Solved Vista will not boot to normal mode

broni · 2011/05/11

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

GRAHAM WESTON · 2011/05/12

extras.txt as requested

OTL Extras logfile created on: 12/05/2011 2:48:29 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\GRAHAM\Desktop\Virus removal
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 89.00% Memory free
12.00 Gb Paging File | 12.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.93 Gb Total Space | 258.51 Gb Free Space | 28.16% Space Free | Partition Type: NTFS
Drive D: | 13.58 Gb Total Space | 1.88 Gb Free Space | 13.86% Space Free | Partition Type: NTFS

Computer Name: KIUNGA | User Name: GRAHAM | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-510558852-3015631652-3840189454-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 49 F1 C0 1E 5A 14 CB 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0321F75A-C9DB-4603-B7D5-96F85BFF5255}" = lport=138 | protocol=17 | dir=in | app=system |
"{29495977-BF5B-4472-980B-9C82C5C72612}" = rport=445 | protocol=6 | dir=out | app=system |
"{35185C3E-E8A1-4F52-89A4-ACF4A90FDE2A}" = rport=139 | protocol=6 | dir=out | app=system |
"{3DF22874-9A9F-411F-BF28-CFC1C37EB38F}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9F71972-60B5-444A-98A6-97747F831C70}" = lport=137 | protocol=17 | dir=in | app=system |
"{C5B0747B-977C-4614-8B6C-201C6D2AE80B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{C5C88D11-099F-4ABF-BAF3-07B1259BED20}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D0B4124A-D64A-442F-B608-3673CEAEA2EF}" = rport=138 | protocol=17 | dir=out | app=system |
"{D4C3B485-592C-49B2-BC7A-20F2029A318A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D85A78F0-1B2F-45C3-BA8A-C1CBA667D97C}" = lport=445 | protocol=6 | dir=in | app=system |
"{F32CD0B1-C66A-4C4F-B8D4-5AD84C683BD4}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01087FDD-CAAF-46EB-818A-DCDA88A0ED63}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{0709B009-E7EB-4E56-88FB-203B64D3F900}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0CB144AC-9EAE-4A0F-8EE1-7BAEE5E2A153}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{14292391-AE06-492B-81CA-83AB4E675687}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1721712B-FC7B-4FD7-A9B6-4FFB1E9FBBAA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1CDCBF88-5FF0-4A00-9EE6-9444EBD54D01}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1DC1B2F2-AD05-42CC-ACCD-3BDDFD66172D}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{3DC7C3E3-0E1F-468A-9433-8E3715260F26}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{40E49D1C-3F09-4C30-B63D-EDD3185EC4BA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{535E7028-78FC-403F-A5AD-9D2D874C19AF}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{56F335FD-98AD-49CA-BDCB-33373649D3BF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{5AA30B1F-7422-42B9-8C57-3E7D10B363E3}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{5E9AF507-D3B9-436E-B794-A7F07DC659CA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{6AB33804-604E-47AD-91D4-ABACCF2C7799}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{6CB94E19-6A29-4C46-B4F2-206662726265}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{6F2367F6-6567-4632-9458-D3453418C775}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6F9BEFB2-A44F-4480-95A2-799074912D85}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{86891F7A-5F80-4BBC-84C2-4A7900447D15}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{90B282BD-6693-4CB4-A177-94EB15912CFC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{90C5B883-A311-4242-A499-845F5B0DCFC4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A272ADDD-13AB-4BE5-B35B-A9A47828B478}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A3797AF1-4315-4419-84C2-71C618C0F13A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{A98F6622-E84A-42DB-94CD-362604FABED6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{B156773C-2DFE-4EE9-9047-14218EB01D0F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C01A99D3-17CC-42F4-85AE-1EEA944DA07C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{C0673B0A-9CA9-4865-8C66-E347FDCCDDB0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{CAA46AB4-5F9E-48AB-81E3-36553AC0D684}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D3E58D74-605D-46B9-AA21-F43BFBC52CC9}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{E0792A12-BBCF-499A-869F-FAEBBD30065C}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{E2C15D17-1203-48BB-8444-819DF63C59B7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E720F077-29AE-465D-BE48-B0009356F3A2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{F2FF1A4B-93AA-4901-ABE5-C15597984FE3}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{F9104BBA-1264-49D4-ADC0-4457B03B983D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{FB048895-399B-469B-B2C1-1E0F391EFE0A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"TCP Query User{D91DCE64-0913-45CC-BF1D-D0206B7CDD4B}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{C67B6064-FE66-4FCE-B94B-F222B7334B36}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON TX110 Series" = EPSON TX110 Series Printer Uninstall
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B72D50-1C7E-491C-8086-9E060051D316}" = Manual CanoScan LiDE 60
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{290CA856-3737-4874-864B-BA142F4823C8}_is1" = HP MediaSmart Demo
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58D4FB3A-98E9-4B9B-B01E-7F005AEFE019}" = USB 2.0 PC CAMERA
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skypeâ„¢ 4.2
"{62257E78-D1FB-44D9-A155-764B3F7BB76F}_is1" = Disk Doctors Photo Recovery (Win)
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1" = HP Easy Backup
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{72FD5F2E-1F7A-4E9B-8838-29E842E178CD}" = Join Me
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Telstra Turbo Connection Manager
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FC434F-9950-487C-82F1-E1515FA70DA4}" = ArcSoft ShowBiz DVD 2
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD8E6D29-95EC-494E-8AF5-566E784819A6}" = Ulead Data-Add 2.0
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B86C9440-82D7-423C-9FEC-6CB3092D1AA4}" = Bing Bar Platform
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C7D89BBE-D4B3-49E8-B185-7966B5345866}" = Ulead DVD MovieFactory 3.5 Suite
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CFB75739-90E3-4D26-83B5-25CA8262A991}" = USB Audio/Video Driver
"{D33FA41A-9E9C-4912-A67B-D89259620E17}" = Bitser Beta
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1" = Uniblue SystemTweaker
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F827B95C-1BF5-43B4-9E26-CDC596ECE3AE}" = HP Demo
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Toolbar" = AOL Toolbar 5.0
"AP PDF Password Recovery_is1" = AP PDF Password Recovery v3.0.0
"AVerMedia MCE Encoder x64" = AVerMedia MCE Encoder x64 3.0.1.6
"BitTorrent" = BitTorrent
"BurnAware Free_is1" = BurnAware Free 3.1.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVDFab 7_is1" = DVDFab 7.0.9.3 (08/08/2010)
"DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011)
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX110_TX110 User’s Guide" = Epson Stylus SX110_TX110 Manual
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressZip" = Express Zip File Compression Software
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NIS" = Norton Internet Security
"Office8.0" = Microsoft Office 97, Professional Edition
"pywin32-py2.6" = Python 2.6 pywin32-212
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo!7 Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo!7 Messenger" = Yahoo!7 Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/05/2011 6:40:14 AM | Computer Name = KIUNGA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/05/2011 6:40:14 AM | Computer Name = KIUNGA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15132

Error - 4/05/2011 6:40:14 AM | Computer Name = KIUNGA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15132

Error - 4/05/2011 6:40:15 AM | Computer Name = KIUNGA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/05/2011 6:40:15 AM | Computer Name = KIUNGA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16131

Error - 4/05/2011 6:40:15 AM | Computer Name = KIUNGA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16131

Error - 4/05/2011 6:40:16 AM | Computer Name = KIUNGA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/05/2011 6:40:16 AM | Computer Name = KIUNGA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17145

Error - 4/05/2011 6:40:16 AM | Computer Name = KIUNGA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17145

Error - 4/05/2011 6:21:14 PM | Computer Name = KIUNGA | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 15/02/2011 7:23:23 AM | Computer Name = KIUNGA | Source = ehRecvr | ID = 4
Description =

[ System Events ]
Error - 23/10/2010 10:56:22 PM | Computer Name = KIUNGA | Source = Service Control Manager | ID = 7009
Description =

Error - 23/10/2010 10:56:22 PM | Computer Name = KIUNGA | Source = Service Control Manager | ID = 7000
Description =

Error - 26/10/2010 5:56:12 PM | Computer Name = KIUNGA | Source = DCOM | ID = 10016
Description =

Error - 26/10/2010 5:56:12 PM | Computer Name = KIUNGA | Source = DCOM | ID = 10016
Description =

Error - 27/10/2010 1:15:56 PM | Computer Name = KIUNGA | Source = Service Control Manager | ID = 7034
Description =

Error - 27/10/2010 1:16:51 PM | Computer Name = KIUNGA | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 27/10/2010 1:16:51 PM | Computer Name = KIUNGA | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ULCDRHlp.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 27/10/2010 1:16:58 PM | Computer Name = KIUNGA | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\USIUDF.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 27/10/2010 1:19:22 PM | Computer Name = KIUNGA | Source = Service Control Manager | ID = 7026
Description =

Error - 27/10/2010 1:19:22 PM | Computer Name = KIUNGA | Source = Service Control Manager | ID = 7011
Description =

< End of report >

GRAHAM WESTON · 2011/05/12

otlx.txt as requested.

OTL logfile created on: 12/05/2011 2:48:29 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\GRAHAM\Desktop\Virus removal
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 89.00% Memory free
12.00 Gb Paging File | 12.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.93 Gb Total Space | 258.51 Gb Free Space | 28.16% Space Free | Partition Type: NTFS
Drive D: | 13.58 Gb Total Space | 1.88 Gb Free Space | 13.86% Space Free | Partition Type: NTFS

Computer Name: KIUNGA | User Name: GRAHAM | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 14:47:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\GRAHAM\Desktop\Virus removal\OTL.exe

========== Modules (SafeList) ==========

MOD - [2011/05/12 14:47:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\GRAHAM\Desktop\Virus removal\OTL.exe
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/01/21 12:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/01/28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/21 07:03:39 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/03/30 14:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/09 12:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/30 17:59:26 | 000,192,512 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2004/03/13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/09 23:03:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/07/16 15:42:04 | 000,053,704 | R--- | M] (usb camera) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbcamcl.sys -- (usbcamcl)
DRV:64bit: - [2010/06/01 21:41:37 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/06/01 21:41:22 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2010/06/01 21:41:22 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2010/05/15 08:02:14 | 006,465,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2010/05/15 08:00:52 | 000,329,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/01/28 07:25:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/01/25 14:03:28 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zgwhsmdm.sys -- (zgwhsmdm)
DRV:64bit: - [2010/01/21 07:03:40 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2010/01/21 07:03:40 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2010/01/21 07:03:40 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2010/01/21 07:03:40 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2010/01/21 07:03:40 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2010/01/21 07:03:39 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2010/01/21 07:03:39 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/12/31 14:04:08 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zgwhsnmea.sys -- (zgwhsnmea)
DRV:64bit: - [2009/12/31 14:03:58 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zgwhsdiag.sys -- (zgwhsdiag)
DRV:64bit: - [2009/10/01 10:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/24 07:36:52 | 000,626,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/19 03:04:00 | 000,487,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVer888RC_64.sys -- (AVER_H193)
DRV:64bit: - [2009/02/19 03:03:12 | 000,037,888 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AVer888RCIR_64.sys -- (CXCIR)
DRV:64bit: - [2009/02/12 15:11:26 | 000,026,024 | ---- | M] (EldoS Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dddskx64.sys -- (ElRawDisk)
DRV:64bit: - [2009/01/21 00:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/08/12 10:27:14 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2008/04/19 06:05:38 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2008/04/19 06:05:38 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2008/04/19 06:05:38 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2008/01/21 12:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2007/06/21 17:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2007/01/26 16:49:32 | 012,323,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV:64bit: - [2007/01/12 20:28:06 | 000,077,312 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2006/09/19 07:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2011/03/15 04:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110429.002\IDSviA64.sys -- (IDSVia64)
DRV - [2010/05/31 18:23:32 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/31 18:23:32 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/09 14:26:06 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/01/12 00:49:44] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2007/01/26 16:48:28 | 012,028,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2004/05/29 08:30:46 | 000,292,288 | ---- | M] (Ulead Systems, Inc.) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\USIUDF.sys -- (USIUDF)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=93&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=93&bd=Pavilion&pf=cndt

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-510558852-3015631652-3840189454-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-510558852-3015631652-3840189454-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
IE - HKU\S-1-5-21-510558852-3015631652-3840189454-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-510558852-3015631652-3840189454-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/06/02 00:02:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/04/11 03:01:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/04/11 03:01:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/11 00:16:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/30 16:29:55 | 000,000,000 | ---D | M]

[2011/04/21 20:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GRAHAM\AppData\Roaming\Mozilla\Extensions
[2011/05/11 00:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/01 23:44:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/07 23:31:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/02/28 14:48:22 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011/02/28 14:48:22 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
[2010/06/03 03:01:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/06/14 08:50:00 | 002,176,049 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\components\1399311.dll
[2011/04/15 02:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/07 19:43:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo!7 Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\S-1-5-21-510558852-3015631652-3840189454-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-510558852-3015631652-3840189454-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-510558852-3015631652-3840189454-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-510558852-3015631652-3840189454-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4:64bit: - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USIUDF_Eject_Monitor] C:\Program Files (x86)\Common Files\Ulead Systems\DVD\USISrv.exe (Ulead Systems)
O4 - HKU\S-1-5-21-510558852-3015631652-3840189454-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-510558852-3015631652-3840189454-1000..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4:64bit: - HKLM..\RunOnce: [snp2std] C:\Windows\SysNative\csnp2std.dll ( )
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\GRAHAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Users\GRAHAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-510558852-3015631652-3840189454-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-510558852-3015631652-3840189454-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-510558852-3015631652-3840189454-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.I420 - File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.MP42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 01:14:28 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\hmmm
[2011/05/12 01:02:39 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\AppData\Local\Yahoo
[2011/05/12 01:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/05/12 01:00:37 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\AppData\Roaming\Yahoo!
[2011/05/12 01:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo!7 Messenger
[2011/05/12 01:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/05/12 00:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2011/05/08 22:12:44 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\AppData\Roaming\ImgBurn
[2011/05/08 21:44:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/08 21:44:01 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\vista repair disk
[2011/05/08 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/05/08 21:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2011/05/08 20:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/05/07 19:44:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/07 19:44:42 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\AppData\Local\temp
[2011/05/07 19:38:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/07 19:38:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/07 19:38:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/07 19:38:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/07 19:38:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/07 19:38:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/07 19:38:11 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/06 22:03:13 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\AppData\Roaming\Malwarebytes
[2011/05/06 22:03:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/06 22:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/06 22:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/06 22:03:01 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/06 22:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/06 21:49:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/05/06 21:41:46 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\Virus removal
[2011/05/06 21:30:20 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\txt files
[2011/05/05 21:18:39 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2011/05/03 22:31:47 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\Business Visa
[2011/05/03 22:31:27 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\Business cheque account
[2011/05/03 14:32:59 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\passport pix
[2011/05/01 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\St George Stove Oven
[2011/04/30 20:45:24 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\Christening
[2011/04/30 20:23:44 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\genset
[2011/04/21 20:50:57 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\AppData\Roaming\Mozilla
[2011/04/16 20:03:05 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\LG Fridge GR-282SF
[2011/04/16 19:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\LizardTech
[2011/04/12 19:52:57 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\dance pix and video
[2010/08/09 23:03:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\GRAHAM\AppData\Roaming\pcouffin.sys
[2010/06/01 21:36:06 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll

========== Files - Modified Within 30 Days ==========

[2011/05/12 10:07:53 | 000,001,460 | ---- | M] () -- C:\Users\GRAHAM\AppData\Local\d3d9caps64.dat
[2011/05/12 03:16:23 | 000,001,356 | ---- | M] () -- C:\Users\GRAHAM\AppData\Local\d3d9caps.dat
[2011/05/12 01:00:26 | 000,000,998 | ---- | M] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo!7 Messenger.lnk
[2011/05/11 00:16:29 | 000,000,914 | ---- | M] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/11 00:16:29 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/11 00:05:22 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/11 00:05:22 | 000,607,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/11 00:05:22 | 000,107,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/11 00:01:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/10 23:56:48 | 000,271,526 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/10 23:56:48 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/10 23:56:48 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/05/10 23:56:46 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/10 23:56:46 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 22:31:17 | 000,426,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/08 21:22:17 | 000,001,730 | ---- | M] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/08 21:22:17 | 000,001,706 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/05/07 19:43:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/05/07 19:29:02 | 000,001,757 | ---- | M] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Defender.lnk
[2011/05/07 09:09:38 | 000,000,024 | ---- | M] () -- C:\Users\GRAHAM\Documents\MyZip (5).zip
[2011/05/06 22:03:05 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/05 20:35:49 | 000,271,526 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/30 23:47:33 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 23:47:17 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/04/30 23:15:32 | 000,002,613 | ---- | M] () -- C:\Users\GRAHAM\Desktop\Microsoft Word 2010.lnk
[2011/04/30 16:29:55 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/04/30 10:00:32 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/04/15 13:59:29 | 000,000,981 | ---- | M] () -- C:\Users\GRAHAM\Desktop\Internet Explorer.lnk
[2011/04/15 13:50:32 | 000,000,951 | ---- | M] () -- C:\Users\GRAHAM\Desktop\Internet Explorer (64-bit).lnk
[2011/04/12 21:02:03 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGRAHAM.job

========== Files Created - No Company Name ==========

[2011/05/12 01:00:26 | 000,000,998 | ---- | C] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo!7 Messenger.lnk
[2011/05/11 00:16:29 | 000,000,914 | ---- | C] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/11 00:16:29 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/11 00:16:29 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/08 21:22:17 | 000,001,730 | ---- | C] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/08 21:22:17 | 000,001,718 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/05/08 21:22:17 | 000,001,706 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/05/07 19:38:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/07 19:38:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/07 19:38:51 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/07 19:38:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/07 19:38:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/07 19:29:02 | 000,001,757 | ---- | C] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Defender.lnk
[2011/05/07 09:09:38 | 000,000,024 | ---- | C] () -- C:\Users\GRAHAM\Documents\MyZip (5).zip
[2011/05/06 22:03:05 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/05 22:01:23 | 000,001,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/04/15 13:59:29 | 000,000,981 | ---- | C] () -- C:\Users\GRAHAM\Desktop\Internet Explorer.lnk
[2011/04/15 13:50:32 | 000,000,951 | ---- | C] () -- C:\Users\GRAHAM\Desktop\Internet Explorer (64-bit).lnk
[2011/04/06 15:39:29 | 000,000,176 | ---- | C] () -- C:\Users\GRAHAM\AppData\Roaming\burnaware.ini
[2011/02/13 00:32:09 | 000,025,403 | ---- | C] () -- C:\Windows\SysWow64\drivers\afc.sys
[2011/02/07 22:19:59 | 001,427,917 | ---- | C] () -- C:\Users\GRAHAM\AppData\Local\tmpP1310001 (2).JPG
[2011/01/30 00:22:38 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\camera.ini
[2011/01/23 22:57:42 | 000,271,526 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/01/17 21:55:40 | 000,271,526 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/01/17 21:43:18 | 000,001,356 | ---- | C] () -- C:\Users\GRAHAM\AppData\Local\d3d9caps.dat
[2011/01/17 21:42:32 | 000,001,460 | ---- | C] () -- C:\Users\GRAHAM\AppData\Local\d3d9caps64.dat
[2011/01/15 20:42:29 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/13 03:20:40 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010/10/17 16:12:49 | 000,108,544 | ---- | C] () -- C:\Users\GRAHAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/09 23:03:58 | 000,007,859 | ---- | C] () -- C:\Users\GRAHAM\AppData\Roaming\pcouffin.cat
[2010/08/09 23:03:58 | 000,001,167 | ---- | C] () -- C:\Users\GRAHAM\AppData\Roaming\pcouffin.inf
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/15 18:33:48 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/06/15 18:33:48 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/15 18:33:48 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2010/06/01 23:32:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/01 23:06:53 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/06/01 23:06:53 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/06/01 23:06:53 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/06/01 23:06:53 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/06/01 23:06:53 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/06/01 23:06:53 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/06/01 23:06:53 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/06/01 23:06:53 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/06/01 23:06:53 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/06/01 23:06:53 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/06/01 23:06:53 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/06/01 23:06:53 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/06/01 23:06:53 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/06/01 23:06:53 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/06/01 23:06:53 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/06/01 23:06:53 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/06/01 23:06:53 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/06/01 23:06:53 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/06/01 23:06:53 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/06/01 22:53:53 | 000,000,556 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/06/01 21:59:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/06/01 21:59:03 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/06/01 21:58:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/06/01 21:36:06 | 012,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2010/06/01 21:36:06 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2010/06/01 21:36:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2010/05/15 07:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/05/15 07:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/05/15 07:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2009/06/23 12:18:01 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/06/22 19:09:10 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009/06/22 19:09:10 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2008/01/21 12:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/03 01:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 22:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 22:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 19:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[1996/11/21 00:00:00 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1996/11/21 00:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\WRKGADM.EXE
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1996/11/21 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

========== LOP Check ==========

[2010/09/04 21:23:00 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\Bitser Beta
[2011/05/11 06:16:28 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\BitTorrent
[2010/07/30 01:17:13 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\Canon
[2010/07/14 00:09:45 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/30 20:29:57 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\Epson
[2011/03/13 00:26:22 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\GetRightToGo
[2011/05/08 22:16:55 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\ImgBurn
[2010/06/01 22:48:23 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\InterTrust
[2010/07/18 08:31:40 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\Leadertech
[2011/02/20 01:17:56 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\OpenCandy
[2011/02/20 01:18:38 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\Reviversoft
[2010/06/01 22:53:55 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\ScanSoft
[2010/07/31 15:45:39 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\TeamViewer
[2011/03/19 00:53:39 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\Uniblue
[2010/10/17 00:53:39 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\Vso
[2010/07/18 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\WinBatch
[2011/04/30 10:00:32 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/05/10 23:56:48 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011/05/01 01:39:18 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/04/11 16:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/06/23 12:04:55 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/05/07 19:44:41 | 000,014,727 | ---- | M] () -- C:\ComboFix.txt
[2011/01/17 18:27:12 | 000,005,844 | -H-- | M] () -- C:\ffastun.ffa
[2011/01/17 18:27:12 | 001,032,192 | -H-- | M] () -- C:\ffastun.ffl
[2011/01/17 18:27:12 | 000,458,752 | -H-- | M] () -- C:\ffastun.ffo
[2011/01/17 18:27:12 | 007,639,040 | -H-- | M] () -- C:\ffastun0.ffx
[2010/08/15 21:03:14 | 000,000,250 | ---- | M] () -- C:\FINIS_IT.TXT
[2011/05/11 00:00:42 | 2460,233,727 | -HS- | M] () -- C:\pagefile.sys
[2011/05/07 09:10:55 | 000,064,214 | ---- | M] () -- C:\TDSSKiller.2.5.0.0_07.05.2011_09.10.28_log.txt
[2011/05/07 09:11:59 | 000,064,214 | ---- | M] () -- C:\TDSSKiller.2.5.0.0_07.05.2011_09.11.33_log.txt
[2009/06/22 19:46:45 | 000,000,361 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/03 01:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/03 01:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/03 01:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/06/25 21:14:42 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/19 07:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 13:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/07 19:29:02 | 000,000,358 | -HS- | M] () -- C:\Users\GRAHAM\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2007/04/10 15:06:22 | 012,333,823 | ---- | M] (Macrovision Corporation) -- C:\Users\GRAHAM\Desktop\USB20PCCam_5.7.19.000.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2004/12/09 17:23:46 | 000,013,022 | ---- | M] () -- C:\Windows\snp2std.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/05/29 14:40:52 | 000,000,402 | -HS- | M] () -- C:\Users\GRAHAM\Favorites\desktop.ini
[2011/04/30 19:37:59 | 000,000,264 | ---- | M] () -- C:\Users\GRAHAM\Favorites\NCH Audio and Telephony Software.lnk
[2011/04/30 19:37:59 | 000,000,280 | ---- | M] () -- C:\Users\GRAHAM\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/01/15 20:42:29 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/10 23:56:48 | 000,271,526 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:33FF2C1A

< End of report >

broni · 2011/05/12

First of all, I can see RegistryBooster installed and running.
That may be a part of your problem.
Please, uninstall it as soon, as possible.

Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

======================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-510558852-3015631652-3840189454-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\RunOnce: [] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-510558852-3015631652-3840189454-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:33FF2C1A

:Files
C:\Program Files (x86)\Ask.com


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

GRAHAM WESTON · 2011/05/12

Broni, the 1 st OTL txt.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-510558852-3015631652-3840189454-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry key HKEY_USERS\S-1-5-21-510558852-3015631652-3840189454-1000_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-510558852-3015631652-3840189454-1000_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
ADS C:\ProgramData\Temp:33FF2C1A deleted successfully.
========== FILES ==========
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: GRAHAM
->Temp folder emptied: 877022 bytes
->Temporary Internet Files folder emptied: 17567339 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66021977 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1732 bytes

User: GRAHAM2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2816 bytes

Total Files Cleaned = 81.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: GRAHAM
->Flash cache emptied: 0 bytes

User: GRAHAM2

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05122011_200605

Files\Folders moved on Reboot...
C:\Users\GRAHAM\AppData\Local\Temp\ppcrlui_2044_2 moved successfully.
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2664.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF266B.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF26FC.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2704.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF277D.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2785.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF27BA.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF27CC.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF27FE.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2805.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2835.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF283F.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF286A.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2872.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF289D.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF28A4.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2914.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF291B.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF294B.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2951.tmp not found!
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1W44ZCX\98899-active-vista-will-not-boot-normal-mode-2[1].html moved successfully.

Registry entries deleted on Reboot...

GRAHAM WESTON · 2011/05/12

The computer rebooted in normal mode, and was very slow. The txt file was saved, then the computer locked up. I rebooted in SAFE mode, and now i will OTL again.

GRAHAM WESTON · 2011/05/12

Broni, 2 nd txt file.

OTL logfile created on: 12/05/2011 8:27:46 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\GRAHAM\Desktop\Virus removal
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 86.00% Memory free
12.00 Gb Paging File | 11.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.93 Gb Total Space | 259.10 Gb Free Space | 28.23% Space Free | Partition Type: NTFS
Drive D: | 13.58 Gb Total Space | 1.88 Gb Free Space | 13.86% Space Free | Partition Type: NTFS

Computer Name: KIUNGA | User Name: GRAHAM | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/12 14:47:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\GRAHAM\Desktop\Virus removal\OTL.exe

========== Modules (SafeList) ==========

MOD - [2011/05/12 14:47:05 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\GRAHAM\Desktop\Virus removal\OTL.exe
MOD - [2010/09/01 01:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/01/21 12:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/01/28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/21 07:03:39 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/03/30 14:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/09 12:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/30 17:59:26 | 000,192,512 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2004/03/13 04:04:16 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/09 23:03:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/07/16 15:42:04 | 000,053,704 | R--- | M] (usb camera) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbcamcl.sys -- (usbcamcl)
DRV:64bit: - [2010/06/01 21:41:37 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/06/01 21:41:22 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2010/06/01 21:41:22 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2010/05/15 08:02:14 | 006,465,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech Webcam Pro 9000(UVC)
DRV:64bit: - [2010/05/15 08:00:52 | 000,329,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/01/28 07:25:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/01/25 14:03:28 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zgwhsmdm.sys -- (zgwhsmdm)
DRV:64bit: - [2010/01/21 07:03:40 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2010/01/21 07:03:40 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV:64bit: - [2010/01/21 07:03:40 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMFW.SYS -- (SYMFW)
DRV:64bit: - [2010/01/21 07:03:40 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV:64bit: - [2010/01/21 07:03:40 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\SymIMv.sys -- (SymIM)
DRV:64bit: - [2010/01/21 07:03:39 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2010/01/21 07:03:39 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/12/31 14:04:08 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zgwhsnmea.sys -- (zgwhsnmea)
DRV:64bit: - [2009/12/31 14:03:58 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zgwhsdiag.sys -- (zgwhsdiag)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/10/01 10:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/24 07:36:52 | 000,626,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/19 03:04:00 | 000,487,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVer888RC_64.sys -- (AVER_H193)
DRV:64bit: - [2009/02/19 03:03:12 | 000,037,888 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AVer888RCIR_64.sys -- (CXCIR)
DRV:64bit: - [2009/02/12 15:11:26 | 000,026,024 | ---- | M] (EldoS Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dddskx64.sys -- (ElRawDisk)
DRV:64bit: - [2009/01/21 00:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/08/12 10:27:14 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2008/04/19 06:05:38 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2008/04/19 06:05:38 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2008/04/19 06:05:38 | 000,118,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2008/01/21 12:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2007/06/21 17:51:46 | 000,215,808 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:32 | 000,006,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2007/06/21 17:51:30 | 000,006,144 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emScan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2007/01/26 16:49:32 | 012,323,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV:64bit: - [2007/01/12 20:28:06 | 000,077,312 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2006/09/19 07:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2011/03/15 04:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110429.002\IDSviA64.sys -- (IDSVia64)
DRV - [2010/05/31 18:23:32 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/31 18:23:32 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/09 14:26:06 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/01/12 00:49:44] [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2007/01/26 16:48:28 | 012,028,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2004/05/29 08:30:46 | 000,292,288 | ---- | M] (Ulead Systems, Inc.) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\USIUDF.sys -- (USIUDF)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=93&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=93&bd=Pavilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/06/02 00:02:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/04/11 03:01:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/04/11 03:01:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/11 00:16:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/30 16:29:55 | 000,000,000 | ---D | M]

[2011/04/21 20:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GRAHAM\AppData\Roaming\Mozilla\Extensions
[2011/05/11 00:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/01 23:44:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/07 23:31:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/02/28 14:48:22 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011/02/28 14:48:22 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
[2010/06/03 03:01:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/06/14 08:50:00 | 002,176,049 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\components\1399311.dll
[2011/04/15 02:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 18:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/07 19:43:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo!7 Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4:64bit: - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe (SONIX)
O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USIUDF_Eject_Monitor] C:\Program Files (x86)\Common Files\Ulead Systems\DVD\USISrv.exe (Ulead Systems)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\GRAHAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Users\GRAHAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/12 20:06:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/12 19:36:20 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\AppData\Local\VS Revo Group
[2011/05/12 19:36:18 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys
[2011/05/12 19:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/05/12 19:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/05/12 01:14:28 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\hmmm
[2011/05/12 01:02:39 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\AppData\Local\Yahoo
[2011/05/12 01:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/05/12 01:00:37 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\AppData\Roaming\Yahoo!
[2011/05/12 01:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo!7 Messenger
[2011/05/12 01:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/05/12 00:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2011/05/08 22:12:44 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\AppData\Roaming\ImgBurn
[2011/05/08 21:44:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/08 21:44:01 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\vista repair disk
[2011/05/08 21:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/05/08 21:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2011/05/08 20:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/05/07 19:44:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/07 19:44:42 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\AppData\Local\temp
[2011/05/07 19:38:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/07 19:38:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/07 19:38:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/07 19:38:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/07 19:38:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/07 19:38:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/07 19:38:11 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/06 22:03:13 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\AppData\Roaming\Malwarebytes
[2011/05/06 22:03:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/06 22:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/06 22:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/06 22:03:01 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/06 22:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/06 21:49:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/05/06 21:41:46 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\Virus removal
[2011/05/06 21:30:20 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\txt files
[2011/05/05 21:18:39 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2011/05/03 22:31:47 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\Business Visa
[2011/05/03 22:31:27 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\Business cheque account
[2011/05/03 14:32:59 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\passport pix
[2011/05/01 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\St George Stove Oven
[2011/04/30 20:45:24 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\Christening
[2011/04/30 20:23:44 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\genset
[2011/04/21 20:50:57 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\AppData\Roaming\Mozilla
[2011/04/16 20:03:05 | 000,000,000 | ---D | C] -- C:\Users\GRAHAM\Desktop\LG Fridge GR-282SF
[2011/04/16 19:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\LizardTech
[2010/08/09 23:03:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\GRAHAM\AppData\Roaming\pcouffin.sys
[2010/06/01 21:36:06 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll

========== Files - Modified Within 30 Days ==========

[2011/05/12 20:22:22 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/12 20:22:22 | 000,607,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/12 20:22:22 | 000,107,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/12 20:17:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/12 20:10:12 | 000,271,526 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/12 20:09:29 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/12 20:09:29 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/12 20:09:28 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/12 20:09:28 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/05/12 20:09:26 | 000,271,526 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/12 19:36:19 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/05/12 16:36:31 | 000,001,460 | ---- | M] () -- C:\Users\GRAHAM\AppData\Local\d3d9caps64.dat
[2011/05/12 03:16:23 | 000,001,356 | ---- | M] () -- C:\Users\GRAHAM\AppData\Local\d3d9caps.dat
[2011/05/12 01:00:26 | 000,000,998 | ---- | M] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo!7 Messenger.lnk
[2011/05/11 00:16:29 | 000,000,914 | ---- | M] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/11 00:16:29 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/08 22:31:17 | 000,426,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/08 21:22:17 | 000,001,730 | ---- | M] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/08 21:22:17 | 000,001,706 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/05/07 19:43:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/05/07 19:29:02 | 000,001,757 | ---- | M] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Defender.lnk
[2011/05/07 09:09:38 | 000,000,024 | ---- | M] () -- C:\Users\GRAHAM\Documents\MyZip (5).zip
[2011/05/06 22:03:05 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/30 23:47:33 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/30 23:47:17 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/04/30 23:15:32 | 000,002,613 | ---- | M] () -- C:\Users\GRAHAM\Desktop\Microsoft Word 2010.lnk
[2011/04/30 16:29:55 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/04/30 10:00:32 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/04/15 13:59:29 | 000,000,981 | ---- | M] () -- C:\Users\GRAHAM\Desktop\Internet Explorer.lnk
[2011/04/15 13:50:32 | 000,000,951 | ---- | M] () -- C:\Users\GRAHAM\Desktop\Internet Explorer (64-bit).lnk
[2011/04/12 21:02:03 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGRAHAM.job

========== Files Created - No Company Name ==========

[2011/05/12 19:36:19 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2011/05/12 01:00:26 | 000,000,998 | ---- | C] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo!7 Messenger.lnk
[2011/05/11 00:16:29 | 000,000,914 | ---- | C] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/11 00:16:29 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/11 00:16:29 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/08 21:22:17 | 000,001,730 | ---- | C] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/05/08 21:22:17 | 000,001,718 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/05/08 21:22:17 | 000,001,706 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/05/07 19:38:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/07 19:38:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/07 19:38:51 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/07 19:38:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/07 19:38:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/07 19:29:02 | 000,001,757 | ---- | C] () -- C:\Users\GRAHAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Defender.lnk
[2011/05/07 09:09:38 | 000,000,024 | ---- | C] () -- C:\Users\GRAHAM\Documents\MyZip (5).zip
[2011/05/06 22:03:05 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/05 22:01:23 | 000,001,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/04/15 13:59:29 | 000,000,981 | ---- | C] () -- C:\Users\GRAHAM\Desktop\Internet Explorer.lnk
[2011/04/15 13:50:32 | 000,000,951 | ---- | C] () -- C:\Users\GRAHAM\Desktop\Internet Explorer (64-bit).lnk
[2011/04/06 15:39:29 | 000,000,176 | ---- | C] () -- C:\Users\GRAHAM\AppData\Roaming\burnaware.ini
[2011/02/13 00:32:09 | 000,025,403 | ---- | C] () -- C:\Windows\SysWow64\drivers\afc.sys
[2011/02/07 22:19:59 | 001,427,917 | ---- | C] () -- C:\Users\GRAHAM\AppData\Local\tmpP1310001 (2).JPG
[2011/01/30 00:22:38 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\camera.ini
[2011/01/23 22:57:42 | 000,271,526 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/01/17 21:55:40 | 000,271,526 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/01/17 21:43:18 | 000,001,356 | ---- | C] () -- C:\Users\GRAHAM\AppData\Local\d3d9caps.dat
[2011/01/17 21:42:32 | 000,001,460 | ---- | C] () -- C:\Users\GRAHAM\AppData\Local\d3d9caps64.dat
[2011/01/15 20:42:29 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/13 03:20:40 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010/10/17 16:12:49 | 000,108,544 | ---- | C] () -- C:\Users\GRAHAM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/09 23:03:58 | 000,007,859 | ---- | C] () -- C:\Users\GRAHAM\AppData\Roaming\pcouffin.cat
[2010/08/09 23:03:58 | 000,001,167 | ---- | C] () -- C:\Users\GRAHAM\AppData\Roaming\pcouffin.inf
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/15 18:33:48 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/06/15 18:33:48 | 000,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/15 18:33:48 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2010/06/01 23:32:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/01 23:06:53 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/06/01 23:06:53 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/06/01 23:06:53 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/06/01 23:06:53 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/06/01 23:06:53 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/06/01 23:06:53 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/06/01 23:06:53 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/06/01 23:06:53 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/06/01 23:06:53 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/06/01 23:06:53 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/06/01 23:06:53 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/06/01 23:06:53 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/06/01 23:06:53 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/06/01 23:06:53 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/06/01 23:06:53 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/06/01 23:06:53 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/06/01 23:06:53 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/06/01 23:06:53 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/06/01 23:06:53 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/06/01 22:53:53 | 000,000,556 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/06/01 21:59:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/06/01 21:59:03 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/06/01 21:58:48 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/06/01 21:36:06 | 012,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2010/06/01 21:36:06 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2010/06/01 21:36:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2010/05/15 07:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/05/15 07:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/05/15 07:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2009/06/23 12:18:01 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/06/22 19:09:10 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009/06/22 19:09:10 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2008/01/21 12:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/03 01:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 22:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 22:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 19:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[1996/11/21 00:00:00 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1996/11/21 00:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\WRKGADM.EXE
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL
[1996/11/21 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1996/11/21 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

========== LOP Check ==========

[2010/09/04 21:23:00 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\Bitser Beta
[2011/05/11 06:16:28 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\BitTorrent
[2010/07/30 01:17:13 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\Canon
[2010/07/14 00:09:45 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/30 20:29:57 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\Epson
[2011/03/13 00:26:22 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\GetRightToGo
[2011/05/08 22:16:55 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\ImgBurn
[2010/06/01 22:48:23 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\InterTrust
[2010/07/18 08:31:40 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\Leadertech
[2011/02/20 01:17:56 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\OpenCandy
[2011/02/20 01:18:38 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\Reviversoft
[2010/06/01 22:53:55 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\ScanSoft
[2010/07/31 15:45:39 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\TeamViewer
[2011/05/12 19:50:48 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\Uniblue
[2010/10/17 00:53:39 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\Vso
[2010/07/18 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\GRAHAM\AppData\Roaming\WinBatch
[2011/04/30 10:00:32 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/05/12 20:09:28 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011/05/01 01:39:18 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

broni · 2011/05/12

See, if you can reboot in normal mode one more time.
If successful, delete your Combofix file, download fresh one and post new log.

GRAHAM WESTON · 2011/05/12

Broni,
No luck, still stops at the windows flag during boot.

broni · 2011/05/12

While in safe mode....

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Attempt to restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?

GRAHAM WESTON · 2011/05/14

Broni,
I've been busy with work the past few days, buy i have now got back onto this. I did as you requested, and it was still the same. I did notice that the video card was very hot, so i removed the card, and ran the monitor off the on board graphics port, and wham, she booted straight up. I did find that the heatsink on the card was completely blocked with dust, so i've cleaned that up and refitted it, and the PC is now booting good with the card refitted. So i'm not to sure why this has fixed the boot problem, but it has, and all is currently running fine. I'll see how it goes over the next week or so.

broni · 2011/05/15

Great news

Make sure to undo all changes you made following my reply #30.

Whenever ready....last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

GRAHAM WESTON · 2011/05/15

Broni,

Security Check txt as follows.

Results of screen317's Security Check version 0.99.7
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Adobe Flash Player 10.1.85.3
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

TFC will not run in 32 bit vista, and i have tried in compatability mode, and it will still not run.

i'll run ESET and post log, if there is one.

GRAHAM WESTON · 2011/05/15

Broni,
ESET scan txt.

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application
C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application
C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
C:\Program Files (x86)\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
C:\Program Files (x86)\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
C:\Program Files (x86)\Uniblue\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
C:\Users\GRAHAM\AppData\Roaming\OpenCandy\OpenCandy_93C63546E96E4A0CBDFA8D43F29EC4CA\RegistryReviverSetup-ppi_.exe a variant of Win32/RegistryReviver application
C:\Users\GRAHAM\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application
C:\Users\GRAHAM\Desktop\Downloads\MyFunCards.exe Win32/Toolbar.MyWebSearch application
C:\_OTL\MovedFiles\05122011_200605\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application
Operating memory Win32/RegistryBooster application

cheers.

broni · 2011/05/15

Instead of TFC, try this...

Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Unselect Cookies.
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.

If you use Opera browser
Click Opera at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

=====================================================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

===================================================

Uninstall Uniblue RegistryBooster.
Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

======================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe 
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll 
C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll 
C:\Program Files (x86)\Uniblue
C:\Users\GRAHAM\AppData\Roaming\OpenCandy\OpenCandy_93C63546E96E4A0CBDFA8D4 3F29EC4CA\RegistryReviverSetup-ppi_.exe 
C:\Users\GRAHAM\AppData\Roaming\Uniblue
C:\Users\GRAHAM\Desktop\Downloads\MyFunCards.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

GRAHAM WESTON · 2011/05/17

Broni,
OTL txt docs as requested.

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\xt\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\xt folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\xs\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\xs folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\tr\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\tr folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\se\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\se folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\ru\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\ru folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\pt\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\pt folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\pl\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\pl folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\no\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\no folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\nl\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\nl folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\jp\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\jp folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\it\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\it folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\gr\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\gr folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\fr\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\fr folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\fi\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\fi folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\es\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\es folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\en\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\en folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\dk\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\dk folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\de\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\de folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\br\LC_MESSAGES folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale\br folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster\locale folder moved successfully.
C:\Program Files (x86)\Uniblue\RegistryBooster folder moved successfully.
C:\Program Files (x86)\Uniblue folder moved successfully.
File\Folder C:\Users\GRAHAM\AppData\Roaming\OpenCandy\OpenCandy_93C63546E96E4A0CBDFA8D4 3F29EC4CA\RegistryReviverSetup-ppi_.exe not found.
C:\Users\GRAHAM\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\GRAHAM\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\GRAHAM\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\GRAHAM\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\GRAHAM\AppData\Roaming\Uniblue folder moved successfully.
C:\Users\GRAHAM\Desktop\Downloads\MyFunCards.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: GRAHAM
->Temp folder emptied: 1233765 bytes
->Temporary Internet Files folder emptied: 15974025 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44107060 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1696 bytes

User: GRAHAM2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 59.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: GRAHAM
->Flash cache emptied: 0 bytes

User: GRAHAM2

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05172011_214514

Files\Folders moved on Reboot...
C:\Users\GRAHAM\AppData\Local\Temp\Low\~DF4C09.tmp moved successfully.
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF1FAA.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF1FB8.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2013.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2021.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF205D.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF206B.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF20A0.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF20AE.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2106.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2114.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2149.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2157.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF218C.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF219A.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF21CF.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF21DD.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2210.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF221E.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2251.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF225F.tmp not found!
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X6B31Q10\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].html moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X6B31Q10\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X6B31Q10\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFY95QQI\98899-active-vista-will-not-boot-normal-mode-2[1].html moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFY95QQI\ads[1].txt moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFY95QQI\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFY95QQI\pixel[1].htm moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D6RVVTBA\ads[1].txt moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\43S5B9XH\ddc[1].htm moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\43S5B9XH\drts[1].txt moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\43S5B9XH\frm[1].html moved successfully.

Registry entries deleted on Reboot...

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: GRAHAM
->Temp folder emptied: 1014008 bytes
->Temporary Internet Files folder emptied: 9140169 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 909 bytes

User: GRAHAM2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: GRAHAM
->Flash cache emptied: 0 bytes

User: GRAHAM2

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.22.3 log created on 05172011_220420

Files\Folders moved on Reboot...
C:\Users\GRAHAM\AppData\Local\Temp\ppcrlui_3288_2 moved successfully.
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF28F1.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF28F8.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2948.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF294F.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF297E.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2985.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF29B3.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF29BA.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF29E8.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF29EF.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2A1D.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2A25.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2A53.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2A5F.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2A8D.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2A94.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2AC0.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2AC7.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2AF3.tmp not found!
File\Folder C:\Users\GRAHAM\AppData\Local\Temp\~DF2AFA.tmp not found!
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQJP45LD\01[1].html moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YQJP45LD\likebox[1].html moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V134JFDY\98899-active-vista-will-not-boot-normal-mode-3[1].html moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V134JFDY\like[1].html moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V134JFDY\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V134JFDY\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V134JFDY\p-01-0VIaSjnOLg[3].gif moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V134JFDY\recommendations[1].html moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\90XBOVDV\;ord=575760111[1].html moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\90XBOVDV\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\33F4Y3RX\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].html moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\33F4Y3RX\ads[1].html moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\33F4Y3RX\ads[2].html moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\33F4Y3RX\arnold-schwarzenegger-fathered-secret-child[1].html moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\33F4Y3RX\like[1].html moved successfully.
C:\Users\GRAHAM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

Cheers.

broni · 2011/05/17

12. Please, let me know, how your computer is doing.
Click to expand...

.....

GRAHAM WESTON · 2011/05/18

Broni,
well all seems to be ok now, has not missed a beat. Again, many thanks for all your help here, it is greatly appreciated. hopefully we will not need your services agaqin for a long time, if at all.

Regards
Graham.

broni · 2011/05/18

You're very welcome

Good luck and stay safe

Log in or Sign up

Solved Vista will not boot to normal mode

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

GRAHAM WESTON Well-Known Member Thread Starter

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Vista will not boot to normal mode

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

GRAHAM WESTON Well-Known Member Thread Starter

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

GRAHAM WESTON Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches