Solved zeroaccess.ee and eh

rizzla · 2012/06/24

re first log

Here is the other half of OTL log.

========== Files/Folders - Created Within 30 Days ==========

[2012/06/23 21:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/06/23 16:12:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/23 16:11:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/23 16:11:54 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\temp
[2012/06/23 15:24:49 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{A4AE1055-99AC-48CB-882B-D27AC3BDB07B}
[2012/06/23 15:24:22 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{A5B4F230-14E3-49B8-9220-F14804BAA0F7}
[2012/06/23 00:34:17 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{6049899D-43AA-4A17-B44A-09B99BBD9487}
[2012/06/23 00:31:54 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\HP
[2012/06/22 13:37:18 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{6805EFD1-5457-4BE8-9D2E-83730BE6DD49}
[2012/06/22 13:36:54 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{CCB4BF70-B82B-472B-9D20-8E701544E2EB}
[2012/06/22 01:32:29 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/21 16:05:24 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{DB10FC9C-0C28-4B44-83AB-A61CFFE6021E}
[2012/06/21 16:05:01 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{78B24FEA-6D35-49AF-A3CA-8D01F0E33EDA}
[2012/06/21 15:25:17 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{69284EF0-F5DF-4F08-9424-36207DC62B49}
[2012/06/21 15:24:53 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{5B8EA301-0DCB-4339-A3C8-0F939C19AEF7}
[2012/06/21 15:19:41 | 000,000,000 | ---D | C] -- C:\Users\james\Desktop\zeroaccess
[2012/06/20 21:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/20 12:53:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/20 12:53:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/20 12:53:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/20 12:53:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/20 12:51:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/20 12:34:02 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\WinRAR
[2012/06/20 12:25:57 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{17A648AC-BFB3-4EFF-B65B-E7FB619A6018}
[2012/06/19 22:53:01 | 000,017,488 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\rm.sys
[2012/06/19 22:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/06/19 22:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/06/19 22:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/06/19 18:37:48 | 000,335,504 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012/06/19 18:05:12 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/19 13:00:01 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/19 12:57:40 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/06/18 23:43:06 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\FixZeroAccess
[2012/06/18 23:37:23 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{62C5C8B9-FB49-47C9-8D46-098E24552E29}
[2012/06/18 22:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/06/18 21:54:10 | 000,203,088 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/06/18 21:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/06/18 21:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/18 21:53:26 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\TestApp
[2012/06/18 13:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/18 13:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/18 13:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/18 03:39:55 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/06/18 03:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/18 01:50:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/17 18:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/17 17:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/17 17:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/17 17:04:02 | 000,000,000 | ---D | C] -- C:\Users\james\Documents\OneNote Notebooks
[2012/06/17 16:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/17 16:19:21 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\{6B59B8EE-C923-45D8-B45C-5B578CE8439F}
[2012/06/15 23:24:22 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Secunia PSI
[2012/06/15 23:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012/06/14 20:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/14 20:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/14 20:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/06/12 16:52:34 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\DriverCure
[2012/06/12 16:52:33 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\SpeedyPC Software
[2012/06/12 16:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012/06/12 16:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/06/12 14:12:12 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/06/12 14:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/06/12 14:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/06/12 13:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/12 13:01:21 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Malwarebytes
[2012/06/12 13:01:16 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2008/02/07 07:30:24 | 000,557,056 | ---- | C] (Citrix Online) -- C:\Users\james\GoToAssist_phone__319_en.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/24 01:25:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/24 01:02:30 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/24 00:53:53 | 000,099,139 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/06/23 23:43:57 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 23:43:57 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 22:10:55 | 000,273,690 | ---- | M] () -- C:\Users\james\Documents\cc_20120623_221028.reg
[2012/06/23 21:59:25 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/23 21:49:39 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/06/23 21:46:13 | 000,000,147 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/06/23 21:44:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/23 21:43:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/23 21:43:48 | 2078,916,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/23 20:09:25 | 000,002,601 | ---- | M] () -- C:\Users\Public\Desktop\HP Help and Support.lnk
[2012/06/23 18:00:01 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/06/23 16:00:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/23 03:19:07 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/06/23 00:42:46 | 000,099,139 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/06/22 15:59:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/22 01:32:07 | 000,876,898 | ---- | M] () -- C:\Users\james\Desktop\FRST.exe
[2012/06/21 23:08:08 | 000,007,620 | ---- | M] () -- C:\Users\james\AppData\Local\d3d9caps.dat
[2012/06/21 15:52:22 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/06/21 01:03:24 | 000,001,097 | ---- | M] () -- C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/06/21 00:18:12 | 000,000,632 | RHS- | M] () -- C:\Users\james\ntuser.pol
[2012/06/20 12:33:27 | 000,044,607 | ---- | M] () -- C:\Users\james\Desktop\bootkit_remover.zip
[2012/06/20 02:38:52 | 000,001,302 | ---- | M] () -- C:\Users\james\Documents\log.xml
[2012/06/19 22:53:01 | 000,017,488 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\rm.sys
[2012/06/19 22:44:39 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/06/19 22:44:39 | 000,001,947 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/06/19 20:01:49 | 000,335,504 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012/06/19 17:37:46 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3fda3a08-afdc-49ca-ac6b-0275e856fc8a.job
[2012/06/18 22:00:22 | 002,377,637 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/06/18 13:01:49 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c9320ecb-aeb5-46bd-b685-83e80ae6544b.job
[2012/06/18 13:01:26 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/06/18 04:02:14 | 000,009,048 | ---- | M] () -- C:\Windows\System32\.crusader
[2012/06/18 03:39:56 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/06/17 18:03:33 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/14 21:47:03 | 000,000,241 | ---- | M] () -- C:\Windows\wininit.ini
[2012/06/14 20:33:42 | 000,001,079 | ---- | M] () -- C:\Users\james\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/14 20:33:42 | 000,001,055 | ---- | M] () -- C:\Users\james\Desktop\Spybot - Search & Destroy.lnk
[2012/06/14 11:08:53 | 000,473,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 19:15:45 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/13 19:15:45 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/10 22:50:43 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/23 22:10:36 | 000,273,690 | ---- | C] () -- C:\Users\james\Documents\cc_20120623_221028.reg
[2012/06/23 19:50:41 | 2078,916,608 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/22 01:27:49 | 000,876,898 | ---- | C] () -- C:\Users\james\Desktop\FRST.exe
[2012/06/21 00:18:12 | 000,000,632 | RHS- | C] () -- C:\Users\james\ntuser.pol
[2012/06/20 12:53:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/20 12:53:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/20 12:53:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/20 12:53:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/20 12:53:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/20 12:33:26 | 000,044,607 | ---- | C] () -- C:\Users\james\Desktop\bootkit_remover.zip
[2012/06/20 02:38:51 | 000,001,302 | ---- | C] () -- C:\Users\james\Documents\log.xml
[2012/06/19 22:44:39 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/06/19 22:43:25 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/06/19 17:37:45 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3fda3a08-afdc-49ca-ac6b-0275e856fc8a.job
[2012/06/18 21:54:23 | 002,377,637 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/06/18 20:48:36 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/06/18 13:01:49 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c9320ecb-aeb5-46bd-b685-83e80ae6544b.job
[2012/06/18 13:01:26 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/06/18 04:02:14 | 000,009,048 | ---- | C] () -- C:\Windows\System32\.crusader
[2012/06/18 03:39:56 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/06/17 18:03:33 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/17 17:04:46 | 000,001,097 | ---- | C] () -- C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/06/14 21:47:02 | 000,000,241 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/14 20:33:42 | 000,001,079 | ---- | C] () -- C:\Users\james\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/14 20:33:42 | 000,001,055 | ---- | C] () -- C:\Users\james\Desktop\Spybot - Search & Destroy.lnk
[2012/06/12 16:53:00 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/06/12 16:52:07 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/06/12 13:01:17 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/10 22:50:43 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/10 22:50:43 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/11 16:12:07 | 000,002,048 | -HS- | C] () -- C:\Users\jean\AppData\Local\{93a668a7-6af6-2a40-13ab-1cfd8bb267d1}\@
[2011/10/13 20:00:06 | 000,000,000 | ---- | C] () -- C:\Users\james\AppData\Roaming\wklnhst.dat
[2010/08/16 19:13:44 | 000,007,620 | ---- | C] () -- C:\Users\james\AppData\Local\d3d9caps.dat
[2010/04/18 16:45:22 | 000,005,077 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/02/28 07:29:37 | 000,004,985 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009/12/25 19:29:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/22 13:47:20 | 000,099,139 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/22 13:47:20 | 000,099,139 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/01/13 20:31:47 | 000,013,025 | ---- | C] () -- C:\Users\james\AppData\Roaming\nvModes.001
[2008/01/13 20:31:42 | 000,013,025 | ---- | C] () -- C:\Users\james\AppData\Roaming\nvModes.dat

========== LOP Check ==========

[2010/10/29 21:36:40 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Auslogics
[2011/10/04 18:05:10 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\BeNaughtyChat
[2008/03/14 14:12:38 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\BetFair
[2011/10/14 00:18:04 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\com.orbis.air.SkyPoker.7C82499D7E4526CADD9D1D1B010AFE250A7BEC27.1
[2012/06/12 16:52:34 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\DriverCure
[2012/06/18 23:43:06 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\FixZeroAccess
[2008/09/09 00:52:27 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Microgaming
[2011/10/14 17:57:16 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\OpenOffice.org
[2008/12/02 01:16:17 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Poker Trillion
[2008/09/14 04:23:01 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\RapidTyping
[2012/06/12 16:52:33 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\SpeedyPC Software
[2011/10/13 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Template
[2012/06/18 21:53:26 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\TestApp
[2011/09/19 20:01:32 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\TP
[2010/03/19 06:35:40 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\Audacity
[2012/01/04 15:39:12 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\Auslogics
[2011/09/24 00:22:16 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\BeNaughtyChat
[2009/12/21 09:30:07 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\Canon
[2009/03/03 15:51:47 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/29 18:30:11 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\com.orbis.air.SkyPoker.7C82499D7E4526CADD9D1D1B010AFE250A7BEC27.1
[2010/07/21 20:01:43 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\Full Tilt Poker
[2011/10/12 21:51:02 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\LSoft Technologies
[2012/06/14 19:26:10 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\Microgaming
[2009/10/25 04:09:44 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\muvee Technologies
[2008/02/26 01:28:39 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\PeerNetworking
[2009/02/07 12:11:16 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\Poker Trillion
[2008/09/14 17:02:12 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\RapidTyping
[2011/11/26 00:47:46 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\Rock'em Poker
[2008/08/29 08:41:10 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\System
[2010/09/02 17:46:23 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\Template
[2011/09/19 20:44:33 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\TP
[2010/10/29 22:08:23 | 000,000,000 | ---D | M] -- C:\Users\jean\AppData\Roaming\Windows Live Writer
[2012/06/23 21:36:42 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/23 18:00:01 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/06/23 03:19:07 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2012/06/19 17:37:46 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3fda3a08-afdc-49ca-ac6b-0275e856fc8a.job
[2012/06/18 13:01:49 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c9320ecb-aeb5-46bd-b685-83e80ae6544b.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< %SYSTEMDRIVE%\*.* >
[2007/04/20 09:22:06 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2010/03/14 01:05:02 | 000,000,087 | ---- | M] () -- C:\bcmwl6.log
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2012/06/23 16:11:51 | 000,018,403 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/09/19 15:51:11 | 003,932,184 | ---- | M] () -- C:\DC6810xp-001.raw
[2009/02/08 21:50:27 | 003,932,184 | ---- | M] () -- C:\DC6810xp-002.raw
[2011/05/15 19:21:16 | 000,000,124 | ---- | M] () -- C:\FINIS_IT.TXT
[2012/06/23 21:43:48 | 2078,916,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/03 20:00:51 | 000,000,132 | ---- | M] () -- C:\ICSYSINF.log
[2009/09/22 16:34:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/22 16:34:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/09/13 03:38:37 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/09/13 03:38:37 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2008/11/12 23:14:57 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2008/11/12 23:14:59 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{1d2fc1e9-b106-11dd-95ab-001b24725f75}.TM.blf
[2008/11/12 23:14:58 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{1d2fc1e9-b106-11dd-95ab-001b24725f75}.TMContainer00000000000000000001.regtrans-ms
[2008/11/12 23:14:59 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{1d2fc1e9-b106-11dd-95ab-001b24725f75}.TMContainer00000000000000000002.regtrans-ms
[2009/09/13 03:38:37 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{f443d1a2-b2a5-11dd-807b-001b24725f75}.TM.blf
[2009/09/13 03:38:37 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f443d1a2-b2a5-11dd-807b-001b24725f75}.TMContainer00000000000000000001.regtrans-ms
[2008/11/15 01:15:03 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f443d1a2-b2a5-11dd-807b-001b24725f75}.TMContainer00000000000000000002.regtrans-ms
[2012/06/23 21:43:45 | 2392,715,264 | -HS- | M] () -- C:\pagefile.sys
[2012/06/16 20:59:51 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2008/09/10 23:27:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/09/17 10:20:22 | 000,000,284 | ---- | M] () -- C:\sqmnoopt00.sqm
[2012/06/18 01:50:17 | 000,130,648 | ---- | M] () -- C:\TDSSKiller.2.7.40.0_18.06.2012_01.48.50_log.txt
[2012/06/18 02:19:35 | 000,254,116 | ---- | M] () -- C:\TDSSKiller.2.7.40.0_18.06.2012_02.16.00_log.txt
[2012/06/18 13:37:07 | 000,129,478 | ---- | M] () -- C:\TDSSKiller.2.7.40.0_18.06.2012_13.36.02_log.txt
[2012/06/19 13:18:02 | 000,129,542 | ---- | M] () -- C:\TDSSKiller.2.7.40.0_19.06.2012_13.15.11_log.txt
[2012/06/23 20:18:59 | 000,129,990 | ---- | M] () -- C:\TDSSKiller.2.7.40.0_23.06.2012_20.17.40_log.txt
[2011/09/19 00:57:46 | 000,000,041 | ---- | M] () -- C:\Tm.queue

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/05/31 23:34:04 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/27 03:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/06/07 13:32:39 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2010/06/17 01:38:27 | 000,052,649 | ---- | M] () -- C:\Program Files\hminstalllog.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/03/08 14:43:02 | 000,000,221 | -HS- | M] () -- C:\Users\james\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/22 01:32:07 | 000,876,898 | ---- | M] () -- C:\Users\james\Desktop\FRST.exe
[2008/10/11 04:04:59 | 000,966,417 | ---- | M] (Meow-Prod ) -- C:\Users\james\Desktop\mypikyload_setup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2007/04/10 22:46:44 | 000,013,022 | ---- | M] () -- C:\Windows\VX6000.src
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/24 01:02:30 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/23 21:44:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/24 01:25:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/21 22:24:00 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjames.job
[2012/06/23 21:43:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/06/23 21:36:42 | 000,032,644 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2012/06/23 18:00:01 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/06/23 03:19:07 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/06/19 17:37:46 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3fda3a08-afdc-49ca-ac6b-0275e856fc8a.job
[2012/06/18 13:01:49 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c9320ecb-aeb5-46bd-b685-83e80ae6544b.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2008/02/07 07:30:28 | 000,557,056 | ---- | M] (Citrix Online) -- C:\Users\james\GoToAssist_phone__319_en.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/02/21 00:18:45 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2010/02/21 00:18:16 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2009/05/31 23:51:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2009/05/31 23:51:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2010/02/21 00:18:16 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/01/12 20:05:03 | 000,000,402 | -HS- | M] () -- C:\Users\james\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/18 16:45:22 | 000,005,077 | ---- | M] () -- C:\ProgramData\bltofzsb.qlf
[2010/08/18 19:29:08 | 000,005,369 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2012/06/24 00:53:53 | 000,099,139 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/28 07:29:37 | 000,004,985 | ---- | M] () -- C:\ProgramData\ojvzdisj.xda

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install\LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:587EB586
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CF778051
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A6CD15C3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >

rizzla · 2012/06/24

Re extra log

Here is first half of OTL extras log.
OTL Extras logfile created on: 24/06/2012 00:57:27 - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\jean\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 49.64% Memory free
4.11 Gb Paging File | 2.55 Gb Available in Paging File | 62.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.87 Gb Total Space | 90.14 Gb Free Space | 63.99% Space Free | Partition Type: NTFS
Drive D: | 8.17 Gb Total Space | 1.73 Gb Free Space | 21.11% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JAMES-PC | User Name: james | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D3241C7-8B49-47AC-8E3E-38B83A8349BF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{26FF57F3-A09B-47E5-A130-750237D5D9AD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8DB4BD2F-2033-4276-BE13-7E6B627E557A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{92F6E8B4-EC98-4A20-BF42-D3B01AFBB515}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{FA40A9A6-7674-44B0-B164-9246D7DEA52D}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B3EFFA-6B6E-40BB-ADFA-A76F164688A0}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{0F65FCEA-729B-4DA9-9502-AC55F40C1104}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{10128262-97CF-4281-9784-6D7B449460B3}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{1BBD5536-AEF7-43EF-8DAB-695D6728FA3E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1CDD3BC5-E698-4A3A-9306-9BE283B6F7C8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{27C7DD8C-DE25-44E2-AFAA-3C39BAD6D94A}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{284BF33D-7530-40CE-96AD-B622CE1FB05B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4F0C39B0-4C88-4C96-AC2C-4F245039729B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5105F32A-016D-4A45-8208-3BE783EFFC03}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{54C85618-BB02-48B9-9881-D94CE9E0878D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5C589C78-9B02-435B-8BD9-B8FC78694504}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5DD9B240-C5DC-40AB-A503-A94A8B948066}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{62AE469B-FC3E-482F-88B9-DE6101EC1741}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{67366B73-A836-4898-8C93-4E4CCE23C0C9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7B738791-E08B-4667-B137-604E0A808A3C}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7DC1A453-6A43-4479-A3E3-A4491D62DC1E}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{96D26B41-9B01-475C-9A9C-EB2F8D437737}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9850DBF2-A867-47A6-A467-A34444477A47}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A1EA6843-7FF6-4A14-84D6-21A7599CAB52}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A522C3AB-2467-4115-9D41-4CC97790C5ED}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{AD6C4386-B198-4F88-88EB-BD35888ADB4B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B246D6AA-EA90-4BA3-A9C5-170404A10A9C}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{CF1E71B7-AA0A-477A-98B5-5AA62369AF83}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{D0E09E23-F1B1-4528-A2EB-9B199D805C43}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D400B666-3A4E-43D0-A838-70D76CDD6E9B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{D69383AB-F043-425C-A947-9B88B7764798}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{D70F92AC-DAA7-4C4E-8979-A91885FB8000}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{E1094CCC-9147-4145-A6B1-12D5ADA16576}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F5E3E506-C170-498A-8E9E-FAD896A1B394}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F9B1D579-DA56-46BB-9799-B8A593EC25D5}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BE75D16-A80B-AAE8-064C-4FD834EE0BBD}" = Sky Poker
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{39523EA4-F914-4447-A551-2513766095F5}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin N Wireless USB Adapter Setup
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{60EB76E2-DF31-477B-A28C-2303ADE6629D}" = PurePlay Poker
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9DC9256-709F-4BEA-B39D-4F11D90585AA}" = HP Smart Web Printing
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0F97FBF-9F98-4522-B65D-8980FE38C726}" = HP User Guide 0042
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

rizzla · 2012/06/24

Re OTL extra log

Here is the other half.Regards
"ASIO4ALL" = ASIO4ALL
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BT Home Hub" = BT Home Hub
"Byki Express" = Byki Express
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.orbis.air.SkyPoker.7C82499D7E4526CADD9D1D1B010AFE250A7BEC27.1" = Sky Poker
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 9" = FL Studio 9
"FXCM Trading Station II" = FXCM Trading Station II
"Hardcore" = Hardcore
"HitmanPro36" = HitmanPro 3.6
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"HP Smart Web Printing" = HP Smart Web Printing
"IL Download Manager" = IL Download Manager
"InstallShield_{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSC" = McAfee Total Protection
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"PartyPoker" = PartyPoker
"PhotoStitch" = Canon Utilities PhotoStitch
"PoiZone" = PoiZone
"PokerStars" = PokerStars
"RapidTyping" = RapidTyping
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sakura" = Sakura
"Sawer" = Sawer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Toxic Biohazard" = Toxic Biohazard
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1463654619-1418921739-826426995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Poker Trillion" = Poker Trillion

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1463654619-1418921739-826426995-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"RockemPoker_80_1" = Rock'em Poker
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/06/2012 09:44:52 | Computer Name = james-PC | Source = PostgreSQL | ID = 0
Description = 2012-06-23 13:44:52 GMT FATAL: bogus data in lock file "postmaster.pid ":
" "

Error - 23/06/2012 10:20:08 | Computer Name = james-PC | Source = PostgreSQL | ID = 0
Description = 2012-06-23 14:20:08 GMT FATAL: bogus data in lock file "postmaster.pid ":
" "

Error - 23/06/2012 14:14:19 | Computer Name = james-PC | Source = EventSystem | ID = 4609
Description =

Error - 23/06/2012 14:51:02 | Computer Name = james-PC | Source = PostgreSQL | ID = 0
Description = 2012-06-23 18:51:02 GMT FATAL: bogus data in lock file "postmaster.pid ":
" "

Error - 23/06/2012 15:44:34 | Computer Name = james-PC | Source = EventSystem | ID = 4621
Description =

Error - 23/06/2012 16:18:39 | Computer Name = james-PC | Source = EventSystem | ID = 4621
Description =

Error - 23/06/2012 16:44:09 | Computer Name = james-PC | Source = PostgreSQL | ID = 0
Description = 2012-06-23 20:44:09 GMT FATAL: bogus data in lock file "postmaster.pid ":
" "

Error - 23/06/2012 17:01:08 | Computer Name = james-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 23/06/2012 17:03:51 | Computer Name = james-PC | Source = Windows Search Service | ID = 3024
Description =

Error - 23/06/2012 19:48:22 | Computer Name = james-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: cd4 Start Time: 01cd5180f34715a6 Termination Time: 0

Error - 23/06/2012 19:51:13 | Computer Name = james-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3596 (0xe0c) Thread address : 0x77475CD4 Thread message : Build VSCORE.14.4.0.387
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Users\jean\Desktop\OTL.exe

by C:\Windows\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 23/06/2012 16:43:59 | Computer Name = james-PC | Source = HTTP | ID = 15021
Description =

Error - 23/06/2012 16:43:59 | Computer Name = james-PC | Source = HTTP | ID = 15021
Description =

Error - 23/06/2012 16:43:59 | Computer Name = james-PC | Source = HTTP | ID = 15021
Description =

Error - 23/06/2012 16:43:59 | Computer Name = james-PC | Source = HTTP | ID = 15021
Description =

Error - 23/06/2012 16:44:07 | Computer Name = james-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =

Error - 23/06/2012 16:45:48 | Computer Name = james-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 23/06/2012 16:46:07 | Computer Name = james-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 23/06/2012 16:49:10 | Computer Name = james-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 23/06/2012 19:53:50 | Computer Name = james-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 23/06/2012 20:14:40 | Computer Name = james-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

< End of report >

broni · 2012/06/24

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\james\AppData\Local\Temp\mfe_rr.sys -- (MFE_RR)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found.
O3 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKU\S-1-5-21-1463654619-1418921739-826426995-1003..\Run: [syshost32] C:\Users\jean\AppData\Local\{0E3DFB9A-316D-DF29-16F5-F90AF6E1CA1D}\syshost.exe File not found
O4 - Startup: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1463654619-1418921739-826426995-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012/06/23 18:00:01 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/06/23 03:19:07 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:587EB586
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CF778051
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A6CD15C3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
====================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

rizzla · 2012/06/24

re logs

Right here we go .
Here is the OTL log.
Message flagged Monday, 25 June 2012, 3:50All processes killed
Error: Unable to interpret <Code: > in the current context!
========== OTL ==========
Service SBSDWSCService stopped successfully!
Service SBSDWSCService deleted successfully!
File C:\Program Files\Spybot not found.
Service MFE_RR stopped successfully!
Service MFE_RR deleted successfully!
File C:\Users\james\AppData\Local\Temp\mfe_rr.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_USERS\S-1-5-21-1463654619-1418921739-826426995-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_USERS\S-1-5-21-1463654619-1418921739-826426995-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1463654619-1418921739-826426995-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}\ not found.
Registry value HKEY_USERS\S-1-5-21-1463654619-1418921739-826426995-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_USERS\S-1-5-21-1463654619-1418921739-826426995-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_USERS\S-1-5-21-1463654619-1418921739-826426995-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_USERS\S-1-5-21-1463654619-1418921739-826426995-1003\Software\Microsoft\Windows\CurrentVersion\Run\\syshost32 deleted successfully.
C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry key HKEY_USERS\S-1-5-21-1463654619-1418921739-826426995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1463654619-1418921739-826426995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1463654619-1418921739-826426995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry value HKEY_USERS\S-1-5-21-1463654619-1418921739-826426995-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Starting removal of ActiveX control {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\Tasks\SpeedyPC Registration3.job moved successfully.
C:\WINDOWS\Tasks\SpeedyPC Update Version3.job moved successfully.
ADS C:\ProgramData\TEMP:587EB586 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:CF778051 deleted successfully.
ADS C:\ProgramData\TEMP:A6CD15C3 deleted successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: andy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: james
->Temp folder emptied: 13170556 bytes
->Temporary Internet Files folder emptied: 10164773 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 57902 bytes

User: jean
->Temp folder emptied: 1450483 bytes
->Temporary Internet Files folder emptied: 12043641 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 57110 bytes

User: marsilio
->Temp folder emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1639488 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2228 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37.00 mb

[EMPTYJAVA]

User: All Users

User: andy

User: Default

User: Default User

User: james
->Java cache emptied: 0 bytes

User: jean
->Java cache emptied: 0 bytes

User: marsilio

User: postgres

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: andy

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: james
->Flash cache emptied: 0 bytes

User: jean
->Flash cache emptied: 0 bytes

User: marsilio

User: postgres

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.52.0 log created on 06252012_024423
Files\Folders moved on Reboot...
File\Folder C:\Users\jean\AppData\Local\Temp\{C2984256-7493-4E48-9319-DE06156A3B51}\fpb.tmp not found!
File move failed. C:\Users\jean\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X277SYH3\102947-active-zeroaccess-ee-eh-2[1].htm not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X277SYH3\ba41f783-c96b-4b2d-8be8-46ee74bd1e3b__3rd_party_BBS.[1].htm not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X277SYH3\p-01-0VIaSjnOLg[1].gif not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WH8IRPEM(57)\,ns-5740878_1268514722,1177d1818b8f976,it_general_opensource,;;kw=;tile=2;ord1=663255;sz=125x125;ppos=atf;contx=it_general_opensource;btg=;ord=5198153326129933[1] not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WH8IRPEM(57)\u=,ns-7615003_1268514716,1177d1818b8f976,it_general_opensource,;;kw=;tile=1;ord1=63682;sz=728x15;ppos=atf;contx=it_general_opensource;btg=;ord=5627022121335792[1] not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TICZ364U\11465144609@x50[1].htm not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TICZ364U\17315;174944;201;iframe;ContextWeb;160x600RON[1].htm not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TICZ364U\5174[1].htm not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TICZ364U\drts[1].htm not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TICZ364U\p-01-0VIaSjnOLg[1].gif not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R62JZ8Y0(56)\ns-63199396_1268514703,1177d1818b8f976,it_appdev_windows,;;kw=;tile=3;ord1=192220;sz=120x600,160x600;ppos=btf;contx=it_appdev_windows;btg=;ord=2667826593188380[1] not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IHMUVSI1(53)\ns-54627518_1268514699,1177d1818b8f976,it_appdev_windows,;;kw=;tile=1;ord1=478427;sz=300x250,300x600;ppos=atf;contx=it_appdev_windows;btg=;ord=2667826593188380[1] not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E94838LL\ads[1].htm not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6AY388N5\1@x13[1].htm not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6AY388N5\drts[1].htm not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6AY388N5\like[1].htm not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6AY388N5\xd_arbiter[1].htm not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4IZC2PY5(48)\ns-73073535_1268514185,1177d1818b8f976,it_appdev_windows,;;kw=;tile=1;ord1=849599;sz=300x250,300x600;ppos=atf;contx=it_appdev_windows;btg=;ord=6758486459979942[1] not found!
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4IZC2PY5(48)\t=ns;u=,ns-41665165_1268514702,1177d1818b8f976,it_appdev_windows,;;kw=;tile=2;ord1=877470;sz=125x125;ppos=atf;contx=it_appdev_windows;btg=;ord=2667826593188380[1] not found!
C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Users\jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat not found!
File\Folder C:\Windows\temp\mcafee_rb2BygxgTNLATF1 not found!
Registry entries deleted on Reboot...

rizzla · 2012/06/24

re logs-check up

Check up.
Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
McAfee Total Protection
McAfee Security Scan Plus
McAfee Online Backup
McAfee Virtual Technician
McAfee Online Backup
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee Online Backup MOBKbackup.exe
``````````End of Log````````````

rizzla · 2012/06/24

Re FSS

Here is the FSS log.
Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
McAfee Total Protection
McAfee Security Scan Plus
McAfee Online Backup
McAfee Virtual Technician
McAfee Online Backup
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee Online Backup MOBKbackup.exe
``````````End of Log````````````

broni · 2012/06/24

The second one is not FSS log.
You posted Security Check twice.

rizzla · 2012/06/24

TFC cleaner

Done the Temp File Cleaner.
I willl do the ESET online scanner and post the log to you tommorrow .
Time for bed .
Regards.

broni · 2012/06/24

Read my previous reply.

rizzla · 2012/06/24

FSS log

Must have made a mistake.
Here it is hopefulley.
Farbar Service Scanner Version: 24-06-2012 01
Ran by jean (ATTENTION: The logged in user is not administrator) on 25-06-2012 at 03:16:59
Running from "C:\Users\jean\Desktop "
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall "=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall "=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall "=DWORD:0

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs ".
The ServiceDll of winmgmt service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1

PlugPlay Service is not running. Checking service configuration:
The start type of PlugPlay service is OK.
The ImagePath of PlugPlay service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-09 14:19] - [2012-03-30 13:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-13 18:54] - [2012-04-23 17:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

broni · 2012/06/24

The log says:

ATTENTION: The logged in user is not administrator
Click to expand...

Why would that be?

I'm concerned about numerous services not running.

rizzla · 2012/06/24

Supposed i never used the adim account?

broni · 2012/06/24

I want you to login into administrator account and post new FSS log from there.

rizzla · 2012/06/25

re FSS log

Here is the admin FSS log.
Farbar Service Scanner Version: 24-06-2012 01
Ran by james (administrator) on 25-06-2012 at 13:39:51
Running from "C:\Users\james\Desktop "
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall "=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall "=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall "=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-09 14:19] - [2012-03-30 13:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-13 18:54] - [2012-04-23 17:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

rizzla · 2012/06/25

Ran the essat online scanner.
Came up with a few entries ,which i deleted.

rizzla · 2012/06/25

eset scanner

Ooops forgot to tick the scan archives and copy the results.
Think there was about 4 quarintined .Did not seem major.?
Just deleted them.
Ran the eset scanner again with scan archives ticked.
Scan came up with no threats detected.
Regards.

broni · 2012/06/25

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

rizzla · 2012/06/25

re OTL

Ran the otl.
Rebooted and now i cant log into my admin account.
Log on failed could not upload user profile.

rizzla · 2012/06/25

re OTL

Is this the correct log.
All processes killed
Error: Unable to interpret <Code: > in the current context!
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: andy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: james
->Temp folder emptied: 65360 bytes
->Temporary Internet Files folder emptied: 11645439 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: jean
->Temp folder emptied: 497688 bytes
->Temporary Internet Files folder emptied: 6316788 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: marsilio
->Temp folder emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb

[EMPTYFLASH]

User: All Users

User: andy

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: james
->Flash cache emptied: 0 bytes

User: jean
->Flash cache emptied: 0 bytes

User: marsilio

User: postgres

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: andy

User: Default

User: Default User

User: james
->Java cache emptied: 0 bytes

User: jean
->Java cache emptied: 0 bytes

User: marsilio

User: postgres

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06262012_001209

Files\Folders moved on Reboot...
C:\Users\james\AppData\Local\Temp\~DFEA4C.tmp moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MV39EP3N\102947-active-zeroaccess-ee-eh-3[1].htm moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MV39EP3N\ads[2].htm moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MV39EP3N\KonaSend[1].js moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MV39EP3N\KonaSend[2].js moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MV39EP3N\KonaSend[3].js moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MV39EP3N\si[1].htm moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MV39EP3N\xd_arbiter[1].htm moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GXEUAYSV\displayAd[1].js moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GXEUAYSV\KonaSend[1].js moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GXEUAYSV\KonaSend[2].js moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GXEUAYSV\KonaSend[3].js moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GXEUAYSV\KonaSend[4].js moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GXEUAYSV\p-01-0VIaSjnOLg[5].gif moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YN2S4OU\5174[1].htm moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YN2S4OU\;ord=838125785[1].htm moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YN2S4OU\fastbutton[3].htm moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YN2S4OU\KonaSend[1].js moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YN2S4OU\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YN2S4OU\rsa[1].htm moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YN2S4OU\xd_arbiter[1].htm moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Q6RPTFQ\ba41f783-c96b-4b2d-8be8-46ee74bd1e3b__3rd_party_BBS.[1].htm moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Q6RPTFQ\KonaSend[1].js moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Q6RPTFQ\KonaSend[2].js moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Q6RPTFQ\KonaSend[3].js moved successfully.
C:\Users\james\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Q6RPTFQ\like[1].htm moved successfully.

Registry entries deleted on Reboot...

Log in or Sign up

Solved zeroaccess.ee and eh

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

Share This Page

Log in or Sign up

Solved zeroaccess.ee and eh

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

broni Moderator Malware Analyst

rizzla Inactive Thread Starter

rizzla Inactive Thread Starter

Share This Page

Useful Searches