,938,288 | ---- | M] () -- C:\Users\SamT\Desktop\16062010379.jpg

[2010/06/15 11:17:55 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk

[2010/06/15 11:16:20 | 002,069,840 | ---- | M] () -- C:\Users\SamT\Desktop\mp600rndwin256_ntwin256en.exe

[2010/06/13 20:34:50 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\RegCure.job

[2010/06/13 20:15:11 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk

[2010/06/13 16:03:52 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/12 03:28:27 | 001,764,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/06/06 13:42:27 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/06/04 10:52:39 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/06/02 13:09:27 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/05/31 11:46:24 | 000,000,989 | ---- | M] () -- C:\Users\SamT\Desktop\Hafod yr Afra - Shortcut.lnk

[2010/05/26 12:01:53 | 000,001,295 | ---- | M] () -- C:\Users\SamT\Desktop\PV - Shortcut.lnk

[2010/05/19 19:25:03 | 000,008,192 | ---- | M] () -- C:\Users\SamT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/17 13:14:45 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/04/27 20:16:12 | 000,110,064 | ---- | M] () -- C:\Users\SamT\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/04/23 13:03:06 | 000,000,905 | ---- | M] () -- C:\Windows\IAGB5b.ini

[2010/04/23 13:03:06 | 000,000,235 | ---- | M] () -- C:\Windows\system.ini

[2010/04/23 09:37:43 | 000,000,899 | ---- | M] () -- C:\Windows\IAGB5.ini

[2010/04/16 17:41:07 | 000,087,608 | ---- | M] () -- C:\Users\SamT\AppData\Roaming\inst.exe

[2010/04/16 17:41:07 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\SamT\AppData\Roaming\pcouffin.sys

[2010/04/16 17:41:07 | 000,007,887 | ---- | M] () -- C:\Users\SamT\AppData\Roaming\pcouffin.cat

[2010/04/16 17:41:07 | 000,001,144 | ---- | M] () -- C:\Users\SamT\AppData\Roaming\pcouffin.inf

[2010/04/09 13:54:51 | 000,017,151 | ---- | M] () -- C:\Users\SamT\Documents\AGM notes.docx

[2010/04/02 09:55:05 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk

[2010/03/31 02:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl

[2010/03/30 10:10:34 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk

[2010/03/21 21:44:23 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk

[1 C:\Users\SamT\Desktop\*.tmp files -> C:\Users\SamT\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/18 16:14:36 | 000,023,079 | ---- | C] () -- C:\Users\SamT\Desktop\Capture.PNG

[2010/06/18 14:27:20 | 001,366,411 | ---- | C] () -- C:\Users\SamT\Desktop\CTL085.pdf

[2010/06/18 13:59:38 | 000,000,018 | ---- | C] () -- C:\Windows\VS50LP.BMP

[2010/06/18 13:59:34 | 000,001,831 | ---- | C] () -- C:\Users\SamT\Desktop\PVSYST5_0.lnk

[2010/06/18 01:40:26 | 000,000,996 | ---- | C] () -- C:\Users\SamT\Desktop\ark.zip

[2010/06/18 01:08:25 | 000,004,094 | ---- | C] () -- C:\Users\SamT\Desktop\Attach.zip

[2010/06/18 00:40:55 | 000,525,824 | ---- | C] () -- C:\Users\SamT\Desktop\dds.scr

[2010/06/18 00:25:49 | 000,293,376 | ---- | C] () -- C:\Users\SamT\Desktop\lp81r92c.exe

[2010/06/18 00:17:44 | 000,000,000 | ---- | C] () -- C:\Users\SamT\defogger_reenable

[2010/06/18 00:16:53 | 000,050,477 | ---- | C] () -- C:\Users\SamT\Desktop\Defogger.exe

[2010/06/17 23:35:21 | 000,038,492 | ---- | C] () -- C:\Users\SamT\Desktop\PV schematic.PNG

[2010/06/17 22:45:36 | 000,058,447 | ---- | C] () -- C:\Users\SamT\Desktop\Inverter efficiency.pdf

[2010/06/16 12:09:31 | 000,938,288 | ---- | C] () -- C:\Users\SamT\Desktop\16062010379.jpg

[2010/06/16 12:09:31 | 000,869,125 | ---- | C] () -- C:\Users\SamT\Desktop\16062010380.jpg

[2010/06/15 11:17:55 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk

[2010/06/13 20:15:16 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job

[2010/06/13 20:15:13 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\RegCure.job

[2010/06/13 20:15:11 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk

[2010/06/13 16:03:52 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/06 13:42:27 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/06/04 10:52:39 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/05/31 11:46:24 | 000,000,989 | ---- | C] () -- C:\Users\SamT\Desktop\Hafod yr Afra - Shortcut.lnk

[2010/05/26 12:01:53 | 000,001,295 | ---- | C] () -- C:\Users\SamT\Desktop\PV - Shortcut.lnk

[2010/05/19 19:24:54 | 000,008,192 | ---- | C] () -- C:\Users\SamT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/17 13:14:45 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2010/04/27 13:02:45 | 010,500,792 | ---- | C] () -- C:\Windows\simsun.ttc

[2010/04/23 11:30:24 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[2010/04/07 12:12:00 | 000,017,151 | ---- | C] () -- C:\Users\SamT\Documents\AGM notes.docx

[2010/03/30 10:10:34 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk

[2010/03/29 21:58:19 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk

[2010/03/21 21:44:23 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk

[2010/01/31 15:45:25 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2009/12/23 20:59:13 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009/12/23 20:59:13 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009/12/07 22:19:36 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll

[2009/12/07 19:30:04 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI

[2009/09/28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2001/10/16 22:17:44 | 000,000,905 | ---- | C] () -- C:\Windows\IAGB5b.ini

[2001/10/16 22:17:28 | 000,000,899 | ---- | C] () -- C:\Windows\IAGB5.ini

========== LOP Check ==========

[2010/02/06 15:30:06 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Ambient Design

[2010/03/29 21:58:23 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/03/31 22:24:25 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Canon

[2010/02/10 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Flickr

[2010/01/08 13:29:29 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Leadertech

[2010/06/13 18:28:15 | 000,000,000 | -HSD | M] -- C:\Users\SamT\AppData\Roaming\lowsec

[2010/03/09 12:21:31 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Nokia

[2010/01/08 20:27:17 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\PC Suite

[2009/12/07 19:29:56 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\ScanSoft

[2010/02/12 16:55:33 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\SmartDraw

[2010/04/16 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Vso

[2009/12/07 19:11:20 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\WTouch

[2010/05/10 11:37:02 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\www.nerdoftheherd.com

[2010/06/06 13:42:27 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2010/06/16 17:00:02 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job

[2010/06/13 20:34:50 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\RegCure.job

[2010/05/13 11:13:54 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

[sjpritch25]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  O4 - HKCU..\Run: [svchost] C:\Users\SamT\AppData\Local\Temp\svchost.exe File not found
  O4 - HKCU..\Run: [Tuxc] C:\Users\SamT\AppData\Roaming\netid3.DLL (Microsoft Corporation)
  :files
  C:\Users\SamT\AppData\Roaming\netid3.DLL
  :commands
  [emptytemp]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

[SamT]

reboot log..

Quick scan just running..

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\svchost deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Tuxc deleted successfully.

C:\Users\SamT\AppData\Roaming\netid3.dll moved successfully.

========== FILES ==========

File\Folder C:\Users\SamT\AppData\Roaming\netid3.DLL not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: doctemp

User: Public

User: SamT

->Temp folder emptied: 1393163 bytes

->Temporary Internet Files folder emptied: 191022 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 23846297 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 631 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 608 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 24.00 mb

OTL by OldTimer - Version 3.2.6.0 log created on 06182010_165742

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[SamT]

Here it is...

OTL logfile created on: 18/06/2010 17:11:13 - Run 3

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\SamT\Desktop

An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.46 Gb Total Space | 27.96 Gb Free Space | 20.49% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.73 Gb Free Space | 57.28% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: SAMT-LAPTOP

Current User Name: SamT

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Minimal

Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\SamT\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)

PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)

PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)

PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)

PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Kanguru\AssistantServices.exe ()

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Modules (SafeList) ==========

MOD - C:\Users\SamT\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)

MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\RpcRtRemote.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptsp.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)

SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (UI Assistant Service) -- C:\Program Files\Kanguru\AssistantServices.exe ()

SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)

DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)

DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)

DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)

DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)

DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)

DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)

DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)

DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)

DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (WacomVTHid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)

DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)

DRV - (TfBulk) -- C:\Windows\System32\drivers\TfBulk.SYS (Topfield (visit www.topfield.co.kr))

DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)

DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 48 84 0D 40 77 CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072

FF - prefs.js..extensions.enabledItems: {1BCA7BD8-8977-11DC-A9BD-548555D89593}:1.5

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1

FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.3

FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.0a3

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/08 11:19:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/04 10:48:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/04 10:48:53 | 000,000,000 | ---D | M]

[2010/02/10 14:08:37 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Extensions

[2010/02/10 14:08:37 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com

[2009/12/07 15:10:09 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\b1znzzoo.default\extensions

[2010/06/18 00:22:01 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions

[2009/12/07 15:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\{1BCA7BD8-8977-11DC-A9BD-548555D89593}

[2010/03/01 15:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\{1BCA7BD8-8977-11DC-A9BD-548555D89593}-trash

[2010/04/29 15:00:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/12/07 15:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

[2009/12/07 15:31:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2010/05/08 08:13:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/12/07 15:31:53 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2008/01/31 17:37:03 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\en-US@dictionaries.addons.mozilla.org

[2010/05/08 08:13:46 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\zotero@chnm.gmu.edu

[2010/03/21 16:30:10 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Mozilla\Firefox\Profiles\cfyi8mkt.default\extensions\zoteroWinWordIntegration@zotero.org

[2010/04/02 15:17:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/03/12 23:59:08 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010/03/12 23:59:08 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2010/03/12 23:59:08 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2010/03/12 23:59:08 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.222.220

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/06/18 17:11:53 | 000,020,934 | ---- | M] () - C:\Autoztemon.txt -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/18 16:16:15 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/06/18 13:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\PVsyst5

[2010/06/18 13:56:18 | 028,910,106 | ---- | C] (ISE - University of Geneva) -- C:\Users\SamT\Desktop\PVsyst5_12_setup.exe

[2010/06/18 09:18:33 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\SamT\Desktop\OTL.exe

[2010/06/15 11:20:06 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Local\Canon Easy-PhotoPrint EX

[2010/06/13 20:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure

[2010/06/13 20:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure

[2010/06/13 20:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010/06/13 20:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

[2010/06/13 16:04:02 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Roaming\Malwarebytes

[2010/06/13 16:03:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/06/13 16:03:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/06/13 16:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/06/13 16:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/06/06 09:49:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

[2010/06/04 18:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Topfield

[2010/06/04 10:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/06/04 10:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/06/04 10:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/06/04 10:48:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/06/02 14:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/06/02 14:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/06/02 13:09:29 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/06/02 13:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2010/06/02 13:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2010/06/02 12:55:08 | 000,000,000 | -HSD | C] -- C:\Users\SamT\AppData\Roaming\lowsec

[2010/06/02 11:22:33 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Roaming\Avira

[2010/06/02 11:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Identities

[2010/05/26 11:00:43 | 000,000,000 | ---D | C] -- C:\Users\SamT\Desktop\Bagshawemoosespinchofsalt_3d

[2010/05/24 13:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\PanaVue

[2010/05/14 08:53:06 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2010/05/10 19:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\RarZilla Free Unrar

[2010/05/10 11:40:29 | 000,000,000 | ---D | C] -- C:\Users\SamT\Documents\Downloaded Radio

[2010/05/10 11:37:02 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Roaming\www.nerdoftheherd.com

[2010/05/10 11:37:01 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Local\www.nerdoftheherd.com

[2010/05/10 11:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Radio Downloader

[2010/04/27 13:02:50 | 000,110,080 | ---- | C] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbnet.sys

[2010/04/27 13:02:50 | 000,105,344 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys

[2010/04/27 13:02:50 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys

[2010/04/27 13:02:50 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys

[2010/04/27 13:02:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\SupportAppCB

[2010/04/27 13:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Kanguru

[2010/04/23 11:30:24 | 000,136,704 | ---- | C] (Ligos Corporation) -- C:\Windows\System32\iacenc.dll

[2010/04/23 11:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ligos

[2010/04/23 09:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ordnance Survey

[2010/04/09 14:59:41 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Roaming\DivX

[2010/04/09 14:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine

[2010/04/09 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared

[2010/04/09 14:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2010/04/09 14:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2010/04/03 21:39:48 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Local\Yahoo!

[2010/04/02 15:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/04/02 15:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/04/02 15:06:07 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys

[2010/04/02 15:06:07 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys

[2010/04/02 09:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop

[2010/03/31 02:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl

[2010/03/30 10:14:21 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Roaming\Google

[2010/03/30 10:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

[2010/03/29 22:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Memory-Map

[2010/03/29 22:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2010/03/29 21:58:23 | 000,000,000 | ---D | C] -- C:\Users\SamT\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/03/29 21:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2010/03/21 21:44:04 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information

[2010/03/21 21:43:35 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ

[1 C:\Users\SamT\Desktop\*.tmp files -> C:\Users\SamT\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/18 17:13:23 | 004,456,448 | -HS- | M] () -- C:\Users\SamT\ntuser.dat

[2010/06/18 17:08:34 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/18 17:08:34 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/18 17:05:32 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/06/18 17:05:32 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/06/18 17:05:32 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/06/18 17:01:18 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/18 17:01:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/06/18 17:01:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/18 17:01:01 | 1602,781,184 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/18 17:00:00 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job

[2010/06/18 16:36:00 | 000,040,960 | ---- | M] () -- C:\Users\SamT\Desktop\REBE_Thesis_Proposal_Template_v1_2010_03_10.doc

[2010/06/18 16:35:48 | 000,114,176 | ---- | M] () -- C:\Users\SamT\Desktop\thesis_catalogue_july09.xls

[2010/06/18 16:14:36 | 000,023,079 | ---- | M] () -- C:\Users\SamT\Desktop\Capture.PNG

[2010/06/18 16:11:34 | 001,478,810 | -H-- | M] () -- C:\Users\SamT\AppData\Local\IconCache.db

[2010/06/18 15:18:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/18 14:27:29 | 001,366,411 | ---- | M] () -- C:\Users\SamT\Desktop\CTL085.pdf

[2010/06/18 13:59:34 | 000,001,831 | ---- | M] () -- C:\Users\SamT\Desktop\PVSYST5_0.lnk

[2010/06/18 13:58:59 | 028,910,106 | ---- | M] (ISE - University of Geneva) -- C:\Users\SamT\Desktop\PVsyst5_12_setup.exe

[2010/06/18 09:18:40 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\SamT\Desktop\OTL.exe

[2010/06/18 01:40:26 | 000,000,996 | ---- | M] () -- C:\Users\SamT\Desktop\ark.zip

[2010/06/18 01:08:25 | 000,004,094 | ---- | M] () -- C:\Users\SamT\Desktop\Attach.zip

[2010/06/18 01:07:26 | 305,602,666 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/06/18 01:01:47 | 000,525,824 | ---- | M] () -- C:\Users\SamT\Desktop\dds.scr

[2010/06/18 00:25:50 | 000,293,376 | ---- | M] () -- C:\Users\SamT\Desktop\lp81r92c.exe

[2010/06/18 00:17:44 | 000,000,000 | ---- | M] () -- C:\Users\SamT\defogger_reenable

[2010/06/18 00:16:56 | 000,050,477 | ---- | M] () -- C:\Users\SamT\Desktop\Defogger.exe

[2010/06/17 23:35:22 | 000,038,492 | ---- | M] () -- C:\Users\SamT\Desktop\PV schematic.PNG

[2010/06/17 22:45:37 | 000,058,447 | ---- | M] () -- C:\Users\SamT\Desktop\Inverter efficiency.pdf

[2010/06/16 09:35:08 | 000,869,125 | ---- | M] () -- C:\Users\SamT\Desktop\16062010380.jpg

[2010/06/16 09:34:58 | 000,938,288 | ---- | M] () -- C:\Users\SamT\Desktop\16062010379.jpg

[2010/06/15 11:17:55 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk

[2010/06/15 11:16:20 | 002,069,840 | ---- | M] () -- C:\Users\SamT\Desktop\mp600rndwin256_ntwin256en.exe

[2010/06/13 20:34:50 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\RegCure.job

[2010/06/13 20:15:11 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk

[2010/06/13 16:03:52 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/12 03:28:27 | 001,764,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/06/06 13:42:27 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/06/04 10:52:39 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/06/02 13:09:27 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/05/31 11:46:24 | 000,000,989 | ---- | M] () -- C:\Users\SamT\Desktop\Hafod yr Afra - Shortcut.lnk

[2010/05/26 12:01:53 | 000,001,295 | ---- | M] () -- C:\Users\SamT\Desktop\PV - Shortcut.lnk

[2010/05/19 19:25:03 | 000,008,192 | ---- | M] () -- C:\Users\SamT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/17 13:14:45 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/04/27 20:16:12 | 000,110,064 | ---- | M] () -- C:\Users\SamT\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/04/23 13:03:06 | 000,000,905 | ---- | M] () -- C:\Windows\IAGB5b.ini

[2010/04/23 13:03:06 | 000,000,235 | ---- | M] () -- C:\Windows\system.ini

[2010/04/23 09:37:43 | 000,000,899 | ---- | M] () -- C:\Windows\IAGB5.ini

[2010/04/16 17:41:07 | 000,087,608 | ---- | M] () -- C:\Users\SamT\AppData\Roaming\inst.exe

[2010/04/16 17:41:07 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\SamT\AppData\Roaming\pcouffin.sys

[2010/04/16 17:41:07 | 000,007,887 | ---- | M] () -- C:\Users\SamT\AppData\Roaming\pcouffin.cat

[2010/04/16 17:41:07 | 000,001,144 | ---- | M] () -- C:\Users\SamT\AppData\Roaming\pcouffin.inf

[2010/04/09 13:54:51 | 000,017,151 | ---- | M] () -- C:\Users\SamT\Documents\AGM notes.docx

[2010/04/02 09:55:05 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk

[2010/03/31 02:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl

[2010/03/30 10:10:34 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk

[2010/03/21 21:44:23 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk

[1 C:\Users\SamT\Desktop\*.tmp files -> C:\Users\SamT\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/18 16:36:00 | 000,040,960 | ---- | C] () -- C:\Users\SamT\Desktop\REBE_Thesis_Proposal_Template_v1_2010_03_10.doc

[2010/06/18 16:35:46 | 000,114,176 | ---- | C] () -- C:\Users\SamT\Desktop\thesis_catalogue_july09.xls

[2010/06/18 16:14:36 | 000,023,079 | ---- | C] () -- C:\Users\SamT\Desktop\Capture.PNG

[2010/06/18 14:27:20 | 001,366,411 | ---- | C] () -- C:\Users\SamT\Desktop\CTL085.pdf

[2010/06/18 13:59:38 | 000,000,018 | ---- | C] () -- C:\Windows\VS50LP.BMP

[2010/06/18 13:59:34 | 000,001,831 | ---- | C] () -- C:\Users\SamT\Desktop\PVSYST5_0.lnk

[2010/06/18 01:40:26 | 000,000,996 | ---- | C] () -- C:\Users\SamT\Desktop\ark.zip

[2010/06/18 01:08:25 | 000,004,094 | ---- | C] () -- C:\Users\SamT\Desktop\Attach.zip

[2010/06/18 00:40:55 | 000,525,824 | ---- | C] () -- C:\Users\SamT\Desktop\dds.scr

[2010/06/18 00:25:49 | 000,293,376 | ---- | C] () -- C:\Users\SamT\Desktop\lp81r92c.exe

[2010/06/18 00:17:44 | 000,000,000 | ---- | C] () -- C:\Users\SamT\defogger_reenable

[2010/06/18 00:16:53 | 000,050,477 | ---- | C] () -- C:\Users\SamT\Desktop\Defogger.exe

[2010/06/17 23:35:21 | 000,038,492 | ---- | C] () -- C:\Users\SamT\Desktop\PV schematic.PNG

[2010/06/17 22:45:36 | 000,058,447 | ---- | C] () -- C:\Users\SamT\Desktop\Inverter efficiency.pdf

[2010/06/16 12:09:31 | 000,938,288 | ---- | C] () -- C:\Users\SamT\Desktop\16062010379.jpg

[2010/06/16 12:09:31 | 000,869,125 | ---- | C] () -- C:\Users\SamT\Desktop\16062010380.jpg

[2010/06/15 11:17:55 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk

[2010/06/13 20:15:16 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job

[2010/06/13 20:15:13 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\RegCure.job

[2010/06/13 20:15:11 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk

[2010/06/13 16:03:52 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/06 13:42:27 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/06/04 10:52:39 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/05/31 11:46:24 | 000,000,989 | ---- | C] () -- C:\Users\SamT\Desktop\Hafod yr Afra - Shortcut.lnk

[2010/05/26 12:01:53 | 000,001,295 | ---- | C] () -- C:\Users\SamT\Desktop\PV - Shortcut.lnk

[2010/05/19 19:24:54 | 000,008,192 | ---- | C] () -- C:\Users\SamT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/17 13:14:45 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2010/04/27 13:02:45 | 010,500,792 | ---- | C] () -- C:\Windows\simsun.ttc

[2010/04/23 11:30:24 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[2010/04/07 12:12:00 | 000,017,151 | ---- | C] () -- C:\Users\SamT\Documents\AGM notes.docx

[2010/03/30 10:10:34 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk

[2010/03/29 21:58:19 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk

[2010/03/21 21:44:23 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Canon IJ Network Tool.lnk

[2010/01/31 15:45:25 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2009/12/23 20:59:13 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009/12/23 20:59:13 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009/12/07 22:19:36 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll

[2009/12/07 19:30:04 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI

[2009/09/28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2001/10/16 22:17:44 | 000,000,905 | ---- | C] () -- C:\Windows\IAGB5b.ini

[2001/10/16 22:17:28 | 000,000,899 | ---- | C] () -- C:\Windows\IAGB5.ini

========== LOP Check ==========

[2010/02/06 15:30:06 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Ambient Design

[2010/03/29 21:58:23 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2010/03/31 22:24:25 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Canon

[2010/02/10 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Flickr

[2010/01/08 13:29:29 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Leadertech

[2010/06/13 18:28:15 | 000,000,000 | -HSD | M] -- C:\Users\SamT\AppData\Roaming\lowsec

[2010/03/09 12:21:31 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Nokia

[2010/01/08 20:27:17 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\PC Suite

[2009/12/07 19:29:56 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\ScanSoft

[2010/02/12 16:55:33 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\SmartDraw

[2010/04/16 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\Vso

[2009/12/07 19:11:20 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\WTouch

[2010/05/10 11:37:02 | 000,000,000 | ---D | M] -- C:\Users\SamT\AppData\Roaming\www.nerdoftheherd.com

[2010/06/06 13:42:27 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2010/06/18 17:00:00 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job

[2010/06/13 20:34:50 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\RegCure.job

[2010/05/13 11:13:54 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

[SamT]

Cheers for you help so far..

got a meeting for a couple of hours - so i'll be back later...

cheers

[SamT]

I'm back if you've got any more tasks/info.

[SamT]

Hi - Am I all done ????

can I run the DeFogger app now to re-enable ??

[sjpritch25]

Sorry for the late reply.

Open OTL.exe and click on the Cleanup icon.

Everything still running okay?

[SamT]

yep, all seems to be running OK.

MBAM doesn't detect FakeAlert anymore.

Ran OTL cleanup, reboot and noticed its deleted itself.

Guess all is hunky dory.

Do I need to run DeFogger now to re-enable.

[sjpritch25]

yes

Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:

1. Go to Start > Programs > Accessories > System Tools and click "System Restore".

2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

======================================

Here is some useful information on keeping your computer clean:

1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update
   
2. How to update Adobe Acrobat Reader
   
   1. 
      
   2. On your desktop, double-click on your Adobe icon.
      
   3. Click on Help.
      
   4. Click on Check for Updates.
      
   5. Visit my blog Here to view the video.
      
      
   6. How to update Jave SE Runtime
      
      1. Go to Start.
         
      2. Click on Control Panel
         
      3. Double-Click on the Java icon.
         
      4. Click on Update tab
         
      5. Click on Update Now.
         
      6. Visit my blog Here to view the video.
         

[*]Check out Tony Klein's "So how did i get infected in the first place" here

[SamT]

sjpritch25 - you are a star - thanks for all your help, all seems to be working well.

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!