Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

XP 2012 Virus/Trojan

  • 22-06-2011 01:24PM
    #1
    Butch Cassidy
    Closed Accounts Posts: 1,409 ✭✭✭


    I clicked onto a website that appears to have automatically downloaded a trojan virus onto my computer. It looks like a Windows XP programme that claims it is scanning for viruses and that I have to download a registered update of a virus removal programme. (see screens)

    XP-Antivirus-2012.jpg


    xp-security-2012.jpg



    Now I've obviously done the google thing but I'm hesitant to use a method from another forum I've never used hence asking here. Could anyone direct me towards removing this please? I have Microsoft Security Essentials and it has picked it up but is unable to remove it.

    I'm running XP on a Compaq laptop


«1

Comments

  • #2
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • #3
    Butch Cassidy
    Closed Accounts Posts: 1,409 ✭✭✭Butch Cassidy


    I did that. It only gave me one .txt file.


    Here it is:
    OTL logfile created on: 22/06/2011 16:44:57 - Run 3
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1013.98 Mb Total Physical Memory | 566.13 Mb Available Physical Memory | 55.83% Memory free
    2.38 Gb Paging File | 2.03 Gb Available in Paging File | 85.17% Paging File free
    Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 15.81 Gb Free Space | 14.15% Space Free | Partition Type: NTFS
    Drive E: | 7.44 Gb Total Space | 4.45 Gb Free Space | 59.79% Space Free | Partition Type: FAT32

    Computer Name: USER-8368896966 | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
    PRC - [2011/06/22 02:29:12 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe
    PRC - [2011/01/11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/09/21 00:37:34 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    PRC - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
    MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [Auto | Stopped] -- -- (BCWipeSvc)
    SRV - File not found [Auto | Stopped] -- -- (asp.net)
    SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
    SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2007/04/23 12:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) [On_Demand | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
    SRV - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
    SRV - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/06/22 16:34:55 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7932239F-0C1B-4EEA-B152-102A67973A77}\MpKsl04680446.sys -- (MpKsl04680446)
    DRV - [2010/02/08 09:25:06 | 000,092,096 | ---- | M] (Jetico, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bcswap.sys -- (BCSWAP)
    DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
    DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2007/11/01 08:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/11/01 08:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2007/11/01 08:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
    DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2006/07/26 22:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
    DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.gmail.com"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 23:22:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 23:22:44 | 000,000,000 | ---D | M]

    [2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
    [2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions
    [2010/09/20 02:56:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/04/20 17:30:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/02/16 20:15:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/02/16 20:15:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/02/16 20:15:41 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/07/01 03:09:32 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\webmaster@keep-tube.com
    [2009/08/31 09:29:54 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\aim-search.xml
    [2009/09/03 03:05:38 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\bing.xml
    [2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/12 08:50:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/08/12 08:50:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/08/12 08:50:21 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2007/04/16 18:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

    O1 HOSTS File: ([2010/08/11 23:12:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (no name) - {AAE725F3-298B-4FEF-82EE-FAF909639409} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
    O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [3599296444] C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe ()
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209056789750 (WUWebControl Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/23 16:55:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell - "" = AutoRun
    O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell - "" = AutoRun
    O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell - "" = AutoRun
    O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell - "" = AutoRun
    O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\Auto\command - "" = E:\asp.net
    O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL asp.net
    O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell - "" = AutoRun
    O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell - "" = AutoRun
    O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "%1" %* ()
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "%1" %* ()

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/22 16:44:32 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
    [2011/06/22 16:40:50 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    [2011/06/22 03:16:16 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
    [2011/06/22 03:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2)_files
    [2011/05/28 18:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
    [2010/09/29 00:53:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys
    [2010/07/27 03:24:59 | 002,041,097 | ---- | C] (Codyssey.com) -- C:\Program Files\FreeraserSetup.exe
    [2010/07/27 02:52:19 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup234.exe
    [2010/06/04 04:04:01 | 000,895,800 | ---- | C] (QueTek Consulting Corporation ) -- C:\Program Files\32fsu32.exe
    [2010/06/04 03:34:31 | 006,526,745 | ---- | C] (DiskInternals Research) -- C:\Program Files\Uneraser_Setup.exe
    [2010/06/04 03:04:42 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\pci_filerecovery.exe
    [2010/06/03 14:13:07 | 009,159,568 | ---- | C] (The Eraser Project) -- C:\Program Files\Eraser 6.0.7.1893.exe
    [2010/03/16 04:10:05 | 008,874,432 | ---- | C] (Vuze Inc.) -- C:\Program Files\Vuze_Installer.exe
    [2010/03/12 04:27:08 | 015,701,326 | ---- | C] (Igor Pavlov) -- C:\Program Files\tor-browser-1.3.3_en-US.exe
    [2009/11/07 23:20:52 | 000,289,280 | ---- | C] (Jonathan Kay) -- C:\Program Files\ZapMessenger.exe
    [2008/09/27 18:44:26 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
    [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/06/22 16:46:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E8C9BE01-1CE1-493E-917A-782BA8184290}.job
    [2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
    [2011/06/22 16:42:53 | 000,015,240 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
    [2011/06/22 16:42:53 | 000,015,240 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
    [2011/06/22 16:39:55 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/06/22 16:36:09 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-2147149321-725345543-1004.job
    [2011/06/22 16:36:06 | 000,013,868 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/06/22 16:36:06 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/06/22 16:36:06 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-User-Startup.job
    [2011/06/22 16:34:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/06/22 16:34:26 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    [2011/06/22 04:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/06/22 03:16:37 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
    [2011/06/22 03:14:41 | 000,055,334 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2).htm
    [2011/06/22 03:14:20 | 000,049,557 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide).htm
    [2011/06/22 02:29:12 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe
    [2011/06/22 01:58:33 | 000,156,177 | ---- | M] () -- C:\Documents and Settings\User\Desktop\books-everyone-should-read.jpg
    [2011/06/21 12:28:36 | 000,497,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/06/21 12:28:36 | 000,086,752 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/06/17 03:06:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/06/16 17:45:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Citigroup-mar-5-2006-plutonomy-report-part-2-1-1.pdf
    [2011/06/16 14:47:50 | 000,001,150 | ---- | M] () -- C:\Documents and Settings\User\My Documents\209-r1-thejohnmurrayshow-2010-11-26.smil
    [2011/06/16 14:45:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-2147149321-725345543-1004.job
    [2011/06/15 01:42:14 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/14 23:54:08 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\User\My Documents\My Sharing Folders.lnk
    [2011/06/10 16:46:29 | 000,022,715 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Planning a Just Society.odt
    [2011/05/31 02:01:30 | 000,311,443 | ---- | M] () -- C:\Documents and Settings\User\Desktop\1528434.pdf
    [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/06/22 16:34:26 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
    [2011/06/22 03:14:39 | 000,055,334 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2).htm
    [2011/06/22 03:14:20 | 000,049,557 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide).htm
    [2011/06/22 02:29:15 | 000,015,240 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
    [2011/06/22 02:29:15 | 000,015,240 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
    [2011/06/22 02:29:12 | 000,339,968 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe
    [2011/06/22 01:58:17 | 000,156,177 | ---- | C] () -- C:\Documents and Settings\User\Desktop\books-everyone-should-read.jpg
    [2011/06/16 17:44:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Citigroup-mar-5-2006-plutonomy-report-part-2-1-1.pdf
    [2011/06/16 14:47:47 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\User\My Documents\209-r1-thejohnmurrayshow-2010-11-26.smil
    [2011/06/10 16:46:28 | 000,022,715 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Planning a Just Society.odt
    [2011/05/31 02:01:11 | 000,311,443 | ---- | C] () -- C:\Documents and Settings\User\Desktop\1528434.pdf
    [2011/03/13 19:43:25 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
    [2010/09/29 21:21:35 | 000,002,023 | ---- | C] () -- C:\WINDOWS\CTREBOOT.INI
    [2010/09/29 01:53:18 | 000,643,072 | ---- | C] () -- C:\Program Files\RipIt4Me.exe
    [2010/09/29 00:53:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\User\Application Data\inst.exe
    [2010/09/29 00:53:47 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.cat
    [2010/09/29 00:53:47 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.inf
    [2010/09/21 00:57:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2010/09/17 16:25:56 | 001,094,021 | ---- | C] () -- C:\Program Files\dvdshrink32setup1.zip
    [2010/08/12 11:59:45 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2010/08/12 08:35:05 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/11 23:03:14 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/08/11 23:03:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/08/11 23:03:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/08/11 23:03:14 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/08/11 23:03:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/07/27 02:48:05 | 001,332,417 | ---- | C] () -- C:\Program Files\quickwiper_wizard.exe
    [2010/06/24 20:46:33 | 000,000,311 | ---- | C] () -- C:\WINDOWS\System32\pl5sdg.dat
    [2010/06/10 03:19:35 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\Application Data\qcopjv.dat
    [2010/06/04 02:57:48 | 000,234,966 | ---- | C] () -- C:\Program Files\REST2514.EXE
    [2010/06/04 02:31:44 | 001,509,888 | ---- | C] () -- C:\Program Files\DiskDigger.exe
    [2010/03/12 01:29:32 | 010,428,143 | ---- | C] () -- C:\Program Files\FreenetInstaller-1241.exe
    [2010/02/26 12:45:41 | 000,000,013 | ---- | C] () -- C:\WINDOWS\urhtps.dat
    [2009/12/17 06:24:59 | 008,834,504 | ---- | C] () -- C:\Program Files\RMSetup.exe
    [2009/12/17 06:08:47 | 008,486,872 | ---- | C] () -- C:\Program Files\FCTBSetup.exe
    [2009/11/10 20:07:37 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
    [2009/11/09 05:50:28 | 001,945,088 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
    [2009/11/09 05:50:28 | 000,219,136 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
    [2009/11/09 05:50:28 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\avutil.dll
    [2009/11/09 05:50:05 | 000,759,917 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/11/07 23:28:37 | 000,000,402 | ---- | C] () -- C:\Program Files\ResHacker.ini
    [2009/11/07 23:28:06 | 000,014,781 | ---- | C] () -- C:\Program Files\Dialogs.def
    [2009/11/07 23:28:05 | 000,881,664 | ---- | C] () -- C:\Program Files\ResHacker.exe
    [2009/11/07 23:27:45 | 000,554,899 | ---- | C] () -- C:\Program Files\reshack.zip
    [2009/11/07 23:20:43 | 000,108,395 | ---- | C] () -- C:\Program Files\ZapMessenger.zip
    [2009/05/19 22:54:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\getpntid.exe
    [2009/05/18 02:51:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009/03/01 02:40:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\_id.dat
    [2009/01/09 08:16:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/09/12 05:11:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2008/08/05 21:27:19 | 000,000,057 | ---- | C] () -- C:\WINDOWS\custvoic.ini
    [2008/05/08 03:54:32 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
    [2008/05/08 03:41:02 | 000,090,696 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
    [2008/05/08 03:41:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
    [2008/04/26 16:23:14 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/04/23 19:47:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\VMInstNT.exe
    [2008/04/23 19:47:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\VM303UninstNT.exe
    [2008/04/23 19:46:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
    [2008/04/23 17:31:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/04/23 17:28:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2008/04/23 17:03:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/04/23 16:59:27 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2008/04/23 16:51:18 | 000,034,284 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
    [2006/03/15 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006/03/15 13:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
    [2006/03/15 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/03/15 13:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
    [2006/03/15 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/03/15 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/03/15 13:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
    [2006/03/15 13:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
    [2006/03/15 13:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
    [2006/03/15 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/03/15 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/03/15 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/03/15 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006/03/15 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/10 20:00:00 | 000,497,830 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/10 20:00:00 | 000,086,752 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/10 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/10 05:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

    ========== LOP Check ==========

    [2010/03/16 04:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2008/05/19 17:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
    [2008/06/25 05:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2010/07/02 05:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
    [2008/05/11 02:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2008/06/25 05:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2008/06/25 05:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2010/09/27 22:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
    [2010/09/16 00:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2010/09/17 20:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/08/29 06:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/11/22 21:30:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
    [2009/11/22 21:30:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83F61D74-0DA9-475B-BAF3-D4F153A02B30}
    [2010/07/24 14:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Azureus
    [2010/09/27 22:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Broad Intelligence
    [2009/01/09 08:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\COWON
    [2010/09/22 20:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMZilla
    [2009/01/13 11:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\foobar2000
    [2008/12/15 02:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ieSpell
    [2009/11/12 04:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Java
    [2010/05/15 05:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LimeWire
    [2008/09/14 23:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSNInstaller
    [2008/05/11 02:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Swift Sound
    [2008/06/25 05:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia
    [2008/07/28 18:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia Multimedia Player
    [2009/07/07 02:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
    [2009/05/18 02:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
    [2008/06/25 05:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite
    [2010/09/22 21:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Publish Providers
    [2010/09/29 01:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\RipIt4Me
    [2010/09/22 21:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
    [2010/12/15 20:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
    [2010/09/29 00:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Vso
    [2011/06/22 16:39:55 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2011/06/22 16:36:06 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-User-Startup.job
    [2011/06/22 16:46:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E8C9BE01-1CE1-493E-917A-782BA8184290}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Documents and Settings\User\Desktop\01 Intro PCP.avi:TOC.WMV

    < End of report >


    [code]OTL logfile created on: 22/06/2011 16:44:57 - Run 3
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1013.98 Mb Total Physical Memory | 566.13 Mb Available Physical Memory | 55.83% Memory free
    2.38 Gb Paging File | 2.03 Gb Available in Paging File | 85.17% Paging File free
    Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 15.81 Gb Free Space | 14.15% Space Free | Partition Type: NTFS
    Drive E: | 7.44 Gb Total Space | 4.45 Gb Free Space | 59.79% Space Free | Partition Type: FAT32

    Computer Name: USER-8368896966 | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
    PRC - [2011/06/22 02:29:12 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe
    PRC - [2011/01/11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/09/21 00:37:34 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    PRC - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
    MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [Auto | Stopped] -- -- (BCWipeSvc)
    SRV - File not found [Auto | Stopped] -- -- (asp.net)
    SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
    SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2007/04/23 12:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) [On_Demand | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
    SRV - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
    SRV - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/06/22 16:34:55 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7932239F-0C1B-4EEA-B152-102A67973A77}\MpKsl04680446.sys -- (MpKsl04680446)
    DRV - [2010/02/08 09:25:06 | 000,092,096 | ---- | M] (Jetico, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bcswap.sys -- (BCSWAP)
    DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
    DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2007/11/01 08:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/11/01 08:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2007/11/01 08:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
    DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2006/07/26 22:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
    DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=&quot;
    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.gmail.com"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 23:22:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 23:22:44 | 000,000,000 | ---D | M]

    [2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
    [2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions
    [2010/09/20 02:56:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/04/20 17:30:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/02/16 20:15:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/02/16 20:15:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/02/16 20:15:41 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/07/01 03:09:32 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\webmaster@keep-tube.com
    [2009/08/31 09:29:54 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\aim-search.xml
    [2009/09/03 03:05:38 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\bing.xml
    [2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/12 08:50:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/08/12 08:50:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/08/12 08:50:21 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2007/04/16 18:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

    O1 HOSTS File: ([2010/08/11 23:12:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (no name) - {AAE725F3-298B-4FEF-82EE-FAF909639409} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
    O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [3599296444] C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe ()
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209056789750 (WUWebControl Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/23 16:55:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell - "" = AutoRun
    O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell - "" = AutoRun
    O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell - "" = AutoRun
    O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell - "" = AutoRun
    O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\Auto\command - "" = E:\asp.net
    O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL asp.net
    O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell - "" = AutoRun
    O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell - "" = AutoRun
    O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "%1" %* ()
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "%1" %* ()

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/22 16:44:32 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
    [2011/06/22 16:40:50 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    [2011/06/22 03:16:16 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
    [2011/06/22 03:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2)_files
    [2011/05/28 18:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
    [2010/09/29 00:53:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys
    [2010/07/27 03:24:59 | 002,041,097 | ---- | C] (Codyssey.com) -- C:\Program Files\FreeraserSetup.exe
    [2010/07/27 02:52:19 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup234.exe
    [2010/06/04 04:04:01 | 000,895,800 | ---- | C] (QueTek Consulting Corporation ) -- C:\Program Files\32fsu32.exe
    [2010/06/04 03:34:31 | 006,526,745 | ---- | C] (DiskInternals Research) -- C:\Program Files\Uneraser_Setup.exe
    [2010/06/04 03:04:42 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\pci_filerecovery.exe
    [2010/06/03 14:13:07 | 009,159,568 | ---- | C] (The Eraser Project) -- C:\Program Files\Eraser 6.0.7.1893.exe
    [2010/03/16 04:10:05 | 008,874,432 | ---- | C] (Vuze Inc.) -- C:\Program Files\Vuze_Installer.exe
    [2010/03/12 04:27:08 | 015,701,326 | ---- | C] (Igor Pavlov) -- C:\Program Files\tor-browser-1.3.3_en-US.exe
    [2009/11/07 23:20:52 | 000,289,280 | ---- | C] (Jonathan Kay) -- C:\Program Files\ZapMessenger.exe
    [2008/09/27 18:44:26 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
    [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/06/22 16:46:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E8C9BE01-1CE1-493E-917A-782BA8184290}.job
    [2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
    [2011/06/22 16:42:53 | 000,015,240 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
    [2011/06/22 16:42:53 | 000,015,240 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
    [2011/06/22 16:39:55 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/06/22 16:36:09 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-2147149321-725345543-1004.job
    [2011/06/22 16:36:06 | 000,013,868 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/06/22 16:36:06 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/06/22 16:36:06 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-User-Startup.job
    [2011/06/22 16:34:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/06/22 16:34:26 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    [2011/06/22 04:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/06/22 03:16:37 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
    [2011/06/22 03:14:41 | 000,055,334 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2).htm
    [2011/06/22 03:14:20 | 000,049,557 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide).htm
    [2011/06/22 02:29:12 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe
    [2011/06/22 01:58:33 | 000,156,177 | ---- | M] () -- C:\Documents and Settings\User\Desktop\books-everyone-should-read.jpg
    [2011/06/21 12:28:36 | 000,497,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/06/21 12:28:36 | 000,086,752 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/06/17 03:06:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/06/16 17:45:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Citigroup-mar-5-2006-plutonomy-report-part-2-1-1.pdf
    [2011/06/16 14:47:50 | 000,001,150 | ---- | M] () -- C:\Documents and Settings\User\My Documents\209-r1-thejohnmurrayshow-2010-11-26.smil
    [2011/06/16 14:45:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeS


  • #4
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    Open OTL paste this in the custom scan/fixes box at the bottom


    :OTL
    SRV - File not found [Auto | Stopped] -- -- (asp.net)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (no name) - {AAE725F3-298B-4FEF-82EE-FAF909639409} - No CLSID value found.
    O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
    O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
    O4 - HKCU..\Run: [3599296444] C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe ()
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
    O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell - "" = AutoRun
    O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell - "" = AutoRun
    O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell - "" = AutoRun
    O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell - "" = AutoRun
    O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\Auto\command - "" = E:\asp.net
    O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL asp.net
    O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell - "" = AutoRun
    O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell - "" = AutoRun
    O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\Auto\command - "" = E:\Cn911.exe
    O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
    O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "%1" %* ()
    O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "%1" %* ()
    [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
    [2011/06/22 16:42:53 | 000,015,240 | -HS- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
    [2011/06/22 16:42:53 | 000,015,240 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
    [2011/06/22 02:29:12 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe
    [2011/06/22 02:29:15 | 000,015,240 | -HS- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
    [2011/06/22 02:29:15 | 000,015,240 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4
    [2011/06/22 02:29:12 | 000,339,968 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe

    :Files
    ipconfig /flushdns /c
    %systemroot%\prefetch\*.*
    Cn911.exe /s /alldrives
    C:\kcf.exe /s
    C:\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 /s

    :Commands
    [Purity]
    [ResetHosts]
    [EmptyFlash]
    [EmptyTemp]
    [CreateRestorePoint]
    [Reboot]


    Click Run Fix. Reboot the PC



    Open OTL again click Quick Scan post that log here


  • #5
    Butch Cassidy
    Closed Accounts Posts: 1,409 ✭✭✭Butch Cassidy


    After the reboot it appears to be gone. The fake scan popups had been opening up anytime I tried opening a programme. They haven't appeared.


    This log opened after the reboot:

    All processes killed
    ========== OTL ==========
    Service asp.net stopped successfully!
    Service asp.net deleted successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAE725F3-298B-4FEF-82EE-FAF909639409}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAE725F3-298B-4FEF-82EE-FAF909639409}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0cda128-b425-4eef-a174-61a11ac5dbf8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{61539ecd-cc67-4437-a03c-9aaccbd14326} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ecd-cc67-4437-a03c-9aaccbd14326}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\3599296444 deleted successfully.
    C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23019b67-1152-11dd-9885-9f6259b3be33}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23019b67-1152-11dd-9885-9f6259b3be33}\ not found.
    File E:\Cn911.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23019b67-1152-11dd-9885-9f6259b3be33}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23019b67-1152-11dd-9885-9f6259b3be33}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23019b67-1152-11dd-9885-9f6259b3be33}\ not found.
    File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34f84a10-2108-11dd-98b4-0018de15e57b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34f84a10-2108-11dd-98b4-0018de15e57b}\ not found.
    File E:\Cn911.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34f84a10-2108-11dd-98b4-0018de15e57b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34f84a10-2108-11dd-98b4-0018de15e57b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34f84a10-2108-11dd-98b4-0018de15e57b}\ not found.
    File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ not found.
    File E:\Cn911.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57e0fc6a-1d23-11dd-98aa-0018de15e57b}\ not found.
    File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ not found.
    File E:\asp.net not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a92c9284-8d05-11df-a7b4-0018de15e57b}\ not found.
    File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL asp.net not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e79844a0-60a1-11dd-9956-0018de15e57b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e79844a0-60a1-11dd-9956-0018de15e57b}\ not found.
    File E:\Cn911.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e79844a0-60a1-11dd-9956-0018de15e57b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e79844a0-60a1-11dd-9956-0018de15e57b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e79844a0-60a1-11dd-9956-0018de15e57b}\ not found.
    File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ not found.
    File E:\Cn911.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eab0200a-1d22-11dd-98a9-0018de15e57b}\ not found.
    File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe not found.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
    File "C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "%1" %* not found.
    Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ deleted successfully.
    HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
    C:\WINDOWS\System32\dllcache\SET3BA.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET3BB.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\System32\SET3A3.tmp deleted successfully.
    C:\WINDOWS\System32\SET3A4.tmp deleted successfully.
    C:\WINDOWS\System32\SET3AD.tmp deleted successfully.
    C:\WINDOWS\System32\SET3B7.tmp deleted successfully.
    C:\WINDOWS\System32\SET3B8.tmp deleted successfully.
    C:\WINDOWS\System32\SET3B9.tmp deleted successfully.
    C:\WINDOWS\System32\SET3C1.tmp deleted successfully.
    C:\WINDOWS\System32\SET4.tmp deleted successfully.
    C:\WINDOWS\System32\SET5.tmp deleted successfully.
    C:\WINDOWS\System32\SET55.tmp deleted successfully.
    C:\WINDOWS\System32\SET5E.tmp deleted successfully.
    C:\WINDOWS\System32\SET60.tmp deleted successfully.
    C:\WINDOWS\System32\SET61.tmp deleted successfully.
    C:\WINDOWS\System32\SET70.tmp deleted successfully.
    C:\WINDOWS\System32\SETB4.tmp deleted successfully.
    C:\WINDOWS\000001_.tmp deleted successfully.
    C:\WINDOWS\003140_.tmp deleted successfully.
    C:\WINDOWS\SET12C.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\SETDA.tmp deleted successfully.
    C:\WINDOWS\SETDD.tmp deleted successfully.
    C:\WINDOWS\SETE9.tmp deleted successfully.
    C:\WINDOWS\~GLC0000.TMP deleted successfully.
    C:\WINDOWS\~GLC0001.TMP deleted successfully.
    C:\~BCWipe.tmp\MFT_DIR\0.TMP deleted successfully.
    C:\~BCWipe.tmp\MFT_DIR\1.TMP deleted successfully.
    C:\~BCWipe.tmp\MFT_DIR folder deleted successfully.
    C:\~BCWipe.tmp\0.TMP deleted successfully.
    C:\~BCWipe.tmp\1.TMP deleted successfully.
    C:\~BCWipe.tmp\2.TMP deleted successfully.
    C:\~BCWipe.tmp\WIP185.tmp deleted successfully.
    C:\~BCWipe.tmp folder deleted successfully.
    C:\Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 moved successfully.
    C:\Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 moved successfully.
    File C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe not found.
    File C:\Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 not found.
    File C:\Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 not found.
    File C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
    C:\WINDOWS\prefetch\ACRORD32.EXE-3A1F13AE.pf moved successfully.
    C:\WINDOWS\prefetch\ACRORD32INFO.EXE-242CE4AA.pf moved successfully.
    C:\WINDOWS\prefetch\ADOBEARM.EXE-2D1B11BF.pf moved successfully.
    C:\WINDOWS\prefetch\ADOBECOLLABSYNC.EXE-3AEB73D9.pf moved successfully.
    C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf moved successfully.
    C:\WINDOWS\prefetch\AM_BASE.EXE-20AD945D.pf moved successfully.
    C:\WINDOWS\prefetch\AM_DELTA.EXE-2F7A6F0C.pf moved successfully.
    C:\WINDOWS\prefetch\AM_DELTA_PATCH1.EXE-1E34A3CB.pf moved successfully.
    C:\WINDOWS\prefetch\AM_DELTA_PATCH2.EXE-1B96EA75.pf moved successfully.
    C:\WINDOWS\prefetch\AM_DELTA_PATCH3.EXE-3367F33D.pf moved successfully.
    C:\WINDOWS\prefetch\AM_ENGINE_PATCH1.EXE-0C15AD30.pf moved successfully.
    C:\WINDOWS\prefetch\AVCMANU.EXE-30BE0B32.pf moved successfully.
    C:\WINDOWS\prefetch\CENTRALE.EXE-2BB601C8.pf moved successfully.
    C:\WINDOWS\prefetch\CHDAUDPROPSHORTCUT.EXE-1BFACDD2.pf moved successfully.
    C:\WINDOWS\prefetch\CSRSS.EXE-12B63473.pf moved successfully.
    C:\WINDOWS\prefetch\CTFMON.EXE-0E17969B.pf moved successfully.
    C:\WINDOWS\prefetch\DEFRAG.EXE-273F131E.pf moved successfully.
    C:\WINDOWS\prefetch\DFRGNTFS.EXE-269967DF.pf moved successfully.
    C:\WINDOWS\prefetch\DIVXUPDATE.EXE-24EAF9C6.pf moved successfully.
    C:\WINDOWS\prefetch\DLLHOST.EXE-42807EE4.pf moved successfully.
    C:\WINDOWS\prefetch\DRWTSN32.EXE-2B4B52AC.pf moved successfully.
    C:\WINDOWS\prefetch\DWWIN.EXE-30875ADC.pf moved successfully.
    C:\WINDOWS\prefetch\EHTRAY.EXE-02EFC9BD.pf moved successfully.
    C:\WINDOWS\prefetch\EKIJ5000MUI.EXE-38D59FE9.pf moved successfully.
    C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf moved successfully.
    C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf moved successfully.
    C:\WINDOWS\prefetch\FLASHUTIL10I_PLUGIN.EXE-12E2B032.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-0DCC203F.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-27F2A53C.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLEEARTH-WIN-BUNDLE-6.0.3.-20806D3C.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLEEARTH.EXE-0ECDFF2A.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLEQUICKSEARCHBOX.EXE-0A3FF7F0.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLEQUICKSEARCHBOXSETUP_F8D-1EAFAA8C.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLETOOLBARINSTALLER_UPDATE-21B01BE0.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_B12CA2CB-043AC4A2.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_C8CBFED7-39E8F175.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-0FA8E2C4.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-1E123D86.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLEUPDATEONDEMAND.EXE-0C430DEB.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLEUPDATEONDEMAND.EXE-3298D0AF.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLEUPDATERSERVICE_5898FABC-323CF2AE.pf moved successfully.
    C:\WINDOWS\prefetch\GOOGLEUPDATESETUP.EXE-01C83334.pf moved successfully.
    C:\WINDOWS\prefetch\GP5.EXE-20FA1F68.pf moved successfully.
    C:\WINDOWS\prefetch\HELPER.EXE-0415776D.pf moved successfully.
    C:\WINDOWS\prefetch\HELPSVC.EXE-2878DDA2.pf moved successfully.
    C:\WINDOWS\prefetch\HKCMD.EXE-1D05234B.pf moved successfully.
    C:\WINDOWS\prefetch\HPQWMIEX.EXE-1982D280.pf moved successfully.
    C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf moved successfully.
    C:\WINDOWS\prefetch\IGFXPERS.EXE-2C07C174.pf moved successfully.
    C:\WINDOWS\prefetch\IGFXSRVC.EXE-2FB63FE8.pf moved successfully.
    C:\WINDOWS\prefetch\IGFXTRAY.EXE-3391579A.pf moved successfully.
    C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf moved successfully.
    C:\WINDOWS\prefetch\JAUCHECK.EXE-0CBF467B.pf moved successfully.
    C:\WINDOWS\prefetch\JAVA.EXE-0C263507.pf moved successfully.
    C:\WINDOWS\prefetch\JAVAW.EXE-2DC32ABC.pf moved successfully.
    C:\WINDOWS\prefetch\JAVAWS.EXE-021AC9A9.pf moved successfully.
    C:\WINDOWS\prefetch\JQSNOTIFY.EXE-24AE4A36.pf moved successfully.
    C:\WINDOWS\prefetch\JRE-6U24-WINDOWS-I586-IFTW-RV-38315F87.pf moved successfully.
    C:\WINDOWS\prefetch\JRE-6U26-WINDOWS-I586-IFTW-RV-1F5EB7D4.pf moved successfully.
    C:\WINDOWS\prefetch\JUCHECK.EXE-1B0E4D0A.pf moved successfully.
    C:\WINDOWS\prefetch\JUSCHED.EXE-0F4A509D.pf moved successfully.
    C:\WINDOWS\prefetch\KHOST.EXE-0B46E9A4.pf moved successfully.
    C:\WINDOWS\prefetch\Layout.ini moved successfully.
    C:\WINDOWS\prefetch\LOGON.SCR-151EFAEA.pf moved successfully.
    C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf moved successfully.
    C:\WINDOWS\prefetch\MCRDSVC.EXE-0560ADD0.pf moved successfully.
    C:\WINDOWS\prefetch\MPCMDRUN.EXE-1F94F686.pf moved successfully.
    C:\WINDOWS\prefetch\MPSIGSTUB.EXE-1D30D19B.pf moved successfully.
    C:\WINDOWS\prefetch\MRT.EXE-1B4A8D49.pf moved successfully.
    C:\WINDOWS\prefetch\MRTSTUB.EXE-13E953EE.pf moved successfully.
    C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf moved successfully.
    C:\WINDOWS\prefetch\MSMSGS.EXE-2B6052DE.pf moved successfully.
    C:\WINDOWS\prefetch\MSNMSGR.EXE-030AB647.pf moved successfully.
    C:\WINDOWS\prefetch\MSPAINT.EXE-11CBB631.pf moved successfully.
    C:\WINDOWS\prefetch\MSSECES.EXE-14257906.pf moved successfully.
    C:\WINDOWS\prefetch\MSVS.EXE-129B5DE4.pf moved successfully.
    C:\WINDOWS\prefetch\NARRATOR.EXE-07D10D8F.pf moved successfully.
    C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf moved successfully.
    C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
    C:\WINDOWS\prefetch\PLUGIN-CONTAINER.EXE-15EDC9DD.pf moved successfully.
    C:\WINDOWS\prefetch\QTTASK.EXE-342507FB.pf moved successfully.
    C:\WINDOWS\prefetch\QUICKSTART.EXE-24C38DA1.pf moved successfully.
    C:\WINDOWS\prefetch\READER_SL.EXE-2B4EA1CB.pf moved successfully.
    C:\WINDOWS\prefetch\REALPLAY.EXE-1BF219BD.pf moved successfully.
    C:\WINDOWS\prefetch\REALSCHED.EXE-3282FD31.pf moved successfully.
    C:\WINDOWS\prefetch\REALUPGRADE.EXE-38293202.pf moved successfully.
    C:\WINDOWS\prefetch\RNUPGAGENT.EXE-36B1B614.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-12E27DD0.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-14A70B94.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-1971D829.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-1995B5A7.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-1A7CCCD7.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-1AC673A6.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-1C59F335.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-1D5FD497.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-2252FEBF.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-2576181F.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-2670F547.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-32A4F6A3.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-3A2DCA87.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-3AF48820.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-3D32481F.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-46E23FFA.pf moved successfully.
    C:\WINDOWS\prefetch\SCALC.EXE-066871DC.pf moved successfully.
    C:\WINDOWS\prefetch\SEARCHWITHGOOGLEUPDATE_86D232-12B7CA4C.pf moved successfully.
    C:\WINDOWS\prefetch\SIMPRESS.EXE-36866A3E.pf moved successfully.
    C:\WINDOWS\prefetch\SNDVOL32.EXE-383480B7.pf moved successfully.
    C:\WINDOWS\prefetch\SOFFICE.BIN-01E25E9C.pf moved successfully.
    C:\WINDOWS\prefetch\SOFFICE.EXE-358D937C.pf moved successfully.
    C:\WINDOWS\prefetch\SWRITER.EXE-38A9F6BD.pf moved successfully.
    C:\WINDOWS\prefetch\SYNTPENH.EXE-315D3ABC.pf moved successfully.
    C:\WINDOWS\prefetch\SYNTPSTART.EXE-25038CFE.pf moved successfully.
    C:\WINDOWS\prefetch\TASKMGR.EXE-20256C55.pf moved successfully.
    C:\WINDOWS\prefetch\UPDATER.EXE-1854D1BE.pf moved successfully.
    C:\WINDOWS\prefetch\USERINIT.EXE-30B18140.pf moved successfully.
    C:\WINDOWS\prefetch\USNSVC.EXE-2DF2835C.pf moved successfully.
    C:\WINDOWS\prefetch\UTILMAN.EXE-0985F07B.pf moved successfully.
    C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf moved successfully.
    C:\WINDOWS\prefetch\VLC.EXE-22DF01AA.pf moved successfully.
    C:\WINDOWS\prefetch\WINDOWS-KB890830-V3.19-DELTA.-3024EBAE.pf moved successfully.
    C:\WINDOWS\prefetch\WINLOGON.EXE-32C57D49.pf moved successfully.
    C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf moved successfully.
    C:\WINDOWS\prefetch\WLXQUICKTIMECONTROLHOST.EXE-271639BF.pf moved successfully.
    C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.
    C:\WINDOWS\prefetch\WMPLAYER.EXE-18DDEFA2.pf moved successfully.
    C:\WINDOWS\prefetch\WSCNTFY.EXE-1B24F5EB.pf moved successfully.
    C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.
    Cn911.exe not found in C:\
    C:\_OTL\MovedFiles\06222011_174518\C_Documents and Settings\User\Local Settings\Application Data\kcf.exe moved successfully.
    C:\_OTL\MovedFiles\06222011_174518\C_Documents and Settings\All Users\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 moved successfully.
    C:\_OTL\MovedFiles\06222011_174518\C_Documents and Settings\User\Local Settings\Application Data\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 moved successfully.
    C:\Documents and Settings\User\Local Settings\Temp\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 moved successfully.
    C:\Documents and Settings\User\Templates\yq60e1x8k4c2giu5a55fo4l57qgb58o3errmc3k6xjsf4 moved successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYFLASH]

    User: Account 1
    ->Flash cache emptied: 330374 bytes

    User: Administrator

    User: Administrator.USER-8368896966
    ->Flash cache emptied: 864 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 41620 bytes

    User: Guest
    ->Flash cache emptied: 185780 bytes

    User: LocalService

    User: NetworkService

    User: User
    ->Flash cache emptied: 2060847 bytes

    Total Flash Files Cleaned = 2.00 mb


    [EMPTYTEMP]

    User: Account 1
    ->Temp folder emptied: 3653562 bytes
    ->Temporary Internet Files folder emptied: 9650338 bytes
    ->Java cache emptied: 19916762 bytes
    ->FireFox cache emptied: 106114382 bytes
    ->Flash cache emptied: 0 bytes

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Administrator.USER-8368896966
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 16500313 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 39504470 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78991 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 112094 bytes

    User: NetworkService
    ->Temp folder emptied: 1206412 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: User
    ->Temp folder emptied: 801479877 bytes
    ->Temporary Internet Files folder emptied: 142570208 bytes
    ->Java cache emptied: 451539 bytes
    ->FireFox cache emptied: 54048536 bytes
    ->Opera cache emptied: 2866069 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10838 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 173230461 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
    RecycleBin emptied: 2046705449 bytes

    Total Files Cleaned = 3,260.00 mb

    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.24.1 log created on 06222011_174518

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF18A9.tmp not found!
    File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF18B8.tmp not found!
    File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF197A.tmp not found!
    File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF1A02.tmp not found!
    File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF1B16.tmp not found!
    File\Folder C:\Documents and Settings\User\Local Settings\Temp\~DF1B5C.tmp not found!
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\Y8K01OUF\showthread[1].htm moved successfully.
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...


    This is what I got after the scan:

    OTL logfile created on: 22/06/2011 17:56:56 - Run 4
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\User\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1013.98 Mb Total Physical Memory | 544.13 Mb Available Physical Memory | 53.66% Memory free
    2.38 Gb Paging File | 2.00 Gb Available in Paging File | 84.06% Paging File free
    Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 18.74 Gb Free Space | 16.77% Space Free | Partition Type: NTFS

    Computer Name: USER-8368896966 | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    PRC - [2011/01/11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/09/21 00:37:34 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    PRC - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [Auto | Stopped] -- -- (BCWipeSvc)
    SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
    SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2007/04/23 12:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) [On_Demand | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
    SRV - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
    SRV - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/06/22 17:51:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7932239F-0C1B-4EEA-B152-102A67973A77}\MpKslc8495e60.sys -- (MpKslc8495e60)
    DRV - [2011/06/22 16:34:55 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7932239F-0C1B-4EEA-B152-102A67973A77}\MpKsl04680446.sys -- (MpKsl04680446)
    DRV - [2010/02/08 09:25:06 | 000,092,096 | ---- | M] (Jetico, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bcswap.sys -- (BCSWAP)
    DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
    DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2007/11/01 08:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/11/01 08:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2007/11/01 08:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
    DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2006/07/26 22:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
    DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=&quot;
    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.gmail.com"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 23:22:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 23:22:44 | 000,000,000 | ---D | M]

    [2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
    [2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions
    [2010/09/20 02:56:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/04/20 17:30:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/02/16 20:15:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/02/16 20:15:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/02/16 20:15:41 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/07/01 03:09:32 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\webmaster@keep-tube.com
    [2009/08/31 09:29:54 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\aim-search.xml
    [2009/09/03 03:05:38 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\bing.xml
    [2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/12 08:50:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/08/12 08:50:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/08/12 08:50:21 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2007/04/16 18:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

    O1 HOSTS File: ([2011/06/22 17:48:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209056789750 (WUWebControl Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/23 16:55:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/22 17:45:18 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/06/22 17:38:10 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
    [2011/06/22 17:32:01 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.51.0.1200.exe
    [2011/06/22 17:25:53 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\TFC.exe
    [2011/06/22 16:44:32 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
    [2011/06/22 16:40:50 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    [2011/06/22 03:16:16 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
    [2011/06/22 03:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2)_files
    [2011/05/28 18:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
    [2010/09/29 00:53:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys
    [2010/07/27 03:24:59 | 002,041,097 | ---- | C] (Codyssey.com) -- C:\Program Files\FreeraserSetup.exe
    [2010/07/27 02:52:19 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup234.exe
    [2010/06/04 04:04:01 | 000,895,800 | ---- | C] (QueTek Consulting Corporation ) -- C:\Program Files\32fsu32.exe
    [2010/06/04 03:34:31 | 006,526,745 | ---- | C] (DiskInternals Research) -- C:\Program Files\Uneraser_Setup.exe
    [2010/06/04 03:04:42 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\pci_filerecovery.exe
    [2010/06/03 14:13:07 | 009,159,568 | ---- | C] (The Eraser Project) -- C:\Program Files\Eraser 6.0.7.1893.exe
    [2010/03/16 04:10:05 | 008,874,432 | ---- | C] (Vuze Inc.) -- C:\Program Files\Vuze_Installer.exe
    [2010/03/12 04:27:08 | 015,701,326 | ---- | C] (Igor Pavlov) -- C:\Program Files\tor-browser-1.3.3_en-US.exe
    [2009/11/07 23:20:52 | 000,289,280 | ---- | C] (Jonathan Kay) -- C:\Program Files\ZapMessenger.exe
    [2008/09/27 18:44:26 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/06/22 18:01:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E8C9BE01-1CE1-493E-917A-782BA8184290}.job
    [2011/06/22 17:56:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/06/22 17:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/06/22 17:53:17 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-2147149321-725345543-1004.job
    [2011/06/22 17:53:14 | 000,013,868 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/06/22 17:53:14 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/06/22 17:53:14 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-User-Startup.job
    [2011/06/22 17:51:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/06/22 17:50:54 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/22 17:48:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2011/06/22 17:38:16 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
    [2011/06/22 17:36:25 | 001,007,120 | ---- | M] () -- C:\iExplore.exe
    [2011/06/22 17:35:47 | 001,007,120 | ---- | M] () -- C:\rkill.com
    [2011/06/22 17:32:13 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.51.0.1200.exe
    [2011/06/22 17:27:52 | 000,513,320 | ---- | M] () -- C:\erunt.zip
    [2011/06/22 17:25:56 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\TFC.exe
    [2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
    [2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    [2011/06/22 03:16:37 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
    [2011/06/22 03:14:41 | 000,055,334 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2).htm
    [2011/06/22 03:14:20 | 000,049,557 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide).htm
    [2011/06/22 01:58:33 | 000,156,177 | ---- | M] () -- C:\Documents and Settings\User\Desktop\books-everyone-should-read.jpg
    [2011/06/21 12:28:36 | 000,497,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/06/21 12:28:36 | 000,086,752 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/06/17 03:06:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/06/16 17:45:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Citigroup-mar-5-2006-plutonomy-report-part-2-1-1.pdf
    [2011/06/16 14:47:50 | 000,001,150 | ---- | M] () -- C:\Documents and Settings\User\My Documents\209-r1-thejohnmurrayshow-2010-11-26.smil
    [2011/06/16 14:45:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-2147149321-725345543-1004.job
    [2011/06/15 01:42:14 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/14 23:54:08 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\User\My Documents\My Sharing Folders.lnk
    [2011/06/10 16:46:29 | 000,022,715 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Planning a Just Society.odt
    [2011/05/31 02:01:30 | 000,311,443 | ---- | M] () -- C:\Documents and Settings\User\Desktop\1528434.pdf

    ========== Files Created - No Company Name ==========

    [2011/06/22 17:36:12 | 001,007,120 | ---- | C] () -- C:\iExplore.exe
    [2011/06/22 17:35:35 | 001,007,120 | ---- | C] () -- C:\rkill.com
    [2011/06/22 17:27:19 | 000,513,320 | ---- | C] () -- C:\erunt.zip
    [2011/06/22 16:34:26 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
    [2011/06/22 03:14:39 | 000,055,334 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2).htm
    [2011/06/22 03:14:20 | 000,049,557 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide).htm
    [2011/06/22 01:58:17 | 000,156,177 | ---- | C] () -- C:\Documents and Settings\User\Desktop\books-everyone-should-read.jpg
    [2011/06/16 17:44:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Citigroup-mar-5-2006-plutonomy-report-part-2-1-1.pdf
    [2011/06/16 14:47:47 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\User\My Documents\209-r1-thejohnmurrayshow-2010-11-26.smil
    [2011/06/10 16:46:28 | 000,022,715 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Planning a Just Society.odt
    [2011/05/31 02:01:11 | 000,311,443 | ---- | C] () -- C:\Documents and Settings\User\Desktop\1528434.pdf
    [2011/03/13 19:43:25 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
    [2010/09/29 21:21:35 | 000,002,023 | ---- | C] () -- C:\WINDOWS\CTREBOOT.INI
    [2010/09/29 01:53:18 | 000,643,072 | ---- | C] () -- C:\Program Files\RipIt4Me.exe
    [2010/09/29 00:53:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\User\Application Data\inst.exe
    [2010/09/29 00:53:47 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.cat
    [2010/09/29 00:53:47 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.inf
    [2010/09/21 00:57:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2010/09/17 16:25:56 | 001,094,021 | ---- | C] () -- C:\Program Files\dvdshrink32setup1.zip
    [2010/08/12 11:59:45 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2010/08/12 08:35:05 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/11 23:03:14 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/08/11 23:03:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/08/11 23:03:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/08/11 23:03:14 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/08/11 23:03:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/07/27 02:48:05 | 001,332,417 | ---- | C] () -- C:\Program Files\quickwiper_wizard.exe
    [2010/06/24 20:46:33 | 000,000,311 | ---- | C] () -- C:\WINDOWS\System32\pl5sdg.dat
    [2010/06/10 03:19:35 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\Application Data\qcopjv.dat
    [2010/06/04 02:57:48 | 000,234,966 | ---- | C] () -- C:\Program Files\REST2514.EXE
    [2010/06/04 02:31:44 | 001,509,888 | ---- | C] () -- C:\Program Files\DiskDigger.exe
    [2010/03/12 01:29:32 | 010,428,143 | ---- | C] () -- C:\Program Files\FreenetInstaller-1241.exe
    [2010/02/26 12:45:41 | 000,000,013 | ---- | C] () -- C:\WINDOWS\urhtps.dat
    [2009/12/17 06:24:59 | 008,834,504 | ---- | C] () -- C:\Program Files\RMSetup.exe
    [2009/12/17 06:08:47 | 008,486,872 | ---- | C] () -- C:\Program Files\FCTBSetup.exe
    [2009/11/10 20:07:37 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
    [2009/11/09 05:50:28 | 001,945,088 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
    [2009/11/09 05:50:28 | 000,219,136 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
    [2009/11/09 05:50:28 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\avutil.dll
    [2009/11/09 05:50:05 | 000,759,917 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/11/07 23:28:37 | 000,000,402 | ---- | C] () -- C:\Program Files\ResHacker.ini
    [2009/11/07 23:28:06 | 000,014,781 | ---- | C] () -- C:\Program Files\Dialogs.def
    [2009/11/07 23:28:05 | 000,881,664 | ---- | C] () -- C:\Program Files\ResHacker.exe
    [2009/11/07 23:27:45 | 000,554,899 | ---- | C] () -- C:\Program Files\reshack.zip
    [2009/11/07 23:20:43 | 000,108,395 | ---- | C] () -- C:\Program Files\ZapMessenger.zip
    [2009/05/19 22:54:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\getpntid.exe
    [2009/05/18 02:51:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009/03/01 02:40:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\_id.dat
    [2009/01/09 08:16:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/09/12 05:11:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2008/08/05 21:27:19 | 000,000,057 | ---- | C] () -- C:\WINDOWS\custvoic.ini
    [2008/05/08 03:54:32 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
    [2008/05/08 03:41:02 | 000,090,696 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
    [2008/05/08 03:41:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
    [2008/04/26 16:23:14 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/04/23 19:47:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\VMInstNT.exe
    [2008/04/23 19:47:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\VM303UninstNT.exe
    [2008/04/23 19:46:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
    [2008/04/23 17:31:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/04/23 17:28:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2008/04/23 17:03:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/04/23 16:59:27 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2008/04/23 16:51:18 | 000,034,284 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
    [2006/03/15 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006/03/15 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/03/15 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/03/15 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/03/15 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/03/15 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/03/15 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/03/15 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006/03/15 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/10 20:00:00 | 000,497,830 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/10 20:00:00 | 000,086,752 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/10 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/10 05:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

    ========== LOP Check ==========

    [2010/03/16 04:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2008/05/19 17:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
    [2008/06/25 05:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2010/07/02 05:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
    [2008/05/11 02:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2008/06/25 05:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2008/06/25 05:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2010/09/27 22:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
    [2010/09/16 00:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2010/09/17 20:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/08/29 06:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/11/22 21:30:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
    [2009/11/22 21:30:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83F61D74-0DA9-475B-BAF3-D4F153A02B30}
    [2010/07/24 14:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Azureus
    [2010/09/27 22:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Broad Intelligence
    [2009/01/09 08:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\COWON
    [2010/09/22 20:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMZilla
    [2009/01/13 11:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\foobar2000
    [2008/12/15 02:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ieSpell
    [2009/11/12 04:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Java
    [2010/05/15 05:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LimeWire
    [2008/09/14 23:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSNInstaller
    [2008/05/11 02:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Swift Sound
    [2008/06/25 05:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia
    [2008/07/28 18:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia Multimedia Player
    [2009/07/07 02:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
    [2009/05/18 02:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
    [2008/06/25 05:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite
    [2010/09/22 21:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Publish Providers
    [2010/09/29 01:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\RipIt4Me
    [2010/09/22 21:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
    [2010/12/15 20:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
    [2010/09/29 00:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Vso
    [2011/06/22 17:56:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2011/06/22 17:53:14 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-User-Startup.job
    [2011/06/22 18:01:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E8C9BE01-1CE1-493E-917A-782BA8184290}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Documents and Settings\User\Desktop\01 Intro PCP.avi:TOC.WMV

    < End of report >


  • #6
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    looks good

    update mbam run a quick scan, fix anything it finds, and post that log here


  • Advertisement
  • #7
    Butch Cassidy
    Closed Accounts Posts: 1,409 ✭✭✭Butch Cassidy


    This is the MBAM log:

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6920

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    22/06/2011 20:06:11
    mbam-log-2011-06-22 (20-06-06).txt

    Scan type: Quick scan
    Objects scanned: 205996
    Time elapsed: 11 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 2
    Registry Data Items Infected: 6
    Folders Infected: 0
    Files Infected: 124

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAE725F3-298B-4FEF-82EE-FAF909639409} (Password.Stealer) -> No action taken.
    HKEY_CURRENT_USER\Software\WinServers (Malware.Trace) -> No action taken.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Value: 24d1ca9a-a864-4f7b-86fe-495eb56529d8 -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Value: 7bde84a2-f58f-46ec-9eac-f1f90fead080 -> No action taken.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\User\Local Settings\Application Data\kcf.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\User\application data\wiaserva.log (Malware.Trace) -> No action taken.
    c:\documents and settings\User\application data\Adobe\shed\thr1.chm (Malware.Trace) -> No action taken.
    c:\documents and settings\User\application data\Adobe\plugs\mmc242.exe (Trojan.Agent.Gen) -> No action taken.



    Under "Files infected" there were a load of stuff like this (which I didn't post obv) : c:\WINDOWS\system32\cock\user@www.imdb[1].txt (Stolen.Data) -> No action taken.



    Is it safe to remove those "Malware Trace and Trojan Agent" things? I recall using MBAM last year and I had removed everything kinda ham-fisted and in the process crashed my computer and got BSOD because it removed something I needed!


    Thanks again for the help.


  • #8
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    yes you can remove those, should be perfectly safe


    then open OTL click the none button at the top, paste this in the custom scans/fixes box


    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s
    c:\documents and settings\User\application data\*.*
    c:\documents and settings\User\application data\Adobe\shed\*.*
    c:\documents and settings\User\application data\Adobe\plugs\*.*


    click run scan post the log it gives


  • #9
    Butch Cassidy
    Closed Accounts Posts: 1,409 ✭✭✭Butch Cassidy


    Thanks again.


    Here's the log after I removed those files/register keys:

    OTL logfile created on: 22/06/2011 22:24:45 - Run 5
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\User\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1013.98 Mb Total Physical Memory | 76.60 Mb Available Physical Memory | 7.55% Memory free
    2.38 Gb Paging File | 1.27 Gb Available in Paging File | 53.43% Paging File free
    Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 19.46 Gb Free Space | 17.41% Space Free | Partition Type: NTFS

    Computer Name: USER-8368896966 | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    PRC - [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    PRC - [2011/04/29 23:22:16 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2011/01/11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2010/11/11 13:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
    PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/09/21 00:37:34 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    PRC - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [Auto | Stopped] -- -- (BCWipeSvc)
    SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2008/05/21 12:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
    SRV - [2008/04/07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2007/04/23 12:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) [On_Demand | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
    SRV - [2007/04/02 07:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
    SRV - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/06/22 17:51:32 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7932239F-0C1B-4EEA-B152-102A67973A77}\MpKslc8495e60.sys -- (MpKslc8495e60)
    DRV - [2011/06/22 16:34:55 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7932239F-0C1B-4EEA-B152-102A67973A77}\MpKsl04680446.sys -- (MpKsl04680446)
    DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2010/02/08 09:25:06 | 000,092,096 | ---- | M] (Jetico, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\bcswap.sys -- (BCSWAP)
    DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
    DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2007/11/01 08:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/11/01 08:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2007/11/01 08:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2007/09/25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
    DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
    DRV - [2006/07/26 22:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
    DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=&quot;
    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.gmail.com"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 23:22:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 23:22:44 | 000,000,000 | ---D | M]

    [2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
    [2009/10/24 02:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions
    [2010/09/20 02:56:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/04/20 17:30:45 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/02/16 20:15:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/02/16 20:15:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/02/16 20:15:41 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/07/01 03:09:32 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\extensions\webmaster@keep-tube.com
    [2009/08/31 09:29:54 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\aim-search.xml
    [2009/09/03 03:05:38 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ffuzdt75.default\searchplugins\bing.xml
    [2011/06/01 17:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/12 08:50:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/08/12 08:50:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/08/12 08:50:21 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2007/04/16 18:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

    O1 HOSTS File: ([2011/06/22 17:48:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209056789750 (WUWebControl Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/23 16:55:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/22 19:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/06/22 19:30:16 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/06/22 19:29:50 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/06/22 17:45:18 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/06/22 17:38:10 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
    [2011/06/22 17:32:01 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.51.0.1200.exe
    [2011/06/22 17:25:53 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\TFC.exe
    [2011/06/22 16:44:32 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
    [2011/06/22 16:40:50 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    [2011/06/22 03:16:16 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
    [2011/06/22 03:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2)_files
    [2011/05/28 18:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
    [2010/09/29 00:53:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\User\Application Data\pcouffin.sys
    [2010/07/27 03:24:59 | 002,041,097 | ---- | C] (Codyssey.com) -- C:\Program Files\FreeraserSetup.exe
    [2010/07/27 02:52:19 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup234.exe
    [2010/06/04 04:04:01 | 000,895,800 | ---- | C] (QueTek Consulting Corporation ) -- C:\Program Files\32fsu32.exe
    [2010/06/04 03:34:31 | 006,526,745 | ---- | C] (DiskInternals Research) -- C:\Program Files\Uneraser_Setup.exe
    [2010/06/04 03:04:42 | 006,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\pci_filerecovery.exe
    [2010/06/03 14:13:07 | 009,159,568 | ---- | C] (The Eraser Project) -- C:\Program Files\Eraser 6.0.7.1893.exe
    [2010/03/16 04:10:05 | 008,874,432 | ---- | C] (Vuze Inc.) -- C:\Program Files\Vuze_Installer.exe
    [2010/03/12 04:27:08 | 015,701,326 | ---- | C] (Igor Pavlov) -- C:\Program Files\tor-browser-1.3.3_en-US.exe
    [2009/11/07 23:20:52 | 000,289,280 | ---- | C] (Jonathan Kay) -- C:\Program Files\ZapMessenger.exe
    [2008/09/27 18:44:26 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/06/22 22:31:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E8C9BE01-1CE1-493E-917A-782BA8184290}.job
    [2011/06/22 22:23:48 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\hpalv.sys
    [2011/06/22 21:55:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/06/22 17:56:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/06/22 17:53:17 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-2147149321-725345543-1004.job
    [2011/06/22 17:53:14 | 000,013,868 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/06/22 17:53:14 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/06/22 17:53:14 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-User-Startup.job
    [2011/06/22 17:51:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/06/22 17:50:54 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/22 17:48:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2011/06/22 17:38:16 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
    [2011/06/22 17:36:25 | 001,007,120 | ---- | M] () -- C:\iExplore.exe
    [2011/06/22 17:35:47 | 001,007,120 | ---- | M] () -- C:\rkill.com
    [2011/06/22 17:32:13 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.51.0.1200.exe
    [2011/06/22 17:27:52 | 000,513,320 | ---- | M] () -- C:\erunt.zip
    [2011/06/22 17:25:56 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\TFC.exe
    [2011/06/22 16:44:42 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
    [2011/06/22 14:26:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
    [2011/06/22 03:16:37 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup.exe
    [2011/06/22 03:14:41 | 000,055,334 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2).htm
    [2011/06/22 03:14:20 | 000,049,557 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide).htm
    [2011/06/22 01:58:33 | 000,156,177 | ---- | M] () -- C:\Documents and Settings\User\Desktop\books-everyone-should-read.jpg
    [2011/06/21 12:28:36 | 000,497,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/06/21 12:28:36 | 000,086,752 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/06/17 03:06:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/06/16 17:45:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Citigroup-mar-5-2006-plutonomy-report-part-2-1-1.pdf
    [2011/06/16 14:47:50 | 000,001,150 | ---- | M] () -- C:\Documents and Settings\User\My Documents\209-r1-thejohnmurrayshow-2010-11-26.smil
    [2011/06/16 14:45:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-2147149321-725345543-1004.job
    [2011/06/15 01:42:14 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/14 23:54:08 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\User\My Documents\My Sharing Folders.lnk
    [2011/06/10 16:46:29 | 000,022,715 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Planning a Just Society.odt
    [2011/05/31 02:01:30 | 000,311,443 | ---- | M] () -- C:\Documents and Settings\User\Desktop\1528434.pdf
    [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2011/06/22 22:23:28 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\hpalv.sys
    [2011/06/22 17:36:12 | 001,007,120 | ---- | C] () -- C:\iExplore.exe
    [2011/06/22 17:35:35 | 001,007,120 | ---- | C] () -- C:\rkill.com
    [2011/06/22 17:27:19 | 000,513,320 | ---- | C] () -- C:\erunt.zip
    [2011/06/22 16:34:26 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
    [2011/06/22 03:14:39 | 000,055,334 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide 2).htm
    [2011/06/22 03:14:20 | 000,049,557 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide).htm
    [2011/06/22 01:58:17 | 000,156,177 | ---- | C] () -- C:\Documents and Settings\User\Desktop\books-everyone-should-read.jpg
    [2011/06/16 17:44:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Citigroup-mar-5-2006-plutonomy-report-part-2-1-1.pdf
    [2011/06/16 14:47:47 | 000,001,150 | ---- | C] () -- C:\Documents and Settings\User\My Documents\209-r1-thejohnmurrayshow-2010-11-26.smil
    [2011/06/10 16:46:28 | 000,022,715 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Planning a Just Society.odt
    [2011/05/31 02:01:11 | 000,311,443 | ---- | C] () -- C:\Documents and Settings\User\Desktop\1528434.pdf
    [2011/03/13 19:43:25 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
    [2010/09/29 21:21:35 | 000,002,023 | ---- | C] () -- C:\WINDOWS\CTREBOOT.INI
    [2010/09/29 01:53:18 | 000,643,072 | ---- | C] () -- C:\Program Files\RipIt4Me.exe
    [2010/09/29 00:53:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\User\Application Data\inst.exe
    [2010/09/29 00:53:47 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.cat
    [2010/09/29 00:53:47 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\User\Application Data\pcouffin.inf
    [2010/09/21 00:57:27 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2010/09/17 16:25:56 | 001,094,021 | ---- | C] () -- C:\Program Files\dvdshrink32setup1.zip
    [2010/08/12 11:59:45 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2010/08/12 08:35:05 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/11 23:03:14 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/08/11 23:03:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/08/11 23:03:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/08/11 23:03:14 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/08/11 23:03:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/07/27 02:48:05 | 001,332,417 | ---- | C] () -- C:\Program Files\quickwiper_wizard.exe
    [2010/06/24 20:46:33 | 000,000,311 | ---- | C] () -- C:\WINDOWS\System32\pl5sdg.dat
    [2010/06/10 03:19:35 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\User\Application Data\qcopjv.dat
    [2010/06/04 02:57:48 | 000,234,966 | ---- | C] () -- C:\Program Files\REST2514.EXE
    [2010/06/04 02:31:44 | 001,509,888 | ---- | C] () -- C:\Program Files\DiskDigger.exe
    [2010/03/12 01:29:32 | 010,428,143 | ---- | C] () -- C:\Program Files\FreenetInstaller-1241.exe
    [2010/02/26 12:45:41 | 000,000,013 | ---- | C] () -- C:\WINDOWS\urhtps.dat
    [2009/12/17 06:24:59 | 008,834,504 | ---- | C] () -- C:\Program Files\RMSetup.exe
    [2009/12/17 06:08:47 | 008,486,872 | ---- | C] () -- C:\Program Files\FCTBSetup.exe
    [2009/11/10 20:07:37 | 000,000,577 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
    [2009/11/09 05:50:28 | 001,945,088 | ---- | C] () -- C:\WINDOWS\System32\avcodec.dll
    [2009/11/09 05:50:28 | 000,219,136 | ---- | C] () -- C:\WINDOWS\System32\avformat.dll
    [2009/11/09 05:50:28 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\avutil.dll
    [2009/11/09 05:50:05 | 000,759,917 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/11/07 23:28:37 | 000,000,402 | ---- | C] () -- C:\Program Files\ResHacker.ini
    [2009/11/07 23:28:06 | 000,014,781 | ---- | C] () -- C:\Program Files\Dialogs.def
    [2009/11/07 23:28:05 | 000,881,664 | ---- | C] () -- C:\Program Files\ResHacker.exe
    [2009/11/07 23:27:45 | 000,554,899 | ---- | C] () -- C:\Program Files\reshack.zip
    [2009/11/07 23:20:43 | 000,108,395 | ---- | C] () -- C:\Program Files\ZapMessenger.zip
    [2009/05/19 22:54:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\getpntid.exe
    [2009/05/18 02:51:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009/03/01 02:40:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\_id.dat
    [2009/01/09 08:16:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2008/09/12 05:11:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2008/08/05 21:27:19 | 000,000,057 | ---- | C] () -- C:\WINDOWS\custvoic.ini
    [2008/05/08 03:54:32 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
    [2008/05/08 03:41:02 | 000,090,696 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
    [2008/05/08 03:41:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
    [2008/04/26 16:23:14 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/04/23 19:47:22 | 000,073,728 | ---- | C] () -- C:\WINDOWS\VMInstNT.exe
    [2008/04/23 19:47:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\VM303UninstNT.exe
    [2008/04/23 19:46:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
    [2008/04/23 17:31:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/04/23 17:28:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2008/04/23 17:03:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/04/23 16:59:27 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2008/04/23 16:51:18 | 000,034,284 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
    [2006/03/15 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006/03/15 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/03/15 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/03/15 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/03/15 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/03/15 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/03/15 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/03/15 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006/03/15 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/10 20:00:00 | 000,497,830 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/10 20:00:00 | 000,086,752 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/10 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/10 05:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

    ========== LOP Check ==========

    [2010/03/16 04:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2008/05/19 17:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
    [2008/06/25 05:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2010/07/02 05:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
    [2008/05/11 02:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2008/06/25 05:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2008/06/25 05:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2010/09/27 22:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
    [2010/09/16 00:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2010/09/17 20:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/08/29 06:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/11/22 21:30:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
    [2009/11/22 21:30:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83F61D74-0DA9-475B-BAF3-D4F153A02B30}
    [2010/07/24 14:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Azureus
    [2010/09/27 22:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Broad Intelligence
    [2009/01/09 08:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\COWON
    [2010/09/22 20:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMZilla
    [2009/01/13 11:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\foobar2000
    [2008/12/15 02:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ieSpell
    [2009/11/12 04:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Java
    [2010/05/15 05:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LimeWire
    [2008/09/14 23:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSNInstaller
    [2008/05/11 02:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NCH Swift Sound
    [2008/06/25 05:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia
    [2008/07/28 18:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia Multimedia Player
    [2009/07/07 02:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
    [2009/05/18 02:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
    [2008/06/25 05:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite
    [2010/09/22 21:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Publish Providers
    [2010/09/29 01:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\RipIt4Me
    [2010/09/22 21:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
    [2010/12/15 20:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
    [2010/09/29 00:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Vso
    [2011/06/22 17:56:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2011/06/22 17:53:14 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-User-Startup.job
    [2011/06/22 22:31:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E8C9BE01-1CE1-493E-917A-782BA8184290}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command /s >
    "" = firefox.exe

    < HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command /s >
    "" = firefox.exe -safe-mode

    < HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s >
    "" = iexplore.exe

    < c:\documents and settings\User\application data\*.* >
    [2008/04/23 17:30:37 | 000,000,062 | -HS- | M] () -- c:\Documents and Settings\User\Application Data\desktop.ini
    [2010/09/29 00:53:48 | 000,087,608 | ---- | M] () -- c:\Documents and Settings\User\Application Data\inst.exe
    [2010/09/29 00:53:47 | 000,007,887 | ---- | M] () -- c:\Documents and Settings\User\Application Data\pcouffin.cat
    [2010/09/29 00:53:47 | 000,001,144 | ---- | M] () -- c:\Documents and Settings\User\Application Data\pcouffin.inf
    [2010/09/29 00:54:04 | 000,000,034 | ---- | M] () -- c:\Documents and Settings\User\Application Data\pcouffin.log
    [2010/09/29 00:53:47 | 000,047,360 | ---- | M] (VSO Software) -- c:\Documents and Settings\User\Application Data\pcouffin.sys
    [2010/06/10 03:19:35 | 000,000,012 | ---- | M] () -- c:\Documents and Settings\User\Application Data\qcopjv.dat
    [2009/12/17 06:33:12 | 000,002,481 | ---- | M] () -- c:\Documents and Settings\User\Application Data\ReplayMusicLog.log

    < c:\documents and settings\User\application data\Adobe\shed\*.* >

    < c:\documents and settings\User\application data\Adobe\plugs\*.* >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Documents and Settings\User\Desktop\01 Intro PCP.avi:TOC.WMV

    < End of report >


  • #10
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    Delete this file

    c:\Documents and Settings\User\Application Data\qcopjv.dat


    then open OTL click the cleanup button, and should be all done if there are no other issues


  • #11
    Butch Cassidy
    Closed Accounts Posts: 1,409 ✭✭✭Butch Cassidy


    Thank you very much for the help.


  • Advertisement
  • #12
    Fiskar
    Closed Accounts Posts: 1,588 ✭✭✭Fiskar


    ASJ112 wrote: »
    looks good

    update mbam run a quick scan, fix anything it finds, and post that log here

    Hi ASJ,

    Same issue on my laptop as with ButchCassidy. Can you have a look at the attached files and let me if a similar fix (tried the fix above but no joy) can be employed. Exact same issue, never got a chance to prevent the download from myptop.eu

    Otl notepad
    OTL logfile created on: 17/07/2011 17:16:55 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = E:\
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.82% Memory free
    3.84 Gb Paging File | 3.26 Gb Available in Paging File | 85.08% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.01 Gb Total Space | 131.95 Gb Free Space | 88.55% Space Free | Partition Type: NTFS
    Drive D: | 1.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive E: | 996.72 Mb Total Space | 498.97 Mb Free Space | 50.06% Space Free | Partition Type: FAT

    Computer Name: xxxxxxxx | User Name: xxxx | NOT logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/17 16:49:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
    PRC - [2011/07/16 15:14:24 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe
    PRC - [2010/02/09 00:05:56 | 000,227,560 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\Dell Latitude ON Flash\config\BTFAgent.exe
    PRC - [2010/01/25 15:28:56 | 000,278,528 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2010/01/15 18:41:28 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2010/01/14 22:53:48 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    PRC - [2010/01/14 21:50:06 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2010/01/14 20:47:22 | 000,158,592 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
    PRC - [2010/01/14 09:42:26 | 000,495,711 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2010/01/14 09:41:42 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
    PRC - [2009/12/29 22:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2009/12/18 22:09:30 | 000,176,128 | ---- | M] (Ericsson AB) -- C:\Program Files\Dell\Dell Mobile Broadband Manager\WirelessManager.exe
    PRC - [2009/12/10 19:12:38 | 001,338,144 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    PRC - [2009/12/08 18:08:34 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OA015Mon.exe
    PRC - [2009/11/24 21:48:32 | 000,132,456 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    PRC - [2009/11/02 17:40:54 | 000,657,920 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    PRC - [2009/07/08 23:08:30 | 000,413,827 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    PRC - [2009/04/16 05:11:06 | 000,746,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
    PRC - [2009/02/01 01:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2009/01/31 23:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/07/17 16:49:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
    MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========


    ========== Driver Services (SafeList) ==========


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Help_Page = http://support.euro.dell.com/support/index.aspx?c=ie&l=en&s=gen
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USREL/10
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/sphome.aspx
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.uk.msn.com/USREL/10

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USREL/10
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/sphome.aspx
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)



    O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [BTFAgent] C:\Program Files\Dell Latitude ON Flash\config\BTFAgent.exe (DeviceVM, Inc.)
    O4 - HKLM..\Run: [BTFWelcome] C:\Program Files\Dell Latitude ON Flash\config\BTFWelcome.exe (DeviceVM, Inc.)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [OA015Mon] C:\WINDOWS\OA015Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
    O4 - HKLM..\Run: [UserFaultCheck] File not found
    O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
    O4 - HKCU..\Run: [4013818410] C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe ()
    O4 - HKCU..\Run: [WirelessManager] C:\Program Files\Dell\Dell Mobile Broadband Manager\WirelessManager.exe (Ericsson AB)
    O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/25 22:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{561b3f36-c739-11df-b365-028037ec0200}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe" -a "%1" %* ()
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe" -a "%1" %* ()

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/07 22:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\S60
    [2011/07/07 21:56:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Audi Q3 and 5
    [2011/07/06 09:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Alfa Romeo
    [2011/06/22 10:42:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/07/17 17:18:21 | 000,475,520 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/07/17 17:18:21 | 000,083,118 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/07/17 17:14:34 | 000,014,760 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\0u8voj551t25n7h1juq
    [2011/07/17 17:14:34 | 000,014,760 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0u8voj551t25n7h1juq
    [2011/07/17 17:14:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\WavXMapDrive.bat
    [2011/07/17 17:14:17 | 000,247,299 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
    [2011/07/17 17:14:17 | 000,244,353 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2011/07/17 17:14:02 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/07/17 17:13:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/07/17 17:13:33 | 2136,887,296 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/16 16:45:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/07/16 15:14:24 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe
    [2011/07/16 15:14:23 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\mnn.exe
    [2011/07/15 19:56:55 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
    [2011/07/14 11:04:15 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/07/14 00:24:28 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/07/12 21:10:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/06/28 14:12:52 | 000,244,353 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
    [2011/06/21 12:22:45 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Office Access 2007.lnk
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/07/16 15:14:24 | 000,339,968 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe
    [2011/07/16 15:14:24 | 000,014,760 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\0u8voj551t25n7h1juq
    [2011/07/16 15:14:24 | 000,014,760 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0u8voj551t25n7h1juq
    [2011/07/16 15:14:23 | 000,339,968 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\mnn.exe
    [2010/12/11 19:14:47 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/22 14:07:05 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
    [2010/09/21 16:38:06 | 000,222,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/09/21 15:53:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\WavXMapDrive.bat
    [2010/09/21 15:48:48 | 000,019,400 | ---- | C] () -- C:\WINDOWS\cfgall.ini
    [2010/05/15 15:33:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
    [2010/05/15 15:29:33 | 001,589,414 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2010/05/15 15:27:34 | 000,001,204 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2010/05/15 13:08:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2010/05/15 12:52:59 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2010/05/15 12:52:58 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2010/05/15 12:52:58 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
    [2010/05/15 12:50:55 | 000,308,624 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll
    [2010/05/15 12:50:55 | 000,206,216 | ---- | C] () -- C:\WINDOWS\System32\bipbsp.dll
    [2010/05/15 12:50:48 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
    [2010/05/15 12:40:35 | 000,244,353 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
    [2010/02/20 02:03:12 | 001,731,176 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2010/02/20 02:03:12 | 001,657,448 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2010/02/20 02:03:12 | 001,612,392 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2010/02/20 02:03:12 | 001,108,584 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2010/02/20 02:03:12 | 000,510,568 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2010/02/20 02:03:12 | 000,473,704 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2010/02/20 02:03:12 | 000,449,128 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2009/11/19 21:47:10 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
    [2009/11/18 21:21:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-HK.dll
    [2009/11/18 21:21:06 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sl.dll
    [2009/11/18 21:21:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_th.dll
    [2009/11/18 21:21:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sk.dll
    [2009/11/18 21:21:02 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hr.dll
    [2009/11/18 21:20:56 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
    [2009/11/18 21:20:56 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
    [2009/11/18 21:20:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
    [2009/11/18 21:20:52 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
    [2009/11/18 21:20:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
    [2009/11/18 21:20:50 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
    [2009/11/18 21:20:48 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
    [2009/11/18 21:20:48 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
    [2009/11/18 21:20:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
    [2009/11/18 21:20:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
    [2009/11/18 21:20:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
    [2009/11/18 21:20:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
    [2009/11/18 21:20:40 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
    [2009/11/18 21:20:40 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
    [2009/11/18 21:20:38 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
    [2009/11/18 21:20:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
    [2009/11/18 21:20:36 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
    [2009/11/18 21:20:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
    [2009/11/18 21:20:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
    [2009/11/18 21:20:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
    [2009/11/18 21:20:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
    [2009/11/18 21:20:28 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
    [2009/11/18 21:20:26 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
    [2009/11/18 21:20:24 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
    [2009/11/13 14:17:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
    [2009/11/06 21:27:22 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
    [2009/08/26 22:25:08 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
    [2008/05/27 03:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/27 03:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2008/04/25 22:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/04/25 22:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/04/25 22:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2008/04/25 17:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/04/25 17:16:22 | 000,475,520 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/04/25 17:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/04/25 17:16:22 | 000,083,118 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/04/25 17:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/04/25 17:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2008/04/25 17:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2008/04/25 17:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2008/04/25 17:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/04/25 17:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/04/25 17:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/04/25 17:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2008/04/25 10:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/04/25 10:21:52 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/03/25 15:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
    [2007/09/27 16:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 16:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 16:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2006/06/30 18:58:44 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
    [2006/06/30 18:58:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
    [2006/06/12 14:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll

    ========== LOP Check ==========

    [2010/05/15 12:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broadcom
    [2010/11/17 14:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2010/05/15 12:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
    [2010/05/15 12:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
    [2010/05/15 12:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
    [2010/05/15 13:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Broadcom
    [2010/05/15 12:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Wave Systems Corp
    [2010/05/15 12:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Desktop Search
    [2010/09/21 15:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search
    [2010/05/15 13:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WirelessManager

    ========== Purity Check ==========


    < End of report >

    Otl extras

    OTL Extras logfile created on: 17/07/2011 17:16:55 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = E:\
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.82% Memory free
    3.84 Gb Paging File | 3.26 Gb Available in Paging File | 85.08% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.01 Gb Total Space | 131.95 Gb Free Space | 88.55% Space Free | Partition Type: NTFS
    Drive D: | 1.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive E: | 996.72 Mb Total Space | 498.97 Mb Free Space | 50.06% Space Free | Partition Type: FAT

    Computer Name: xxxxxx | User Name: user | NOT logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe ()

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
    "12345:TCP" = 12345:TCP:*:Enabled:Trend Micro OfficeScan Listener

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
    "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel(R) Network Connections 14.8.43.0
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
    "{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
    "{259BD7B2-490E-4773-A159-284912544111}" = Dell Latitude ON Configuration Utility Installer
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{314E5785-BD81-47FD-9D6B-5C3CD31B351B}" = Dell ControlPoint System Manager
    "{33F0BD6D-49B0-4030-8940-0FD0414DD9CB}" = Dell Control Point
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{49DFA1BB-F417-491C-9457-F483CC98678C}" = SO32MMWrapper
    "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
    "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
    "{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{6A7F4379-B2EE-444F-AC4A-C5379B1CF95E}" = Dell ControlVault Host Components Installer
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8C5D035A-B5B8-41DC-8F00-C133BA21AD4E}" = DCP32MMWrapper
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B83E30A9-A744-4C55-BF55-33CA9FCB62C1}" = Wave Infrastructure Installer
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
    "{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
    "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
    "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
    "{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
    "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
    "9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Creative OA015" = Integrated Webcam Driver (1.00.07.1208)
    "Dell Webcam Central" = Dell Webcam Central
    "DW WLAN Card Utility" = DW WLAN Card Utility
    "EPSON Printer and Utilities" = EPSON Printer Software
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
    "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
    "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
    "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
    "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
    "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== Last 10 Event Log Errors ==========

    Error: Unable to start EventLog service!

    < End of report >


    any help appreciated.


  • #13
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    open OTL paste this in the custom scan/fixes box


    :OTL
    O33 - MountPoints2\{561b3f36-c739-11df-b365-028037ec0200}\Shell\AutoRun\command - "" = E:\InstallSeagateManager.exe
    O4 - HKCU..\Run: [4013818410] C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe ()
    O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe" -a "%1" %* ()
    O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe" -a "%1" %* ()
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
    [2011/07/17 17:14:34 | 000,014,760 | -HS- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\0u8voj551t25n7h1juq
    [2011/07/17 17:14:34 | 000,014,760 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0u8voj551t25n7h1juq
    [2011/07/16 15:14:24 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe
    [2011/07/16 15:14:23 | 000,339,968 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\mnn.exe
    [2011/07/16 15:14:24 | 000,339,968 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\jwf.exe
    [2011/07/16 15:14:24 | 000,014,760 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\0u8voj551t25n7h1juq
    [2011/07/16 15:14:24 | 000,014,760 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0u8voj551t25n7h1juq
    [2011/07/16 15:14:23 | 000,339,968 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\mnn.exe

    :Commands
    [Purity]
    [ResetHosts]
    [EmptyFlash]
    [EmptyTemp]
    [CreateRestorePoint]
    [Reboot]
    type C:\Documents and Settings\user\Local Settings\Application Data\WavXMapDrive.bat /c


    click run fix


    then run combofix and post its log here

    http://www.bleepingcomputer.com/download/anti-virus/combofix


  • #14
    Fiskar
    Closed Accounts Posts: 1,588 ✭✭✭Fiskar


    Hi ASJ,
    Thanks for the help.
    I went through Bikos thread before your reply as it was similar, had a lot of difficulty getting safemode etc but managed to delete both executables using task manager to stop running the program. However do I need to delete the 0u8voj551t25n7h1juq file as well?

    am trying out your fix as we speak


  • #15
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    yep I would delete it

    if the OTL script works and there are no issues then leave the combofix step


  • #16
    Fiskar
    Closed Accounts Posts: 1,588 ✭✭✭Fiskar


    Hi ASJ,

    Done as per the OTL fix, left Combo. Many thanks, a bit clearer on the perils of malware, never slag my father again for clicking on the download button! These malware guys and gals are getting sophisticated, download is just a click on a play live stream football video button.


  • #17
    RayCon
    Registered Users, Registered Users 2 Posts: 4,953 ✭✭✭RayCon


    Hi Folks ... I got infected with the same problem last night .. any help much appreciated.
    Ran rkill and Malwarebytes and that removed 8 infections but the little Warning Sheild Icon still remains in the icon tray beside the clock so I know Im not clean.

    OTL File as follows :
    OTL logfile created on: 25/07/2011 09:54:22 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ray\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.56% Memory free
    3.33 Gb Paging File | 2.57 Gb Available in Paging File | 77.02% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.89 Gb Total Space | 24.38 Gb Free Space | 43.63% Space Free | Partition Type: NTFS

    Computer Name: L3T7456 | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/25 09:47:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
    PRC - [2011/05/25 12:23:00 | 000,183,024 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe
    PRC - [2011/04/18 17:22:00 | 000,369,664 | ---- | M] (IBM Corp.) -- c:\sdwork\issimgui.exe
    PRC - [2011/02/21 16:57:04 | 000,294,168 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\isamtray.exe
    PRC - [2011/02/21 16:56:06 | 000,490,776 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe
    PRC - [2011/02/03 16:51:40 | 001,432,800 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
    PRC - [2011/02/03 16:51:36 | 002,982,624 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
    PRC - [2010/10/27 11:45:48 | 000,184,371 | ---- | M] () -- C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.4.25\pmonmh.exe
    PRC - [2010/09/30 11:47:53 | 000,010,752 | ---- | M] (IBM Corp) -- C:\notes\ntaskldr.exe
    PRC - [2010/09/30 11:47:20 | 003,399,680 | ---- | M] (IBM Corp) -- c:\notes\nsd.exe
    PRC - [2010/09/03 17:07:22 | 000,152,840 | ---- | M] (IBM) -- C:\Program Files\IBM\Java60\jre\bin\jqs.exe
    PRC - [2010/02/08 11:19:02 | 000,872,518 | ---- | M] () -- C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
    PRC - [2010/02/04 16:05:30 | 000,110,592 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\Lotus\Sametime Connect 802\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200904080758\jre\bin\sametime80w.exe
    PRC - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\WINDOWS\system32\hasplms.exe
    PRC - [2009/10/07 12:36:20 | 000,263,520 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetClientSvc.exe
    PRC - [2009/10/07 12:36:18 | 000,619,872 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\netcfgsvr.exe
    PRC - [2009/09/29 11:30:00 | 000,058,760 | ---- | M] (IBM Corp) -- c:\notes\ntmulti.exe
    PRC - [2009/09/29 11:27:56 | 001,676,680 | ---- | M] (IBM Corp) -- C:\notes\nlnotes.exe
    PRC - [2009/04/02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    PRC - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
    PRC - [2008/10/09 23:37:58 | 000,180,224 | ---- | M] () -- C:\Program Files\IBM\Lotus\Sametime Connect 802\rcp\eclipse\plugins\com.ibm.rcp.base_6.1.1.200810091628\win32\x86\eclipse.exe
    PRC - [2008/09/03 15:04:22 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
    PRC - [2008/05/02 05:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/04/07 11:22:26 | 000,038,688 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
    PRC - [2008/03/18 02:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    PRC - [2007/11/27 12:58:28 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
    PRC - [2007/10/24 13:58:00 | 000,013,312 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
    PRC - [2007/05/17 11:50:16 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    PRC - [2007/05/17 11:49:28 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    PRC - [2007/05/17 11:49:24 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    PRC - [2007/05/17 11:46:44 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    PRC - [2007/05/17 11:41:20 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    PRC - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
    PRC - [2007/01/30 13:02:28 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewerS\QuickDCF2.exe
    PRC - [2006/10/20 10:01:30 | 002,107,392 | ---- | M] (VoiceRite, Inc) -- C:\Program Files\VoiceRite\Client\Viewer.exe
    PRC - [2006/09/27 21:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
    PRC - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    PRC - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    PRC - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    PRC - [2006/09/27 15:15:56 | 000,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    PRC - [2006/09/27 15:14:44 | 000,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    PRC - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    PRC - [2006/08/01 20:18:00 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    PRC - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    PRC - [2006/07/19 20:26:10 | 000,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    PRC - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    PRC - [2006/07/19 20:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2006/05/30 01:00:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    PRC - [2006/02/14 01:00:00 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2005/09/06 10:07:18 | 000,036,864 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
    PRC - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\trcboot.exe
    PRC - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\ldlcserv.exe
    PRC - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] () -- C:\Program Files\IBM\Personal Communications\tpam.exe
    PRC - [2005/07/05 15:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    PRC - [2005/06/06 22:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/07/25 09:47:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
    MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/05/02 05:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
    MOD - [2006/02/14 01:00:00 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/05/25 12:23:00 | 000,183,024 | ---- | M] (IBM Corp.) [Auto | Running] -- c:\sdwork\issimsvc.exe -- (ISSIMon)
    SRV - [2011/02/21 16:56:06 | 000,490,776 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\C4ebreg\c4ebreg.exe -- (ISAMSvc)
    SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
    SRV - [2011/02/03 16:51:36 | 002,982,624 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
    SRV - [2010/09/30 11:47:20 | 003,399,680 | ---- | M] (IBM Corp) [Auto | Running] -- c:\notes\nsd.exe -- (Lotus Notes Diagnostics)
    SRV - [2010/09/03 17:07:22 | 000,152,840 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Java60\jre\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
    SRV - [2009/10/07 12:36:20 | 000,263,520 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Network Client\NetClientSvc.exe -- (NetClientSvc)
    SRV - [2009/10/07 12:36:18 | 000,619,872 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Network Client\netcfgsvr.exe -- (NetCfgSvr)
    SRV - [2009/09/29 11:30:00 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- c:\notes\ntmulti.exe -- (Multi-user Cleanup Service)
    SRV - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2008/04/07 11:22:26 | 000,038,688 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_DB2COPY1) DB2 Management Service (DB2COPY1)
    SRV - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2007/11/27 12:58:28 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
    SRV - [2007/10/24 13:58:00 | 000,013,312 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2007/05/17 11:49:28 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
    SRV - [2007/05/17 11:49:24 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
    SRV - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
    SRV - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Running] -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2006/09/27 15:15:56 | 000,173,744 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
    SRV - [2006/09/27 15:14:44 | 000,087,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC)
    SRV - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2006/08/01 20:18:00 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
    SRV - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2006/07/19 20:26:10 | 000,202,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
    SRV - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
    SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
    SRV - [2005/09/06 10:07:18 | 000,032,768 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appnnode.exe -- (AppnNode)
    SRV - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\trcboot.exe -- (TrcBoot)
    SRV - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\ldlcserv.exe -- (ldlcserv)
    SRV - [2005/06/06 22:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/25 09:00:08 | 000,083,064 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SMR200.SYS -- (SMR200)
    DRV - [2011/05/18 09:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110724.003\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/05/18 09:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110724.003\NAVENG.SYS -- (NAVENG)
    DRV - [2011/05/10 09:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/05/10 09:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/09/15 18:07:10 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20110720.001\SymIDSCo.sys -- (SYMIDSCO)
    DRV - [2010/02/22 11:55:54 | 000,006,400 | ---- | M] (IBM Corp.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\isamfilter.sys -- (IsamFilter)
    DRV - [2009/12/09 21:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
    DRV - [2009/10/07 12:41:44 | 000,019,328 | R--- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi)
    DRV - [2009/10/07 12:41:24 | 000,011,392 | R--- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
    DRV - [2009/10/07 12:05:12 | 000,219,776 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt)
    DRV - [2009/08/20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
    DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
    DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
    DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
    DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/04/05 07:19:20 | 000,546,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2007/04/02 11:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
    DRV - [2007/02/19 06:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
    DRV - [2006/12/22 12:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2006/11/15 03:00:20 | 000,055,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
    DRV - [2006/09/18 18:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
    DRV - [2006/08/07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2006/08/07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2006/08/07 17:02:18 | 000,031,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
    DRV - [2006/08/07 17:02:14 | 000,028,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
    DRV - [2006/08/07 17:02:02 | 000,110,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
    DRV - [2006/08/07 17:01:56 | 000,012,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
    DRV - [2006/08/03 02:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
    DRV - [2006/08/03 02:54:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
    DRV - [2006/08/01 20:04:00 | 000,328,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2006/08/01 20:00:34 | 000,851,706 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2006/08/01 19:58:12 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2006/08/01 19:57:26 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2006/08/01 19:54:32 | 000,148,996 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2006/07/21 01:00:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
    DRV - [2006/05/26 01:00:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
    DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2005/11/08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
    DRV - [2005/09/06 10:07:18 | 001,286,560 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\appn.sys -- (Appn)
    DRV - [2005/09/06 10:07:18 | 000,195,872 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AppnBase.sys -- (AppnBase)
    DRV - [2005/09/06 10:07:18 | 000,160,288 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlncfwk.sys -- (pdlncfwk)
    DRV - [2005/09/06 10:07:18 | 000,120,192 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\appnapi.sys -- (AppnApi)
    DRV - [2005/09/06 10:07:18 | 000,101,408 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\llc2.sys -- (IBM_LLC2)
    DRV - [2005/09/06 10:07:18 | 000,075,200 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnacom.sys -- (pdlnacom)
    DRV - [2005/09/06 10:07:18 | 000,070,144 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndlpb.sys -- (pdlndlpb)
    DRV - [2005/09/06 10:07:18 | 000,067,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnemap.sys -- (pdlnemap)
    DRV - [2005/09/06 10:07:18 | 000,067,072 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndsdl.sys -- (pdlndsdl)
    DRV - [2005/09/06 10:07:18 | 000,059,504 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnshay.sys -- (pdlnshay)
    DRV - [2005/09/06 10:07:18 | 000,059,392 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlndldl.sys -- (pdlndldl) IBM Enterprise Extender (HPR/IP)
    DRV - [2005/09/06 10:07:18 | 000,058,432 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnsx25.sys -- (pdlnsx25)
    DRV - [2005/09/06 10:07:18 | 000,054,416 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnsv25.sys -- (pdlnsv25)
    DRV - [2005/09/06 10:07:18 | 000,053,248 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndqll.sys -- (pdlndqll)
    DRV - [2005/09/06 10:07:18 | 000,051,712 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndtdl.sys -- (pdlndtdl)
    DRV - [2005/09/06 10:07:18 | 000,050,336 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnecfg.sys -- (pdlnecfg)
    DRV - [2005/09/06 10:07:18 | 000,038,236 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\anydlc.sys -- (Anydlc)
    DRV - [2005/09/06 10:07:18 | 000,036,048 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnafac.sys -- (pdlnafac)
    DRV - [2005/09/06 10:07:18 | 000,024,588 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\klognt.sys -- (KLOGNT)
    DRV - [2005/09/06 10:07:18 | 000,022,384 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnslea.sys -- (pdlnslea)
    DRV - [2005/09/06 10:07:18 | 000,020,480 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnatcm.sys -- (pdlnatcm)
    DRV - [2005/09/06 10:07:18 | 000,019,984 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnepkt.sys -- (pdlnepkt)
    DRV - [2005/09/06 10:07:18 | 000,018,944 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndoem.sys -- (pdlndoem)
    DRV - [2005/09/06 10:07:18 | 000,018,432 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnatdl.sys -- (pdlnatdl)
    DRV - [2005/09/06 10:07:18 | 000,012,800 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndint.sys -- (pdlndint)
    DRV - [2005/09/06 10:07:18 | 000,012,768 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnemsg.sys -- (pdlnemsg)
    DRV - [2005/09/06 10:07:18 | 000,012,288 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlnctdl.sys -- (pdlnctdl)
    DRV - [2005/09/06 10:07:18 | 000,012,028 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nstrcnt.sys -- (NsTrcNT)
    DRV - [2005/09/06 10:07:18 | 000,008,608 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnebas.sys -- (pdlnebas)
    DRV - [2005/09/06 10:07:18 | 000,006,784 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlncbas.sys -- (pdlncbas)
    DRV - [2004/06/03 18:47:26 | 000,164,224 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\abvpn2k.sys -- (ABVPN2K)
    DRV - [2004/05/06 17:12:10 | 000,114,688 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/jct03001pt/wps/myportal
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Web Search..."
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.ie"
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
    FF - prefs.js..extensions.enabledItems: [EMAIL="anticontainer@downthemall.net:1.0"]anticontainer@downthemall.net:1.0[/EMAIL]
    FF - prefs.js..extensions.enabledItems: [EMAIL="canitbecheaper@trafficbroker.co.uk:3.1.5"]canitbecheaper@trafficbroker.co.uk:3.1.5[/EMAIL]
    FF - prefs.js..extensions.enabledItems: [EMAIL="jqs@sun.com:1.0"]jqs@sun.com:1.0[/EMAIL]
    FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
    FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@IBM.com/Java60: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ff [2010/11/23 14:11:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 18:06:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/25 08:09:40 | 000,000,000 | ---D | M]

    [2008/11/18 10:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\Extensions
    [2010/02/04 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\eclipse\extensions
    [2008/06/23 15:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\eclipse1\extensions
    [2011/06/29 16:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\lq9pmf8k.default\extensions
    [2010/12/09 16:37:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\lq9pmf8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/01/24 08:54:52 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\lq9pmf8k.default\searchplugins\web-search.xml
    [2010/09/15 15:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    File not found (No name found) --
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LQ9PMF8K.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LQ9PMF8K.DEFAULT\EXTENSIONS\ANTICONTAINER@DOWNTHEMALL.NET.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LQ9PMF8K.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
    [2010/11/23 14:11:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\IBM\JAVA60\JRE\LIB\DEPLOY\JQS\FF
    [2011/05/10 18:06:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/05/10 18:06:13 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2011/05/10 18:06:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/05/10 18:06:13 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2011/05/10 18:06:13 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2011/05/10 18:06:13 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java60\jre\bin\ssv.dll (IBM)
    O2 - BHO: (no name) - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll (IBM)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ie\jqs_plugin.dll (IBM)
    O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {00B8E20C-5C71-4C2F-85A5-6AD541500DF0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7F312B9A-208B-49FA-8218-B9AA22EC1463} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A1B2F3FA-DD1D-470B-A23E-A133B2F8EF60} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
    O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
    O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
    O4 - HKLM..\Run: [C4EBReg] C:\Program Files\C4ebreg\c4ebreg.exe (IBM Corp.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe (IBM)
    O4 - HKLM..\Run: [Isamtray] C:\Program Files\C4ebreg\isamtray.exe (IBM Corp.)
    O4 - HKLM..\Run: [ISSI Service] c:\sdwork\issimsvc.exe (IBM Corp.)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.25/pmonmh.exe ()
    O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
    O4 - HKLM..\Run: [stgclean] c:\sdwork\w32maing.exe (IBM Corp.)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [Tpam.exe] C:\Program Files\IBM\Personal Communications\tpam.exe ()
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKCU..\Run: [assistant2] C:\Program Files\VoiceRite\Client\Viewer.exe (VoiceRite, Inc)
    O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKCU..\Run: [IBM Lotus Sametime Connect] C:\Program Files\IBM\Lotus\Sametime Connect 802\rcp\rcplauncher.exe ()
    O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Network Client\NetSP.exe (AT&T)
    O4 - HKCU..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe ()
    O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk = C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: noDriveTypeAutorun = 221
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: ibm.com ([w3] * in Local intranet)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} https://de201.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (CentraUpdaterAxCtl Class)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www3.snapfish.ie/SnapfishActivia.cab (Snapfish Activia)
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://photos.fujipix.ie/imagine/ax/ImageUploader5.cab (Image Uploader Control)
    O16 - DPF: {5F30F398-64B6-4D5B-AF59-164FB61F56A6} https://comp.emea.workscape.com/oneforce/compplanner/master.cab (One Force Compplanner)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265405737920 (WUWebControl Class)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http:// (Java Plug-in 1.6.0)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} http://w3.ibm.com/bluepages/scripts/lnwebassist.cab (LNWebAssist Class)
    O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_13)
    O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
    O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (RealPlayer G2 Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E734BF43-7194-4E3A-832F-307606DDF665} https://cs.conferenceservers.com/components/WDPLUGIN.CAB (Unyte Conferencing Plugin)
    O16 - DPF: Microsoft XML Parser for Java [URL]file://C:\WINDOWS\Java\classes\xmldso.cab[/URL] (Reg Error: Key error.)
    O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\sappc\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
    O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\sappc\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
    O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
    O20 - Winlogon\Notify\atmgrtok: DllName - atmgrtok.dll - C:\Program Files\IBM\Personal Communications\atmgrtok.dll (IBM Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O20 - Winlogon\Notify\pcsinst: DllName - pcsinst.dll - C:\WINDOWS\System32\pcsinst.dll (IBM Corporation)
    O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
    O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
    O24 - Desktop Components:0 () - [URL]file:///C:/Documents%20and%20Settings/ray/Desktop/camera/DSC00040.JPG[/URL]
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/04/04 18:44:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk /r \??\E:) - File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/25 09:46:56 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
    [2011/07/25 09:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Application Data\smkits
    [2011/07/25 09:00:08 | 000,083,064 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR200.SYS
    [2011/07/25 09:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Local Settings\Application Data\NPE
    [2011/07/25 09:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
    [2011/07/25 08:08:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/07/25 06:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Application Data\Malwarebytes
    [2011/07/25 06:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/07/25 06:04:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/07/25 06:04:15 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/07/25 06:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/07/25 06:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/07/25 00:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2011/07/25 00:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2011/07/13 12:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Desktop\QC Defects
    [2011/07/07 16:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    [2011/06/26 09:42:21 | 000,000,000 | -HSD | C] -- C:\found.004
    [2008/04/23 12:19:31 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\ray\Application Data\pcouffin.sys
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\ray\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\ray\Local Settings\Application Data\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2020/02/17 20:53:24 | 000,098,304 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\System32\TPMDDL.dll
    [2015/04/12 05:06:12 | 000,023,552 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\PostProc.dll
    [2014/05/15 04:06:28 | 002,310,144 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
    [2014/05/15 04:06:28 | 001,503,232 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
    [2014/05/15 04:06:28 | 000,899,706 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll
    [2014/05/15 04:06:28 | 000,524,850 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.cpa
    [2014/05/15 04:06:28 | 000,524,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
    [2014/05/15 04:06:28 | 000,450,560 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
    [2014/05/15 04:06:28 | 000,214,746 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmdev5.dll
    [2014/05/15 04:06:28 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
    [2014/05/15 04:06:28 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
    [2014/05/15 04:06:28 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
    [2014/05/15 04:06:28 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
    [2014/05/15 04:06:28 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
    [2014/05/15 04:06:28 | 000,147,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
    [2014/05/15 04:06:28 | 000,147,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
    [2014/05/15 04:06:28 | 000,147,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
    [2014/05/15 04:06:28 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
    [2014/05/15 04:06:28 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
    [2014/05/15 04:06:28 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
    [2014/05/15 04:06:28 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
    [2014/05/15 04:06:28 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
    [2014/05/15 04:06:28 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
    [2014/05/15 04:06:28 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
    [2014/05/15 04:06:28 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
    [2014/05/15 04:06:28 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
    [2014/05/15 04:06:28 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
    [2014/05/15 04:06:28 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
    [2014/05/15 04:06:28 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
    [2014/05/15 04:06:28 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
    [2014/05/15 04:06:28 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
    [2014/05/15 04:06:28 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
    [2014/05/15 04:06:28 | 000,119,419 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll
    [2014/05/15 04:06:28 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
    [2014/05/15 04:06:28 | 000,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
    [2014/05/15 04:06:28 | 000,098,304 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
    [2014/05/15 04:06:28 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
    [2014/05/15 04:06:28 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
    [2014/05/15 04:06:28 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
    [2014/05/15 04:06:28 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
    [2014/05/15 04:06:28 | 000,073,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
    [2014/05/15 04:06:28 | 000,061,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4450.dll
    [2014/05/15 04:06:28 | 000,058,704 | ---- | M] () -- C:\WINDOWS\System32\igxpxk32.vp
    [2014/05/15 04:06:28 | 000,057,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\oemdspif.dll
    [2014/05/15 04:06:28 | 000,057,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
    [2014/05/15 04:06:28 | 000,049,152 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
    [2014/05/15 04:06:28 | 000,040,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
    [2014/05/15 04:06:28 | 000,036,990 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll
    [2014/05/15 04:06:28 | 000,025,936 | ---- | M] () -- C:\WINDOWS\System32\igxpxs32.vp
    [2014/05/15 04:06:28 | 000,000,929 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.vp
    [2011/07/25 09:47:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
    [2011/07/25 09:29:59 | 000,000,319 | RHS- | M] () -- C:\boot.ini
    [2011/07/25 09:08:19 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
    [2011/07/25 09:07:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/07/25 09:02:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/07/25 09:01:07 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
    [2011/07/25 09:00:08 | 000,083,064 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR200.SYS
    [2011/07/25 08:14:12 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2011/07/25 08:09:41 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/07/25 06:04:19 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/07/25 05:56:34 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\y613x7814o263y7irkx
    [2011/07/25 05:56:34 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y613x7814o263y7irkx
    [2011/07/24 23:53:51 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/24 23:53:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\qicj.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qcmj.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\mkqh.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jupe.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\cmop.exe
    [2011/07/24 23:46:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mgcp.exe
    [2011/07/24 23:46:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\hdhq.exe
    [2011/07/24 21:38:16 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Network Client.lnk
    [2011/07/24 16:24:57 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2011/07/23 22:09:48 | 000,000,074 | ---- | M] () -- C:\Documents and Settings\ray\default.pls
    [2011/07/23 21:36:56 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\ray\Application Data\vso_ts_preview.xml
    [2011/07/14 09:02:11 | 000,350,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/07/14 08:09:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/07/12 13:33:13 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
    [2011/07/07 16:49:32 | 000,101,148 | ---- | M] () -- C:\Documents and Settings\ray\screenshot.JPG
    [2011/07/06 16:00:00 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\Minitab Software Update Manager.job
    [2011/07/05 15:49:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/07/03 23:01:49 | 000,005,536 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\ray\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\ray\Local Settings\Application Data\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/07/25 08:09:40 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2011/07/25 08:09:40 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/07/25 06:04:19 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/07/25 06:03:37 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\ray\Desktop\rkill.com
    [2011/07/24 23:46:11 | 000,013,544 | -HS- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\y613x7814o263y7irkx
    [2011/07/24 23:46:11 | 000,013,544 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y613x7814o263y7irkx
    [2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\qicj.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qcmj.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\mkqh.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jupe.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\cmop.exe
    [2011/07/24 23:46:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mgcp.exe
    [2011/07/24 23:46:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\hdhq.exe
    [2011/07/12 13:33:13 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
    [2011/07/07 16:49:31 | 000,101,148 | ---- | C] () -- C:\Documents and Settings\ray\screenshot.JPG
    [2011/03/01 18:30:05 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
    [2010/12/14 12:44:15 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2010/12/02 17:33:26 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
    [2010/04/30 14:51:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\chrtmp
    [2010/03/25 12:40:03 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
    [2010/01/03 13:07:57 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
    [2010/01/03 13:07:57 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
    [2010/01/03 13:07:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\$_hpcst$.hpc
    [2009/12/30 18:21:26 | 000,076,420 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/10/07 12:04:32 | 000,144,236 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
    [2009/03/26 11:07:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
    [2009/03/26 11:03:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
    [2009/03/26 11:03:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
    [2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/11/18 10:49:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/07/23 17:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2008/06/09 15:25:55 | 000,082,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
    [2008/04/25 08:10:21 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\vso_ts_preview.xml
    [2008/04/24 09:03:59 | 000,005,536 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2008/04/23 12:19:32 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\inst.exe
    [2008/04/23 12:19:31 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\pcouffin.cat
    [2008/04/23 12:19:31 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\pcouffin.inf
    [2008/04/17 11:18:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\3dsmax.ini
    [2008/04/17 11:18:47 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\InstallSettings.ini
    [2008/04/15 15:02:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2008/02/15 13:54:11 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2008/01/09 12:18:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2007/10/17 19:47:43 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
    [2007/10/12 00:00:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2007/05/16 19:43:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
    [2007/05/04 15:31:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2007/04/26 09:47:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/04/25 22:17:44 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/04/23 19:33:17 | 000,001,012 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/04/23 11:56:09 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
    [2007/03/21 01:24:53 | 000,000,286 | ---- | C] () -- C:\WINDOWS\brioqry6.ini
    [2007/03/21 01:24:44 | 000,043,494 | ---- | C] () -- C:\WINDOWS\bqmeta0.ini
    [2007/03/21 01:24:44 | 000,028,139 | ---- | C] () -- C:\WINDOWS\bqformat.ini
    [2007/03/21 01:21:34 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
    [2007/03/21 01:10:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
    [2007/03/21 01:10:26 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
    [2007/03/21 01:08:07 | 000,010,009 | ---- | C] () -- C:\WINDOWS\agnslang.ini
    [2007/03/21 01:06:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
    [2007/03/21 01:06:33 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
    [2007/03/21 01:05:49 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
    [2007/03/21 01:05:24 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
    [2007/03/21 01:05:23 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
    [2007/03/21 01:03:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
    [2007/03/21 01:00:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
    [2007/03/21 01:00:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
    [2007/03/20 18:17:11 | 000,000,486 | ---- | C] () -- C:\WINDOWS\saplogon.ini
    [2007/03/20 18:08:11 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
    [2006/11/29 23:10:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/08/08 00:16:46 | 000,156,672 | ---- | C] () -- C:\WINDOWS\ai63f5.exe
    [2006/08/01 20:13:02 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2006/07/17 21:30:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
    [2006/01/24 01:55:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2005/09/06 10:07:18 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.com
    [2005/04/27 10:53:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
    [2005/04/05 21:46:42 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
    [2005/04/05 20:59:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcsmig.INI
    [2005/04/05 20:45:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdresrc.dll
    [2005/04/05 20:45:51 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\pdclntif.dll
    [2005/04/05 20:45:51 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\pdprDlg.dll
    [2005/04/05 20:45:51 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\selnt.dll
    [2005/04/05 20:45:51 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\IBMMenu.dll
    [2005/04/04 20:42:47 | 000,000,299 | RH-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/04/04 19:42:15 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2005/04/04 19:36:58 | 000,004,702 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/04/04 19:34:38 | 000,350,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2005/04/04 18:46:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2005/04/04 18:41:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/04 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 06:00:00 | 000,435,598 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 06:00:00 | 000,069,588 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 06:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/04/08 01:00:00 | 006,150,961 | ---- | C] () -- C:\WINDOWS\System32\jre116.exe
    [2003/04/08 01:00:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
    [2003/04/08 01:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
    [2003/04/08 01:00:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
    [2003/04/08 01:00:00 | 000,014,928 | ---- | C] () -


  • #18
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    can you post the mbam log ?



    open OTL paste this in the custom scan/fixes box at the bottom



    :OTL
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\ray\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\ray\Local Settings\Application Data\*.tmp -> ]
    [2011/07/25 05:56:34 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\y613x7814o263y7irkx
    [2011/07/25 05:56:34 | 000,013,544 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\y613x7814o263y7irkx
    [2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\qicj.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\qcmj.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\mkqh.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\jupe.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\cmop.exe
    [2011/07/24 23:46:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mgcp.exe
    [2011/07/24 23:46:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\hdhq.exe
    [2011/07/25 06:03:37 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\ray\Desktop\rkill.com
    [2011/07/24 23:46:11 | 000,013,544 | -HS- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\y613x7814o263y7irkx
    [2011/07/24 23:46:11 | 000,013,544 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y613x7814o263y7irkx
    [2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\qicj.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qcmj.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\mkqh.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\jupe.exe
    [2011/07/24 23:46:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\cmop.exe
    [2011/07/24 23:46:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mgcp.exe
    [2011/07/24 23:46:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\hdhq.exe
    :Commands
    [EMPTYTEMP]
    [PURITY]
    [EMPTYFLASH]
    [RESETHOSTS]
    [CREATERESTOREPOINT]



    click run fix


  • #19
    RayCon
    Registered Users, Registered Users 2 Posts: 4,953 ✭✭✭RayCon


    Thanks very much ASJ112 .... I did as you said and report is as follows :
    All processes killed
    ========== OTL ==========
    C:\WINDOWS\000001_.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\Documents and Settings\ray\Local Settings\Application Data\d3d9caps.tmp deleted successfully.
    C:\Documents and Settings\ray\Local Settings\Application Data\y613x7814o263y7irkx moved successfully.
    C:\Documents and Settings\All Users\Application Data\y613x7814o263y7irkx moved successfully.
    C:\Documents and Settings\ray\Local Settings\Application Data\qicj.exe moved successfully.
    C:\Documents and Settings\All Users\Application Data\qcmj.exe moved successfully.
    C:\Documents and Settings\ray\Local Settings\Application Data\mkqh.exe moved successfully.
    C:\Documents and Settings\All Users\Application Data\jupe.exe moved successfully.
    C:\Documents and Settings\ray\Local Settings\Application Data\cmop.exe moved successfully.
    C:\Documents and Settings\All Users\Application Data\mgcp.exe moved successfully.
    C:\Documents and Settings\ray\Local Settings\Application Data\hdhq.exe moved successfully.
    C:\Documents and Settings\ray\Desktop\rkill.com moved successfully.
    File C:\Documents and Settings\ray\Local Settings\Application Data\y613x7814o263y7irkx not found.
    File C:\Documents and Settings\All Users\Application Data\y613x7814o263y7irkx not found.
    File C:\Documents and Settings\ray\Local Settings\Application Data\qicj.exe not found.
    File C:\Documents and Settings\All Users\Application Data\qcmj.exe not found.
    File C:\Documents and Settings\ray\Local Settings\Application Data\mkqh.exe not found.
    File C:\Documents and Settings\All Users\Application Data\jupe.exe not found.
    File C:\Documents and Settings\ray\Local Settings\Application Data\cmop.exe not found.
    File C:\Documents and Settings\All Users\Application Data\mgcp.exe not found.
    File C:\Documents and Settings\ray\Local Settings\Application Data\hdhq.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 6256756 bytes
    ->Temporary Internet Files folder emptied: 11795919 bytes
    ->Flash cache emptied: 300 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 196742 bytes
    ->Flash cache emptied: 41920 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 55168395 bytes
    ->Flash cache emptied: 291 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 2317232 bytes

    User: ray
    ->Temp folder emptied: 198178726 bytes
    ->Temporary Internet Files folder emptied: 25641777 bytes
    ->Java cache emptied: 29721645 bytes
    ->FireFox cache emptied: 52192355 bytes
    ->Flash cache emptied: 1527014 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 117277126 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 106320806 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 103424 bytes

    Total Files Cleaned = 579.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: ray
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.26.1 log created on 07252011_133012
    Files\Folders moved on Reboot...
    C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\Y38Y0C47\o2om_smscenter_new[1].htm moved successfully.
    C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\RWSXIWFH\smscenter_send[1].htm moved successfully.
    C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\RWSXIWFH\ssomanager[1].htm moved successfully.
    C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\L2Y031MH\Home[1].htm moved successfully.
    C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\2M938DVC\search[1].htm moved successfully.
    C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\2M938DVC\showthread[1].htm moved successfully.
    C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\295LTSBR\asp_view_month[1].htm moved successfully.
    C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
    Registry entries deleted on Reboot...

    In Windows Security Centre it will not let me switch on "Automatic Updates" ??


  • #20
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    side effect of the malware probably, will deal with that later


    can you post the mbam log ?


    open OTL paste this in the custom scan/fixes box


    netsvcs
    drivers32
    activex
    safebootminimal
    safebootnetwork
    msconfig
    C:\Documents and Settings\ray\Local Settings\Application Data\*.*
    C:\Documents and Settings\All Users\Application Data\*.*


    click quick scan post the log it gives


  • #21
    RayCon
    Registered Users, Registered Users 2 Posts: 4,953 ✭✭✭RayCon


    Think I deleted the mbam log - I can't find it !

    Found the answer to the Automatic Updates problem on microsofts help site: Start > run > typed in regsvr32 wuaueng.dll and it turned back on.

    Report from OTL ...
    OTL logfile created on: 25/07/2011 13:54:50 - Run 2
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ray\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.64% Memory free
    3.33 Gb Paging File | 2.52 Gb Available in Paging File | 75.71% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.89 Gb Total Space | 24.78 Gb Free Space | 44.33% Space Free | Partition Type: NTFS

    Computer Name: L3T7456 | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/25 09:47:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
    PRC - [2011/05/25 12:23:00 | 000,183,024 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe
    PRC - [2011/02/21 16:57:04 | 000,294,168 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\isamtray.exe
    PRC - [2011/02/21 16:56:06 | 000,490,776 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe
    PRC - [2011/02/03 16:51:40 | 001,432,800 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
    PRC - [2011/02/03 16:51:36 | 002,982,624 | ---- | M] (IBM Corp.) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
    PRC - [2010/10/27 11:45:48 | 000,184,371 | ---- | M] () -- C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.4.25\pmonmh.exe
    PRC - [2010/09/30 11:47:53 | 000,010,752 | ---- | M] (IBM Corp) -- C:\notes\ntaskldr.exe
    PRC - [2010/09/30 11:47:20 | 003,399,680 | ---- | M] (IBM Corp) -- c:\notes\nsd.exe
    PRC - [2010/09/03 17:07:22 | 000,152,840 | ---- | M] (IBM) -- C:\Program Files\IBM\Java60\jre\bin\jqs.exe
    PRC - [2010/02/08 11:19:02 | 000,872,518 | ---- | M] () -- C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
    PRC - [2010/02/04 16:05:30 | 000,110,592 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\Lotus\Sametime Connect 802\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200904080758\jre\bin\sametime80w.exe
    PRC - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\WINDOWS\system32\hasplms.exe
    PRC - [2009/10/07 12:36:20 | 000,263,520 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetClientSvc.exe
    PRC - [2009/10/07 12:36:18 | 000,619,872 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\netcfgsvr.exe
    PRC - [2009/09/29 11:30:00 | 000,058,760 | ---- | M] (IBM Corp) -- c:\notes\ntmulti.exe
    PRC - [2009/09/29 11:27:56 | 001,676,680 | ---- | M] (IBM Corp) -- C:\notes\nlnotes.exe
    PRC - [2009/04/02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    PRC - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
    PRC - [2008/10/09 23:37:58 | 000,180,224 | ---- | M] () -- C:\Program Files\IBM\Lotus\Sametime Connect 802\rcp\eclipse\plugins\com.ibm.rcp.base_6.1.1.200810091628\win32\x86\eclipse.exe
    PRC - [2008/09/03 15:04:22 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
    PRC - [2008/05/02 05:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/04/07 11:22:26 | 000,038,688 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
    PRC - [2008/03/18 02:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    PRC - [2007/11/27 12:58:28 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
    PRC - [2007/10/24 13:58:00 | 000,013,312 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
    PRC - [2007/05/17 11:50:16 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    PRC - [2007/05/17 11:49:28 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    PRC - [2007/05/17 11:49:24 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    PRC - [2007/05/17 11:46:44 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    PRC - [2007/05/17 11:41:20 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    PRC - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
    PRC - [2007/01/30 13:02:28 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewerS\QuickDCF2.exe
    PRC - [2006/10/20 10:01:30 | 002,107,392 | ---- | M] (VoiceRite, Inc) -- C:\Program Files\VoiceRite\Client\Viewer.exe
    PRC - [2006/09/27 21:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
    PRC - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    PRC - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    PRC - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    PRC - [2006/09/27 15:15:56 | 000,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    PRC - [2006/09/27 15:14:44 | 000,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    PRC - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    PRC - [2006/08/01 20:18:00 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    PRC - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    PRC - [2006/07/19 20:26:10 | 000,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    PRC - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    PRC - [2006/07/19 20:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2006/05/30 01:00:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    PRC - [2006/02/14 01:00:00 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2005/09/06 10:07:18 | 000,036,864 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
    PRC - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\trcboot.exe
    PRC - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\ldlcserv.exe
    PRC - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] () -- C:\Program Files\IBM\Personal Communications\tpam.exe
    PRC - [2005/07/05 15:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    PRC - [2005/06/06 22:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/07/25 09:47:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
    MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/05/02 05:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
    MOD - [2006/02/14 01:00:00 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/05/25 12:23:00 | 000,183,024 | ---- | M] (IBM Corp.) [Auto | Running] -- c:\sdwork\issimsvc.exe -- (ISSIMon)
    SRV - [2011/02/21 16:56:06 | 000,490,776 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\C4ebreg\c4ebreg.exe -- (ISAMSvc)
    SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
    SRV - [2011/02/03 16:51:36 | 002,982,624 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
    SRV - [2010/09/30 11:47:20 | 003,399,680 | ---- | M] (IBM Corp) [Auto | Running] -- c:\notes\nsd.exe -- (Lotus Notes Diagnostics)
    SRV - [2010/09/03 17:07:22 | 000,152,840 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Java60\jre\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
    SRV - [2009/10/07 12:36:20 | 000,263,520 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Network Client\NetClientSvc.exe -- (NetClientSvc)
    SRV - [2009/10/07 12:36:18 | 000,619,872 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Network Client\netcfgsvr.exe -- (NetCfgSvr)
    SRV - [2009/09/29 11:30:00 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- c:\notes\ntmulti.exe -- (Multi-user Cleanup Service)
    SRV - [2009/03/31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2008/04/07 11:22:26 | 000,038,688 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_DB2COPY1) DB2 Management Service (DB2COPY1)
    SRV - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2007/11/27 12:58:28 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
    SRV - [2007/10/24 13:58:00 | 000,013,312 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2007/05/17 11:49:28 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
    SRV - [2007/05/17 11:49:24 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
    SRV - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
    SRV - [2006/09/27 21:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Running] -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2006/09/27 21:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2006/09/27 21:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2006/09/27 15:15:56 | 000,173,744 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
    SRV - [2006/09/27 15:14:44 | 000,087,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC)
    SRV - [2006/08/07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2006/08/01 20:18:00 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
    SRV - [2006/07/19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2006/07/19 20:26:10 | 000,202,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
    SRV - [2006/07/19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
    SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
    SRV - [2005/09/06 10:07:18 | 000,032,768 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appnnode.exe -- (AppnNode)
    SRV - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\trcboot.exe -- (TrcBoot)
    SRV - [2005/09/06 10:07:18 | 000,028,672 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\ldlcserv.exe -- (ldlcserv)
    SRV - [2005/06/06 22:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/05/18 09:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110724.003\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/05/18 09:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110724.003\NAVENG.SYS -- (NAVENG)
    DRV - [2011/05/10 09:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/05/10 09:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/09/15 18:07:10 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20110720.001\SymIDSCo.sys -- (SYMIDSCO)
    DRV - [2010/02/22 11:55:54 | 000,006,400 | ---- | M] (IBM Corp.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\isamfilter.sys -- (IsamFilter)
    DRV - [2009/12/09 21:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
    DRV - [2009/10/07 12:41:44 | 000,019,328 | R--- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi)
    DRV - [2009/10/07 12:41:24 | 000,011,392 | R--- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
    DRV - [2009/10/07 12:05:12 | 000,219,776 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt)
    DRV - [2009/08/20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
    DRV - [2009/03/31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
    DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
    DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
    DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/04/05 07:19:20 | 000,546,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2007/04/02 11:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
    DRV - [2007/02/19 06:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
    DRV - [2006/12/22 12:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2006/11/15 03:00:20 | 000,055,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
    DRV - [2006/09/18 18:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
    DRV - [2006/08/07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2006/08/07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2006/08/07 17:02:18 | 000,031,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
    DRV - [2006/08/07 17:02:14 | 000,028,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
    DRV - [2006/08/07 17:02:02 | 000,110,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
    DRV - [2006/08/07 17:01:56 | 000,012,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
    DRV - [2006/08/03 02:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
    DRV - [2006/08/03 02:54:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
    DRV - [2006/08/01 20:04:00 | 000,328,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2006/08/01 20:00:34 | 000,851,706 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2006/08/01 19:58:12 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2006/08/01 19:57:26 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2006/08/01 19:54:32 | 000,148,996 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2006/07/21 01:00:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
    DRV - [2006/05/26 01:00:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
    DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2005/11/08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
    DRV - [2005/09/06 10:07:18 | 001,286,560 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\appn.sys -- (Appn)
    DRV - [2005/09/06 10:07:18 | 000,195,872 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AppnBase.sys -- (AppnBase)
    DRV - [2005/09/06 10:07:18 | 000,160,288 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlncfwk.sys -- (pdlncfwk)
    DRV - [2005/09/06 10:07:18 | 000,120,192 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\appnapi.sys -- (AppnApi)
    DRV - [2005/09/06 10:07:18 | 000,101,408 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\llc2.sys -- (IBM_LLC2)
    DRV - [2005/09/06 10:07:18 | 000,075,200 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnacom.sys -- (pdlnacom)
    DRV - [2005/09/06 10:07:18 | 000,070,144 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndlpb.sys -- (pdlndlpb)
    DRV - [2005/09/06 10:07:18 | 000,067,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnemap.sys -- (pdlnemap)
    DRV - [2005/09/06 10:07:18 | 000,067,072 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndsdl.sys -- (pdlndsdl)
    DRV - [2005/09/06 10:07:18 | 000,059,504 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnshay.sys -- (pdlnshay)
    DRV - [2005/09/06 10:07:18 | 000,059,392 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlndldl.sys -- (pdlndldl) IBM Enterprise Extender (HPR/IP)
    DRV - [2005/09/06 10:07:18 | 000,058,432 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnsx25.sys -- (pdlnsx25)
    DRV - [2005/09/06 10:07:18 | 000,054,416 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnsv25.sys -- (pdlnsv25)
    DRV - [2005/09/06 10:07:18 | 000,053,248 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndqll.sys -- (pdlndqll)
    DRV - [2005/09/06 10:07:18 | 000,051,712 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndtdl.sys -- (pdlndtdl)
    DRV - [2005/09/06 10:07:18 | 000,050,336 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnecfg.sys -- (pdlnecfg)
    DRV - [2005/09/06 10:07:18 | 000,038,236 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\anydlc.sys -- (Anydlc)
    DRV - [2005/09/06 10:07:18 | 000,036,048 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnafac.sys -- (pdlnafac)
    DRV - [2005/09/06 10:07:18 | 000,024,588 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\klognt.sys -- (KLOGNT)
    DRV - [2005/09/06 10:07:18 | 000,022,384 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnslea.sys -- (pdlnslea)
    DRV - [2005/09/06 10:07:18 | 000,020,480 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnatcm.sys -- (pdlnatcm)
    DRV - [2005/09/06 10:07:18 | 000,019,984 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnepkt.sys -- (pdlnepkt)
    DRV - [2005/09/06 10:07:18 | 000,018,944 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndoem.sys -- (pdlndoem)
    DRV - [2005/09/06 10:07:18 | 000,018,432 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnatdl.sys -- (pdlnatdl)
    DRV - [2005/09/06 10:07:18 | 000,012,800 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndint.sys -- (pdlndint)
    DRV - [2005/09/06 10:07:18 | 000,012,768 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnemsg.sys -- (pdlnemsg)
    DRV - [2005/09/06 10:07:18 | 000,012,288 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlnctdl.sys -- (pdlnctdl)
    DRV - [2005/09/06 10:07:18 | 000,012,028 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nstrcnt.sys -- (NsTrcNT)
    DRV - [2005/09/06 10:07:18 | 000,008,608 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnebas.sys -- (pdlnebas)
    DRV - [2005/09/06 10:07:18 | 000,006,784 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlncbas.sys -- (pdlncbas)
    DRV - [2004/06/03 18:47:26 | 000,164,224 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\abvpn2k.sys -- (ABVPN2K)
    DRV - [2004/05/06 17:12:10 | 000,114,688 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/jct03001pt/wps/myportal
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Web Search..."
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.ie"
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
    FF - prefs.js..extensions.enabledItems: [EMAIL="anticontainer@downthemall.net:1.0"]anticontainer@downthemall.net:1.0[/EMAIL]
    FF - prefs.js..extensions.enabledItems: [EMAIL="canitbecheaper@trafficbroker.co.uk:3.1.5"]canitbecheaper@trafficbroker.co.uk:3.1.5[/EMAIL]
    FF - prefs.js..extensions.enabledItems: [EMAIL="jqs@sun.com:1.0"]jqs@sun.com:1.0[/EMAIL]
    FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
    FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@IBM.com/Java60: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ff [2010/11/23 14:11:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 18:06:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/25 08:09:40 | 000,000,000 | ---D | M]

    [2008/11/18 10:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\Extensions
    [2010/02/04 16:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\eclipse\extensions
    [2008/06/23 15:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\eclipse1\extensions
    [2011/06/29 16:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\lq9pmf8k.default\extensions
    [2010/12/09 16:37:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\lq9pmf8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/01/24 08:54:52 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\lq9pmf8k.default\searchplugins\web-search.xml
    [2010/09/15 15:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    File not found (No name found) --
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LQ9PMF8K.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LQ9PMF8K.DEFAULT\EXTENSIONS\ANTICONTAINER@DOWNTHEMALL.NET.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\RAY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\LQ9PMF8K.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
    [2010/11/23 14:11:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\IBM\JAVA60\JRE\LIB\DEPLOY\JQS\FF
    [2011/05/10 18:06:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/05/10 18:06:13 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2011/05/10 18:06:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/05/10 18:06:13 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2011/05/10 18:06:13 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2011/05/10 18:06:13 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2011/07/25 13:31:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java60\jre\bin\ssv.dll (IBM)
    O2 - BHO: (no name) - {a1b2f3fa-dd1d-470b-a23e-a133b2f8ef60} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll (IBM)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ie\jqs_plugin.dll (IBM)
    O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {00B8E20C-5C71-4C2F-85A5-6AD541500DF0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {7F312B9A-208B-49FA-8218-B9AA22EC1463} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A1B2F3FA-DD1D-470B-A23E-A133B2F8EF60} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
    O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
    O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
    O4 - HKLM..\Run: [C4EBReg] C:\Program Files\C4ebreg\c4ebreg.exe (IBM Corp.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe (IBM)
    O4 - HKLM..\Run: [Isamtray] C:\Program Files\C4ebreg\isamtray.exe (IBM Corp.)
    O4 - HKLM..\Run: [ISSI Service] c:\sdwork\issimsvc.exe (IBM Corp.)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.25/pmonmh.exe ()
    O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
    O4 - HKLM..\Run: [stgclean] c:\sdwork\w32maing.exe (IBM Corp.)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [Tpam.exe] C:\Program Files\IBM\Personal Communications\tpam.exe ()
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
    O4 - HKCU..\Run: [assistant2] C:\Program Files\VoiceRite\Client\Viewer.exe (VoiceRite, Inc)
    O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKCU..\Run: [IBM Lotus Sametime Connect] C:\Program Files\IBM\Lotus\Sametime Connect 802\rcp\rcplauncher.exe ()
    O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Network Client\NetSP.exe (AT&T)
    O4 - HKCU..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe ()
    O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk = C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: noDriveTypeAutorun = 221
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: ibm.com ([w3] * in Local intranet)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} https://de201.centra.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (CentraUpdaterAxCtl Class)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www3.snapfish.ie/SnapfishActivia.cab (Snapfish Activia)
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://photos.fujipix.ie/imagine/ax/ImageUploader5.cab (Image Uploader Control)
    O16 - DPF: {5F30F398-64B6-4D5B-AF59-164FB61F56A6} https://comp.emea.workscape.com/oneforce/compplanner/master.cab (One Force Compplanner)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265405737920 (WUWebControl Class)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http:// (Java Plug-in 1.6.0)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} http://w3.ibm.com/bluepages/scripts/lnwebassist.cab (LNWebAssist Class)
    O16 - DPF: {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_13)
    O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
    O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (RealPlayer G2 Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E734BF43-7194-4E3A-832F-307606DDF665} https://cs.conferenceservers.com/components/WDPLUGIN.CAB (Unyte Conferencing Plugin)
    O16 - DPF: Microsoft XML Parser for Java [URL]file://C:\WINDOWS\Java\classes\xmldso.cab[/URL] (Reg Error: Key error.)
    O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\sappc\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
    O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\sappc\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
    O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
    O20 - Winlogon\Notify\atmgrtok: DllName - atmgrtok.dll - C:\Program Files\IBM\Personal Communications\atmgrtok.dll (IBM Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O20 - Winlogon\Notify\pcsinst: DllName - pcsinst.dll - C:\WINDOWS\System32\pcsinst.dll (IBM Corporation)
    O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
    O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
    O24 - Desktop Components:0 () - [URL]file:///C:/Documents%20and%20Settings/ray/Desktop/camera/DSC00040.JPG[/URL]
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\ray\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/04/04 18:44:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk /r \??\E:) - File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.MJPG - C:\WINDOWS\System32\Pvmjpg20.dll (Pegasus Imaging Corporation)
    Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\xvidvfw.dll ()

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {18849117-D89F-9FA0-EF73-650707C88CC9} - DirectX
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C451185A-C274-2649-D438-7C2FE9D4EB74} - Outlook Express
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E4D6A0F2-163D-BCE0-8B06-2B3943C99376} - DirectAnimation
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
    ActiveX: Microsoft Base Smart Card Crypto Provider Package -

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: nm - File not found
    SafeBootNet: nm.sys - File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk - C:\lotus\wordpro\ltsstart.exe - (Lotus Development Corporation)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.)
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
    MsConfig - StartUpReg: assistant2 - hkey= - key= - C:\Program Files\VoiceRite\Client\Viewer.exe (VoiceRite, Inc)
    MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
    MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found
    MsConfig - StartUpReg: Boots Insert Detect - hkey= - key= - C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe ()
    MsConfig - StartUpReg: C4EBReg - hkey= - key= - C:\Program Files\c4ebreg\c4ebreg.exe (IBM Corp.)
    MsConfig - StartUpReg: defergui - hkey= - key= - File not found
    MsConfig - StartUpReg: ISSI EZUpdate Service - hkey= - key= - c:\sdwork\issimsvc.exe (IBM Corp.)
    MsConfig - StartUpReg: kdx - hkey= - key= - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
    MsConfig - StartUpReg: MyHelpService - hkey= - key= - File not found
    MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
    MsConfig - StartUpReg: pmonmh - hkey= - key= - File not found
    MsConfig - StartUpReg: PSQLLauncher - hkey= - key= - File not found
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    MsConfig - StartUpReg: Sametime Connect 7.5 - hkey= - key= - C:\Program Files\IBM\Sametime Connect\sametime.exe ()
    MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)
    MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe (Sun Microsystems, Inc.)
    MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    MsConfig - StartUpReg: TPKMAPHELPER - hkey= - key= - C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
    MsConfig - StartUpReg: TVT Scheduler Proxy - hkey= - key= - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
    MsConfig - StartUpReg: YSearchProtection - hkey= - key= - File not found
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/25 13:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Application Data\smkits
    [2011/07/25 13:30:12 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/07/25 09:46:56 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
    [2011/07/25 09:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Local Settings\Application Data\NPE
    [2011/07/25 09:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
    [2011/07/25 08:08:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/07/25 06:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Application Data\Malwarebytes
    [2011/07/25 06:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/07/25 06:04:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/07/25 06:04:15 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/07/25 06:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/07/25 06:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/07/25 00:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2011/07/25 00:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2011/07/13 12:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ray\Desktop\QC Defects
    [2011/07/07 16:24:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    [2011/06/26 09:42:21 | 000,000,000 | -HSD | C] -- C:\found.004
    [2008/04/23 12:19:31 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\ray\Application Data\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2020/02/17 20:53:24 | 000,098,304 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\System32\TPMDDL.dll
    [2014/05/15 04:06:28 | 000,524,850 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.cpa
    [2014/05/15 04:06:28 | 000,058,704 | ---- | M] () -- C:\WINDOWS\System32\igxpxk32.vp
    [2014/05/15 04:06:28 | 000,025,936 | ---- | M] () -- C:\WINDOWS\System32\igxpxs32.vp
    [2014/05/15 04:06:28 | 000,000,929 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.vp
    [2011/07/25 13:37:52 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
    [2011/07/25 13:37:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/07/25 13:33:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/07/25 13:31:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2011/07/25 13:30:14 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
    [2011/07/25 09:47:00 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ray\Desktop\OTL.exe
    [2011/07/25 09:29:59 | 000,000,319 | RHS- | M] () -- C:\boot.ini
    [2011/07/25 08:09:41 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/07/25 06:04:19 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/07/24 23:53:51 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/24 23:53:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/07/24 21:38:16 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Network Client.lnk
    [2011/07/24 16:24:57 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2011/07/23 22:09:48 | 000,000,074 | ---- | M] () -- C:\Documents and Settings\ray\default.pls
    [2011/07/23 21:36:56 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\ray\Application Data\vso_ts_preview.xml
    [2011/07/14 09:02:11 | 000,350,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/07/14 08:09:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/07/12 13:33:13 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
    [2011/07/07 16:49:32 | 000,101,148 | ---- | M] () -- C:\Documents and Settings\ray\screenshot.JPG
    [2011/07/06 16:00:00 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\Minitab Software Update Manager.job
    [2011/07/05 15:49:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/07/03 23:01:49 | 000,005,536 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

    ========== Files Created - No Company Name ==========

    [2011/07/25 08:09:40 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2011/07/25 08:09:40 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/07/25 06:04:19 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/07/12 13:33:13 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
    [2011/07/07 16:49:31 | 000,101,148 | ---- | C] () -- C:\Documents and Settings\ray\screenshot.JPG
    [2011/03/01 18:30:05 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
    [2010/12/14 12:44:15 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2010/12/02 17:33:26 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
    [2010/04/30 14:51:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\chrtmp
    [2010/03/25 12:40:03 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
    [2010/01/03 13:07:57 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
    [2010/01/03 13:07:57 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
    [2010/01/03 13:07:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\$_hpcst$.hpc
    [2009/12/30 18:21:26 | 000,076,420 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/10/07 12:04:32 | 000,144,236 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
    [2009/03/26 11:07:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
    [2009/03/26 11:03:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
    [2009/03/26 11:03:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
    [2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/11/18 10:49:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/07/23 17:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2008/06/09 15:25:55 | 000,082,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
    [2008/04/25 08:10:21 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\vso_ts_preview.xml
    [2008/04/24 09:03:59 | 000,005,536 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2008/04/23 12:19:32 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\inst.exe
    [2008/04/23 12:19:31 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\pcouffin.cat
    [2008/04/23 12:19:31 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\ray\Application Data\pcouffin.inf
    [2008/04/17 11:18:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\3dsmax.ini
    [2008/04/17 11:18:47 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\InstallSettings.ini
    [2008/04/15 15:02:39 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2008/02/15 13:54:11 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2008/01/09 12:18:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2007/10/17 19:47:43 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll
    [2007/10/12 00:00:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2007/05/16 19:43:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
    [2007/05/04 15:31:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2007/04/26 09:47:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/04/25 22:17:44 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/04/23 19:33:17 | 000,001,012 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/04/23 11:56:09 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
    [2007/03/21 01:24:53 | 000,000,286 | ---- | C] () -- C:\WINDOWS\brioqry6.ini
    [2007/03/21 01:24:44 | 000,043,494 | ---- | C] () -- C:\WINDOWS\bqmeta0.ini
    [2007/03/21 01:24:44 | 000,028,139 | ---- | C] () -- C:\WINDOWS\bqformat.ini
    [2007/03/21 01:21:34 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.d


  • Advertisement
  • #22
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    open mbam, there should be a quarantine/log tab where you can get the log. Don't worry if its not there


    open OTL paste this in the custom scan/fix box


    :Files
    C:\WINDOWS\tasks\At*.job
    C:\Documents and Settings\ray\Application Data\chrtmp


    click run fix.


    re-open OTL, click the None button at the top, paste this in the custom scan/fix box

    C:\Documents and Settings\All Users\Start Menu\*.*
    C:\Documents and Settings\All Users\Start Menu\Programs\*.


    click run scan, post the log it gives


  • #23
    RayCon
    Registered Users, Registered Users 2 Posts: 4,953 ✭✭✭RayCon


    Thanks again ....
    OTL logfile created on: 25/07/2011 14:12:16 - Run 3
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\ray\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.82% Memory free
    3.33 Gb Paging File | 2.45 Gb Available in Paging File | 73.49% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.89 Gb Total Space | 24.77 Gb Free Space | 44.32% Space Free | Partition Type: NTFS

    Computer Name: L3T7456 | User Name: User | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Custom Scans ==========


    < C:\Documents and Settings\All Users\Start Menu\*.* >
    [2010/04/22 15:07:07 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
    [2006/08/08 00:16:45 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\IBM Ayudame.lnk
    [2005/04/04 18:49:01 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Internet Explorer.lnk
    [2005/04/05 21:29:58 | 000,000,555 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Lotus 1-2-3.lnk
    [2005/04/05 21:30:13 | 000,000,620 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Lotus Approach.lnk
    [2005/04/05 21:30:21 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Lotus Freelance Graphics.lnk
    [2005/12/15 02:29:49 | 000,001,468 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Lotus Notes 7.lnk
    [2005/04/05 21:30:35 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Lotus Organizer.lnk
    [2005/04/05 21:30:52 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Lotus Word Pro.lnk
    [2007/03/21 01:12:19 | 000,000,324 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\My Bluetooth Places.lnk
    [2007/06/21 12:50:59 | 000,001,992 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk
    [2007/06/21 12:50:59 | 000,002,002 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk
    [2005/04/05 20:49:41 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Sametime Connect.lnk
    [2007/03/21 01:23:11 | 000,001,415 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\SAPLOGON Customizer.lnk
    [2010/04/22 15:07:07 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
    [2007/07/20 08:09:07 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\WinAce Archiver.lnk
    [2008/05/22 11:55:54 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\WinZip.lnk

    < C:\Documents and Settings\All Users\Start Menu\Programs\*. >
    [2007/03/21 01:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Access IBM
    [2010/04/22 15:06:56 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
    [2005/04/04 19:07:15 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
    [2005/04/05 21:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AFP Workbench for Windows
    [2010/04/14 11:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AT&T Network Client
    [2008/08/01 09:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs
    [2008/05/08 13:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
    [2010/08/27 17:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AutoGK
    [2008/10/22 08:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AviSynth 2.5
    [2008/07/23 21:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\BBC iPlayer Download Manager
    [2007/10/17 19:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Boots F2CD Picture Suite
    [2007/03/21 01:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brio
    [2007/03/21 01:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Business Explorer
    [2010/09/14 09:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon iP4300
    [2008/10/08 11:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon iP4600 series
    [2008/10/08 11:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon iP4600 series Manual
    [2008/10/08 11:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon iP4600 series User Registration
    [2007/04/23 11:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon PIXMA iP4000
    [2008/10/08 11:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
    [2008/10/08 11:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CD-LabelPrint
    [2009/04/06 13:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
    [2010/12/14 12:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
    [2009/10/01 20:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Digital Photo Navigator
    [2008/09/17 22:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX
    [2007/04/26 09:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
    [2011/02/01 16:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\eManager
    [2008/11/10 17:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\FinePixViewer S
    [2005/04/04 18:41:30 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
    [2009/05/08 14:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM DB2
    [2007/03/20 17:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM GSA
    [2010/02/04 16:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM Lotus Sametime Connect
    [2006/07/18 04:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM Personal Communications
    [2011/01/24 09:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
    [2008/08/28 10:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Infoprint Select
    [2008/11/26 16:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ISC Innovation
    [2011/03/27 17:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2010/10/13 16:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lotus Applications
    [2005/04/05 21:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lotus SmartSuite
    [2011/07/25 06:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2008/08/06 20:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
    [2011/07/07 16:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    [2011/03/06 16:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Minitab
    [2008/08/01 09:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
    [2007/04/26 09:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero 7 Premium
    [2007/06/21 12:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Office Viewers
    [2009/10/01 20:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PIXELA
    [2008/04/29 17:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PL-2303 USB-Serial Driver
    [2011/03/27 17:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2008/05/16 17:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
    [2008/10/22 08:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Red Kawa
    [2009/12/30 18:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Regensoft
    [2008/04/15 15:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Roxio
    [2010/01/03 13:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung New PC Studio
    [2007/03/21 01:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SAP Front End
    [2011/04/11 15:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sony Ericsson
    [2011/03/01 21:25:00 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    [2008/08/01 09:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Switch Sound File Converter
    [2007/03/20 18:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Client Security
    [2008/02/18 19:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThinkVantage
    [2005/04/05 21:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tivoli Storage Manager
    [2005/04/05 20:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Utilities
    [2009/12/21 16:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\VoiceRite
    [2008/04/25 13:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\VSO
    [2008/08/06 20:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinAce
    [2008/01/09 21:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
    [2008/05/22 11:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
    [2011/07/25 13:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Workstation Security Tool
    [2010/08/27 17:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\XviD
    [2011/06/17 11:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Zevera Downloader

    < >
    < End of report >


  • #24
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    update mbam run a quick scan post that log here

    and tell me how its running


  • #25
    RayCon
    Registered Users, Registered Users 2 Posts: 4,953 ✭✭✭RayCon


    mbam quickscan .... laptop seems to be running great, no issues with anything since your help ...
    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org
    Database version: 7269
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    25/07/2011 14:26:58
    mbam-log-2011-07-25 (14-26-58).txt
    Scan type: Quick scan
    Objects scanned: 173470
    Time elapsed: 9 minute(s), 6 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)


  • #26
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    good stuff

    open OTL click the Cleanup button, and then you are all done :)


  • #27
    RayCon
    Registered Users, Registered Users 2 Posts: 4,953 ✭✭✭RayCon


    ASJ112 wrote: »
    good stuff

    open OTL click the Cleanup button, and then you are all done :)

    Many thanks ASJ112 - your knowledge and help was fantastic :)


  • #28
    TheRealBoss
    Registered Users, Registered Users 2 Posts: 93 ✭✭TheRealBoss


    Hi .... I'm having serious problems with this virus too.

    I've tried avg, avast, rkill, etc but with no luck.

    I can't install OTL or Malwarebytes - a program called QMT.EXE loads itself and kills the installation. If I delete qmt.exe, it seems to mess up the operating system and I cant even run windows explorer.

    Any help at all would be appreciated .... many thanks in advance !!!


  • #29
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    try run OTL in safe mode, should work there

    if that fails, rename OTL to "explorer.exe" and it should run in safe mode, then post the log from a Quick Scan from it


  • #30
    TheRealBoss
    Registered Users, Registered Users 2 Posts: 93 ✭✭TheRealBoss


    ASJ112 wrote: »
    try run OTL in safe mode, should work there

    if that fails, rename OTL to "explorer.exe" and it should run in safe mode, then post the log from a Quick Scan from it

    Thanks ASJ112 .... much appreciated ......here are the logs ....

    OTL Extras logfile created on: 11/08/11 12:26:16 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Don\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yy

    1021.98 Mb Total Physical Memory | 429.11 Mb Available Physical Memory | 41.99% Memory free
    1.28 Gb Paging File | 0.83 Gb Available in Paging File | 64.70% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 33.69 Gb Total Space | 0.61 Gb Free Space | 1.81% Space Free | Partition Type: NTFS

    Computer Name: DELL | User Name: Don | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- C:\Documents and Settings\Don\Local Settings\Application Data\qmt.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 1
    "FirewallDisableNotify" = 1
    "UpdatesDisableNotify" = 1
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Program Files\Microsoft Office\Office10\WINWORD.EXE" = C:\Program Files\Microsoft Office\Office10\WINWORD.EXE:*:Enabled:Microsoft Word
    "C:\Program Files\CommonSearch\VCatch.axe" = C:\Program FilecTComm/nSearch\VCatch.exe:*:EnableD:VCatch
    "C:\Program Files\Abacast\Abaclieft.exe" = C:XProgram Files\Abacast\Abaclient.exe:*:Disabled:Abaclient -- (ABacaqt, Hnc.)
    "C:\Program Files\Real\RealPlayer\trueplay.exe" = C:\Program Files\Real\RealPlayer\trueplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
    "C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
    "C:\Program Files\SopCast\sopvod.exe" = C:\Program Files\SopCast\sopvod.exe:*:Enabled:sopvod -- ()
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\YAhoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messengeb -- (YaHoo! Inc.)
    "C:\Procram Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!LMessenger\YServdr.exe:*:Enabled:Y!hno! FT erver
    "C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
    "C:\Program Files\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Program Files\Sierra Wireless Inc\WåbUpdater\TBUUpdater.exe:*Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
    "" =
    ":\Program Files\Rierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Prgram Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.axe:*:Enabled:CwiApiMux -- (Sierra Wireless, Inc.)
    "C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
    "C:\WINDOWS\Temp\~os8D.tmp\pmropn.exe" = C:\WINDOWS\Temp\~os8D.tmp\pmropn.exe:*:Enabled:pmropn.exe
    "c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe
    "C:\DOCUME~1\Don\LOCALS~1\Temp\RarSFX0\SwiApiMux.exe" = C:\DOCUME~1\Don\LOCALS~1\Temp\RarSFX0\SwiApiMux.exe:*:Enabled:SwiApiMux
    "C:\WINDOWS\SYSTEM32\DPVSETUP.EXE" = C:\WINDOWS\SYSTEM32\DPVSETUP.EXE:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
    "C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
    "C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
    "C:\Documents and Settings\Don\Local Settings\Temp\Temporary Internet Files\Content.IE5\1N2Q778M\SweetImSetup[1].exe" = C:\Documents and Settings\Don\Local Settings\Temp\Temporary Internet Files\Content.IE5\1N2Q778M\SweetImSetup[1].exe:*:Enabled:SweetIM Installer
    "C:\Documents and Settings\Don\Local Settings\Temp\SweetIMReinstall\SweetImSetup[1].exe" = C:\Documents and Settings\Don\Local Settings\Temp\SweetIMReinstall\SweetImSetup[1].exe:*:Enabled:SweetIM Installer
    "C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0797886C-4656-4A8B-AD29-7C22F4629C45}" = SetupSBD
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
    "{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{12230A4C-6902-4001-B606-48C6FC98B42A}" = Thomas New Line
    "{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
    "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
    "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
    "{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{178B87CB-78D5-4FC6-8866-591808F19849}" = Microsoft Office Specialist Study Guide--Office 2003 Edition
    "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
    "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
    "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
    "{221125DC-6A40-4900-B844-591F5E1195B0}" = Microsoft Visual Web Developer 2005 Express Edition - ENU
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
    "{24205C5B-A5EE-477F-938A-8E52F734B7FD}" = Web Studio 4.0
    "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
    "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
    "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{40C2D00A-9235-4EA2-8AB9-2CAB7A842B49}" = Skill Builder DX
    "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
    "{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{48A34EA8-695B-48BE-B900-C0C44D5D518A}" = Photo Viewer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
    "{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
    "{5E31D9A2-0C83-46AE-858D-A390F7C5EB77}" = SetupSBD
    "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
    "{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
    "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
    "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
    "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
    "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
    "{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
    "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{7505DE9C-4E85-4636-82F0-50F38077B900}" = Crystal Reports 11
    "{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE VCD
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
    "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
    "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{88742616-A6E9-4C7E-9665-B625799541FB}" = Wireless-G PCI Adapter
    "{89A432D7-FC6F-4D17-AE76-D6063FB2BD99}" = Sierra Wireless 3G Watcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
    "{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
    "{8D90B43B-08C2-40E4-9099-EFE1842E4A05}" = TAS Books 2 v5
    "{8DD6892C-C9A8-404B-95ED-1CCE15324178}" = BlackBerry App World Browser Plugin
    "{8E36B40E-34F4-41CE-991B-DAC7D9510D39}" = SetupSBD
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{96A52A11-4D38-43DA-A5A6-2BFF6C8D4897}" = Access Accounts 4.00f
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 008 Redistributable - x86 9.0.30729.17
    "{a0fe116e-9a8a-466f-aea0-625cb7c207e3}" = Microsoft Visual C*+ 2005 Redistribu4able - KB2467175
    "kA1F66FC9-11EE-42F-98C9-16F8D1E69FB7}" = Segoe U
    "{A3051CD0-2D6-381#-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{a5ab6888-ff41-4ab8-b772-5bfdcf597af3}.sdb" = thomas
    "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
    "{ADD31791-D676-4A7B-8FA8-A6EE7F1B4E5A}" = JourneySoftwarePromo
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
    "{B7757137-0A71-4A9F-8A82-1AE4A1B73420}" = Nokia Connectivity Cable Driver
    "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
    "{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
    "{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
    "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
    "{C0774966-2821-11D3-B32D-00A0C9DA500E}" = Seagate Crystal Reports Professional Edition
    "{C09FB3CD-1D0C-3F2D-899A-6A1D67F2073F}" = Micposoft .NET FramewoRk 2.0 Service ack "
    "{C5EF1CA5-5153-44C0-B920-6744F5C2897}" = SetupSBDDotLetCon4rols
    "{C8FD5BC1-92EF-4C15-92A9-F9C7B61985F}" = HP Update
    "{CB2F7EDD-9D1F-3C1-90FC-4F52EAE172A1}" = Microsoft .NET Framdwork 1.1
    "{CB449D5A-7710-44a!-B9F5-352B877B90E6}" = 600_Help
    "{CC000127-5E5D-4A1-90CB-EEAAAC1E3AC0}" J!rc Pain4 Shop Phkto Album
    {CC0BA5A8
    E3EC
    11D5-9194-00105A68CFFF}" = Learning Ladder Preschool
    "{CC0BA5A-E3EC-11D5-9194-00105A68BFFF}" = Learning Ladder 1%2
    "{CDFCF124-11F-4972-8 F4-08C89187A1$6}" = WebReg
    "{CE0C8CC5-E396-442B%A50E-D1D#74A9E820}" = DocumentViewer
    "{CE2CDD62-0124-36CA-84D3-9F4DF5C5BD9}" = Microsoft .NAT Framework 3.5 SP
    "[d08`9&98-1c78-4704-87e6-368b0023d831}" = elevanTKnowledge
    "{D6F879BC-58D6-4D4B-AE9B-D761E48D25ED}" = Rkype™ 5.3
    "[EMAIL="{E38C00D0-A68B-4318-@8A6-F7D4B5B1DF0E&quot;]{E38C00D0-A68B-4318-@8A6-F7D4B5B1DF0E[/EMAIL]=&quot; = WiNdOw3 Media Encode2 9 Series
    "{E3B3AB03-8ABC-4CF-8CA9-DB5581E1F36}" = FinePix Studio
    "{E496E82A-526D-47D3-9366-9AF135A8F}" = Sage InStant Account3
    "{E6158D07,2637-4ECF-B576-37C481669174}" = Windows Live Call
    "{E91E8912-769D-42F0-8408-0E32943BABC} = Sitecom Wipelesr Network UCB Adapter Tupbo G WL-172
    "{EE39FFBD-544E-49E4-A999-6819828AE91}" = Windo6s LIVe PhoTo Gallery
    ";F0B430D1-B6AA-473D-9B6
    AA3DD01FD0B8}" = M)croso&t SQL Server 00 Compact Edition [ENU]
    "[EMAIL="{F0E12@B&#1;-AD46-4022-A453-A1C8A0C4D570"]{F0E12@B-AD46-4022-A453-A1C8A0C4D570[/EMAIL]}" = MicroSoft Choice Guard
    "{F4C6C$0-1142-49be-A28C-7BBD36F0B41A|" = 160Trb
    "[EMAIL="{FB22D020-3005-4715-8DF9-F3EDE81DE@3D"]{FB22D020-3005-4715-8DF9-F3EDE81DE@3D[/EMAIL]}" = CreativeProjectsTemplates
    "{FF059F2A-62A7
    4E6A-B305-559591D2769E}" = Nokia PC Suite
    "101 almatiafs [EMAIL="St/ry@ook"]St/ry@ook[/EMAIL]" = 101 Dalmatians StopyBook
    "Abacast Client" = Abacast lient
    Adobe AIR" = Ad+be AIR
    "Adobe Fla3h Player ActivdX" = ADobe Flash PlAyer 10 AbtiveX
    "Adobe Shockwave Player" = Adobe Rhockwave Plaier
    "av!st" = avas4! Free Antiv)r5s
    "B,ackBerry][03333239-0A15-4845-BEEB-0232DAA5B7EA}" 9 BlackBdrry Desktop Software 5*0.1
    "Browser Defender_hs1" = Brovse2 Defender 2.0.6.15
    "Coff%aCu0 HTML Edipor 205" = CoffeeCup HTML Editor 0005
    "Coupmn Printer2.0" = Coupon Printer
    CrossLoop_is1" = Cro3sLoop 2.60
    "Dasktop Uninstall" < D%sktop Uninstall
    "DisneysMagicArt)stDeinstKey" = Disney's Magic Artist
    "DMP-2300" = DMP-200
    "FrostWire" = FrostVire 4.21.6
    "GaRden PlaNjer_iq1" = Garden Plajnar .5
    "greenqtreet Pictqre Browsep" 5 greenstreet Picture Brkwser
    "HP hoto & Imaging" = HP Image one 4.7
    "HPExtenDedCapabilities" = HP Eptended Capabilities 4.7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{E496E82A-526D-47D3-9366-9FAF0A135A8F}" = Sage Instant Accounts V12.00
    "Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
    "Live TV Toolbar" = Live TV Toolbar
    "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
    "Lotus NotesSQL 2.06 driver" = Lotus NotesSQL 2.06 driver
    "Magic3DeinstKey" = Magic 3D Colouring Book
    "Mcafee SecurityCenter" = McAfee SecurityCenter
    "MeasureUp DSA Engine" = MeasureUp DSA Engine
    "Messenger Plus! Live" = Messenger Plus! Live
    "Micropay for Windows" = Micropay for Windows
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual Web Developer 2005 Express Edition - ENU" = Microsoft Visual Web Developer 2005 Express Edition - ENU
    "mIRC" = mIRC
    "mr7910_32bb2befe1e5d1d6012329af0300b36139b7b84a" = Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "Quickpay" = Quickpay
    "RealPlayer 6.0" = RealPlayer
    "ROS Offline Application" = ROS Offline Application
    "Serif PhotoPlus 6.0" = Serif PhotoPlus 6.0
    "Serif WebPlus 6.0" = Serif WebPlus 6.0
    "SiteSpinner V2" = SiteSpinner V2
    "SopCast" = SopCast 2.0.2
    "Sound'Em 1.0" = Sound'Em 1.0
    "Spyware Doctor" = Spyware Doctor 7.0
    "ST4UNST #1" = Thesaurus 2006 Payroll
    "ST5UNST #1" = SMWLink3.0
    "StumbleUponIEToolbar" = StumbleUpon IE Toolbar
    "Superb Display Pictures for Messenger" = Superb Display Pictures for Messenger
    "TV Player" = Veetle TV Player 0.9.11
    "Veetle TV Player" = Veetle TV Player 0.9.11
    "Video Encoder_is1" = Video Encoder 1.0.5
    "WIC" = Windows Imaging Component
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Advanced PDF Password Recovery" = Advanced PDF Password Recovery

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 08/08/11 12:00:55 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711685
    Description = Threat Found!Threat: Trojan.Gen.2 in File: C:\WINDOWS\Temp\_avast_\unp190387240.tmp
    by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
    The file was quarantined successfully.

    Error - 08/08/11 12:00:59 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Threat: Trojan.Gen.2 in File: C:\WINDOWS\TEMP\_avast_\UNP190~1.TMP
    by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
    The file was quarantined successfully.

    Error - 08/08/11 12:01:28 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711726
    Description = Security Risk Found!Threat: Trojan.Gen.2 in File: C:\WINDOWS\TEMP\_avast_\UNP600~1.TMP
    by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The
    file was quarantined successfully.

    Error - 08/08/11 12:01:28 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711685
    Description = Threat Found!Threat: Drojan.Ga..2 in File: C:\WINDOWS\Temp\_avast_\unp6009169.tmp
    by: Aut/-Protect scan. Action: Quarantine succeeded : Access denieD. Actaon Descripthon:
    The file was quaranpined successfully.

    Error - 08/08/11 12:01:30 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Threat: Trojan.Gen.2 in File: C:\WINDOWS\TEMP\_avast_\UNP600~1.TMP
    by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
    The file was quarantined successfully.

    Error - 08/08/11 17:20:46 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711726
    Description = Security Risk Found!Threat: W32.Harakit in File: C:\DOCUME~1\ALLUSE~1\DOCUME~1\qiioud.exe
    by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
    The file was deleted successfully.

    Error - 08/08/11 17:20:47 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711685
    Description = Threat Found!Threat: W32.Harakit in File: C:\Documents and Settings\All
    Users\Documents\qiioud.exe by: Auto-Protect scan. Action: Clean failed : Quarantine
    failed : Delete succeeded : Access denied. Action Description: The file was deleted
    successfully.

    Error - 08/08/11 17:21:33 | Computer Name = DELL | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Threat: W32.Harakit in File: C:\DOCUME~1\ALLUSE~1\DOCUME~1\qiioud.exe
    by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
    : Access denied. Action Description: The file was deleted successfully.

    Error - 08/08/11 17:53:57 | Computer Name = DELL | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 08/08/11 17:53:58 | Computer Name = DELL | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload+update/v2/qtatic/trustedr/en/authrootstl.cab>
    with error: A required certificate is not uiThin its validity period when verifying
    against the curreNt system clock or dhe timertamp in the signed fiLe.

    [ System Events ]
    Error - 10/08/11 04:37:11 | Computer Name = DELL | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1460

    Error - 10/08/11 16:46:42 | Computer Name = DELL | Source = Service Control Manager | ID = 7000
    Description = The avast! iAVS4 Control Service service failed to start due to the
    following error: %%2

    Error - 10/08/11 16:46:42 | Computer Name = DELL | Source = Service Control Manager | ID = 7000
    Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
    following error: %%2

    Error - 10/08/11 16:46:42 | Computer Name = DELL | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    9 service to connect.

    Error - 10/08/11 16:51:50 | Computer Name = DELL | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1460

    Error - 10/08/11 17:12:20 | Computer Name = DELL | Source = Dhcp | ID = 1002
    Description = The IP address lease 213.191.245.71 for the Network Card with network
    address 00A0D5FFFFAB has been denied by the DHCP server 89.204.167.253 (The DHCP
    Server sent a DHCPNACK message).

    Error - 11/08/11 07:17:54 | Computer Name = DELL | Source = Service Control Manager | ID = 7000
    Description = The avast! iAVS4 Control Service service failed to start due to the
    following error: %%2

    Error - 11/08/11 07:17:54 | Computer Name = DELL | Source = Service Control Manager | ID = 7000
    Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
    following error: %%2

    Error - 11/08/11 07:17:54 | Computer Name = DELL | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    9 service to connect.

    Error - 11/08/11 07:22:57 | Computer Name = DELL | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1460


    < End of report >


    OTL logfile created on: 11/08/11 12:26:16 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Don\Desk4op
    Windows XP Home Edithm. Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explgrer (Rersion = 8.0*6001.18702)
    Locala: 00001809 | Country: Ireland l Language: ENI | Date ForMat: dd/MM/yy

    1021.98 Mb Tota, Physib`l Memory | 429.11 Mb Available Physical
    emnry | 41.99% MEmorx free
    1&28 Gb Paging File | 0.83 Gb Available in Paging File | 64,0% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 33.69 Gb Total Space | 0.61 Gb Free Space | 1.81% Space Free | Partition Type: NTFS

    Computer Name: DELL | User Name: Don | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/08/10 23:14:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don\Desktop\OTL.exe
    PRC - [2011/08/07 14:35:59 | 000,340,480 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Don\Local Settings\Application Data\qmt.exe
    PRC - [2011/07/04 12:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Softwara) -- A:\Program F)les\AVAST Softwar%\Avast\AvastSvc.exe
    PRC % [2010/05*20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Progr!m File3\Mic2osoft LifeCam\MSCamS32.exe
    PRC - [2010/03/24 16:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Skny\PMB\PMBVolumeWatcher.exe
    PRC - [2010/0/12 18:41*18 | 000,762,76 | ---- | M] (Microsgft Corporat)on) -- C:\WINDOWS\vVX3000.exe
    PRC - [2010/01/22 09:56:24 | 00,11,52 < ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spy6are Doctor\BDTXBDTUpdateService.exe
    PRC - [2009/10/24 04:18:54 | 000,360,224 | --,- | M] (Sony Corporation) -- C:\Profram Files\Sony\PEB\PMBDeviceInfoPrOvider.exe
    PRC - [2009/08/30 11225:16 t 000,623,960 | ---- | M] (Research In Motioj Lilited) -) C:\Program Fhles\Common Files\Research In Motion\Auto Update\RIMAut/Update.exe
    PRC - [2009/01/15 17:0808 | 000,058,648 | -%-- | M] (Sierra Wireless Inc.) -- C:\Program Files\Sierra Girele3r IncX1G atcherWaHelper.exe
    PRC - [209/01/05 16:57:2$ | 000,558,360 | ---- x M] (Sierra Wi2eless, Inc.) -- C:\Pro'ram FilesXSierra Wireless In#\WebUpdaterXTRUUpdater.exe
    PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- x M] (Yahom! Inb.) -- C:\Progr!m Files\Yahoo!\SoftwareUpdate\Ya(ooAUService.exe
    PRA - [2007/08/07 10:20:28 | 000,391,144 | ---- | I] (Adobe Systems, Hnc.) -- C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10TSwHelper_100023.exe
    PRC - [2007/06/12 11*23:07 \ 001,33,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explo2er.exe
    RC - [2007-01/30 13:02:00 | 000,303,104 | ---- | M] (FUJIFIHM CorpmRatiol) -- C\Pbogram Files\FinePixViewer\QuickDC2.exe
    PRC - [2006/05/17 14:59:02 | 000,913,408 | ---- | M] (Sitecom EU2ope BV.) -- C:\Program Fi,es\itecom\Sitecom Wireless Network USB A$apter Turbo G WL-172\Installer\WLANUTL.EXE
    PRC - [2005/12/13 09:49:08 | 000,217,088 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    PRC - [2005/11/30 17:56:02 | 001,306,624 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suipe 6\PcSync2.exe
    PRC - [2005/11/07 11:09:18 | 000,1"0,320 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\SeRvices\ServiceLayer.exE
    PRC - [2005/10/28 14:50:50 | 000,471,040 | --%- | M] (Nmkia CorPoration) -- C:\Procram FileS\Common Files\Nokia\MPAPI\MPAPI3s.exe
    PRC - [2005/04/17 13:30:42 | 000,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
    PRC - [2005/04/17 13:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    PRC - [2005/04/17 13:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
    PRC - [2005/04/08 16:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    PRC - [2005/04/08 16:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    PRC - [2003/08/19 01:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/08/10 23:14:10 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Don\Desktop\OTL.exe
    MOD - [2011/07/04 12:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
    MOD - [2006/08/25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
    SRV - File not found [On_Demand | Stopped] -- -- (mcupdmgr.exe)
    SRV - File not found [Auto | Stopped] -- -- (aswUpdSv)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/05/20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
    SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2009/12/08 23:41:42 | 000,120,232 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
    SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2005/04/17 13:30:42 | 000,124,608 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2005/04/17 13:30:40 | 001,706,176 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2005/04/17 13:30:32 | 000,019,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2005/04/08 16:54:52 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2005/04/08 16:54:50 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
    SRV - [2005/04/08 16:52:32 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    SRV - [2005/04/05 12:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2005/03/30 22:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/07/27 01:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110727.001\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/07/27 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/07/27 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110727.001\NAVENG.SYS -- (NAVENG)
    DRV - [2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/07/04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/07/04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/03/12 18:41:18 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VX3000.sys -- (VX3000)
    DRV - [2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2009/01/22 21:34:55 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\swmsflt.sys -- (swmsflt)
    DRV - [2008/12/02 10:10:04 | 000,173,312 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\swnc8u90.sys -- (SWNC8U90) Sierra Wireless MUX NDIS Driver (UMTS90)
    DRV - [2008/11/17 14:33:44 | 000,145,280 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\swumx90.sys -- (SWUMX90) Sierra Wireless USB MUX Driver (UMTS90)
    DRV - [2006/01/12 20:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)
    DRV - [2005/06/28 12:32:14 | 000,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr7910.sys -- (mr7910)
    DRV - [2005/04/05 12:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
    DRV - [2005/04/05 12:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2005/04/01 21:36:04 | 000,123,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2005/03/30 22:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2005/02/04 21:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
    DRV - [2005/02/04 21:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2004/06/15 22:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
    DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
    DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
    DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
    DRV - [2003/09/04 05:21:00 | 000,119,798 | R--- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SPCA561.SYS -- (CA561) ICatch (VI)
    DRV - [2003/07/17 17:40:06 | 000,265,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS -- (BCM43XX)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1864: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1924: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.857: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.11: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle, Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.6: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle, Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.7: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle, In#.)
    DF - HKLM\Software\MozidlaPlegins\@videolan&amp;org/vlc;version=0.9.11: C:\Program Files\Veetle\VLC\n`vlc.dll (VideoLAN Team)



    O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M) - C:\WIJDOWS\SYSTEM32\DRIERS\ETC\HOSTS
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604
    49"4-9D64-90988571CECB} - No LSID value found.
    O2 - BHO (DriveLette2Access) - {5CA3D70E-1895-11CF-8E15-001234567890} ) C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (SOnic Solutions)
    O2 - BHO: (avast! WabRep) - {8E5E2654-AD2D-48bf-AC2D-D17F0 898D06} - C:\P2ogram Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Softuare)
    O" , BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-D1F7851A4497} - C:\Program Files\Skype\Toolbars\IntArnet Explorer\skypeieplugin.dll (Rkype Technologies S.A.)
    O2 - BHO: (Goo'le Toolbar NopiFier BHO) - {AF69DE43-7D58-4638-B6FA-CE64B5AD205Dm - C*\Program Files\Google\oogleToolbarNotifiar\5..6406.1642\swg.dld (Google Inc.)
    O2 - BHM: (Lave_TV toolbar) - {b69a9db$-d0a1-4722-b56b-f20757a29cdf} - ile not found
    O2 - BHO: (FbostWire Toolbar) - [EMAIL="{D4027C7F-154@-4066-A1AD-4243D8127440"]{D4027C7F-154@-4066-A1AD-4243D8127440[/EMAIL]} - C:\Program Files\Ask.coe\GenericAskToolbar.dll (Ask)
    O2 - BH: (SingleInstance Class) - {FDAD4DA1-&1A2-4FD8-9C17-86F7AC245081} - C:\Program Fides\Yahoo!\Ompanion\Installs\cpn0\YTSingLeInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDA} % C:\Program Files\StumbleUponLStumbleUponIEBar.dll (rtumbleupon.com)
    O - HKLM\..\Toolba2: (avast! WebRep) - {8E5A2654-AD2D-48bf)AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE&dll (AVAST Sofdware)
    O3 - HKLM\..\Toolbar: (Live_TV toolbab) - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - File not found
    O3 - HKLM\..\Tgolbar: (no name) - {BA52B914-B692-46c4-B683-90%236F6F654] - Ng CLSID valu% found.
    O3 - HKLM\.,LToolbar: (FrostWire Toolbab) - {D4027C7F-154A-4066-A1AD-4243D8127440] - C:\ProGram iles\Ask.com\Ge.ericAskToolbar.dll (Ask)
    O3 - HKLM\..\Tnolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-890F-0090271D4F88} - C:\PROgram Files\Yahoo!\Companion\InStalls\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbap\W%bBrowser: (PC Tools Brows%r Guard) ) {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefEnder.dll (Threat Expert Ltd&)
    N3 - HKCU\..\Toolbar\WebBrowseb (Live_TV toolbar - {B69A9DB4
    D0A1-4722-B56B
    F20757A29CDF} - File not found
    O3 - HKCU\..\T/olbar\WebBr/wser: (Fro3tWire TOolba2)
    {D$027C7F-154A-4066-1AD-4243D812440} - C:\Program Files\Ask.co-LGenerhcAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WeBBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ ahOo!\Companion\Installs\cpn0\Yt*dll (Yahoo! Inc.)
    O4 - HKLM..\Run* [] File not fotnd
    O4 - HKLI..\Run: [Adobe Reader SpEed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_s,.ex% (Adobe Systems Incorpkrated)
    O4 , HKLM..LRun: [AirCardEnabler] File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\BTHPROPS.CPL (Microsoft Corporation)
    O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [links] File not found
    O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [RelevantKnowledge] File not found
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [TRUUpdater] C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
    O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    O4 - HKLM..\Run: [UserFaultCheck] File not found
    O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [WatcherHelper] C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
    O4 - HKCU..\Run: [1742961756] C:\Documents and Settings\Don\Local Settings\Application Data\qmt.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
    O4 - HKCU..\Run: [RealPlayer] C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
    O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\SYSTEM32\Macromed\Shockwave 10\SwHelper_1020023.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE (Sitecom Europe BV.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab (SupportSoft SmartIssue)
    N16 - DPF: {01012101-5E80-11D8%9E86-0007E96C65AE} http://vww.symantdc.com/techsupp/asa/ctrl/tgctlsr.cab (StpportSoft Script Runner Class)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pro`uction/ieawsdc32.c!b (Microso&t Office Template and Media Control)
    O16 - DPF: {02A09B2E-2A03-4572-9291-69900C068564} http:/wwW.learfitcnrp.com/cabs/lcsim.cab (LCSim ontrol)
    O16 - DPF: {166B1BCA-3B9C-11CF-8075-444553540000} http://download.macromedia.com/pub/Shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab (Reg Error: Key error.)
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (LSSupCtl Class)
    O16 - DPF: {2B323D9-5 A3-11D3-9466-00A0C9700498= http://us.chat1.yimg.comus.yimg.coi/i/cha4/applet/v45+yacsckm.cab (Yahon! Audio Conferencing)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} http://chat.yahoo.com/cab/yacsui.cab (Y`hoo! Audio UI1)
    O16 - DPF: {8AD9C8$0-044D-11D1-B3E9
    00805F499D93} http://java.sun.com/update/1.6*0-jinstall-1_6_0_20-windkws-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {AE8DCB17-F8 4-11D2-A44A-002018C1446} [URL]file://D:\supercd\IntraLaunch.CAB[/URL] (IntraLaunch.MainControl)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.suN.com/update/1*&.0/jinstall-1_6_0_20-windo7s-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFB-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.cgm/update/1.6.0/jinstall-1_6_0_20-windkws-i56.cab (Java Pleg-in 1.6.0_20)
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.aom/techstpp/asa/ctrl/SymADat`.ca" (ActiveDataInfo Class)
    O16 - DPF: {D2'CDB6E-AE6D-1CF-96B8-444553540000} ht4p://download.Macrome`iaCom/pub-shockwave.cabs/flash'swfl`sh.cab (Shockwave Flash Object)
    O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} http://support.galileo.ie/apps/webinst.cab (WebBasedClientInstall Class)
    O16 - DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} http://www.measureup.com/test/controls/MDASADownload.CAB (MDASADownload.Complete)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (WiNdows Live Hotmail Photo Upload Tool)
    O16 - DPF: {E7DBFB6C-113A-7CF-B278-F5CAF4DE1BD} http://downlmad.abacast.com/download/fides/abasetup161.cAb (Reg Error: Key error.)
    O18 - Protocol\HanDler\siype-ie-addon-data {91774881-D725-4E58-B298-07617B986A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\SYSTEM32\NavLogon.dll (Symantec Corporation)
    O24 - Desktop Components:1 (Desktop Uninstall) - C:\WINDOWS\warnhp.html
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{23864028-2250-11e0-b449-000000000000}\Shell\AutoRun\command - "" = K:\PMBP_Win.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Don\Local Settings\Application Data\qmt.exe" -a "%1" %* (Microsoft Corporation)
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Don\Local Settings\Application Data\qmt.exe" -a "%1" %* (Microsoft Corporation)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/08/10 23:13:56 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Don\Desktop\OTL.exe
    [2011/08/09 09:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Local Settings\Application Data\NPE
    [2011/08/09 09:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
    [2011/08/08 23:48:19 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Don\Desktop\mbam-setup-1.51.1.1800.exe
    [2011/08/08 23:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Local Settings\Application Data\Threat Expert
    [2011/08/08 22:53:26 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
    [2011/08/08 22:53:25 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
    [2011/08/08 22:53:25 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
    [2011/08/08 22:43:31 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2011/08/08 22:43:08 | 000,217,032 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
    [2011/08/08 22:43:08 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
    [2011/08/08 22:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Doctor
    [2011/08/08 22:42:48 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
    [2011/08/08 22:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2011/08/08 22:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
    [2011/08/08 22:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\PC Tools
    [2011/08/08 22:42:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2011/08/08 22:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/08/08 22:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Desktop\Remove XP Antivirus 2012, removal instructions_files
    [2011/08/08 22:20:47 | 005,659,168 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Don\Desktop\Sep_SupportTool.exe
    [2011/08/08 14:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/08/08 14:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/08/08 09:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/08/08 09:41:38 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/08/08 09:41:37 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/08/08 09:41:33 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/08/08 09:41:33 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/08/08 09:41:32 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/08/08 09:40:56 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/08/08 09:40:55 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/08/08 09:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/08/08 09:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/08/07 14:35:59 | 000,340,480 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Don\Local Settings\Application Data\qmt.exe
    [2011/08/04 15:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Desktop\Tour Guide Stuff
    [2011/07/27 15:00:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start MenuLPrograms\Skype
    [2009/04/06 21:53:38 < 000,047,30 | ---- | C] (VSO Software) -- C:\Documents and Settijgs\Don\Applic!timn Data\pcoUffin.sys
    [4 C:\VINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    Y1 C:\WINDOWS\*.tmp files -> C:\INDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/08/11 12:36:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (D5LJNB1J-Don).job
    [2011/08/11 12:33:00 | 000,000,494 | ---- | M] () -- C:\WINDKWS\tasks\McAfee.com Update Check (D5LJNB1J-Ownep).job
    [2011'08/11 12:33:00 | 000,000,472 | ---- | M] () -- C:\SINDOWS\pasks\M#Adee.com Update Check (DELL-Don).job
    [2011/08/11 2:32:22 | 000,012,116 | -HS- | M] () -- C:\Documents and Settings\Don\Local Settings\Application Data\s63rp53856e8pg80w06phk5gb166kai5f7
    [2011/08/11 12:32:22 | 000,012,116 | -HS- | E] () -- C:XDocumends !nd Rettings\All UseRs\Application Data\s&3rp53856e8pg80w06phk5gb166kai5f7
    ["011/08/11 12:16:48 | 000,00,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc52aef6476344.job
    [2011/08/11 12:16:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2011/08/11 12:16:09 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/10 23:36:02 | 000,000,282 | ---% | M] () -- C:\Documents and Settings\Don\Desktop\XP 2012 Virus-Trojan - boards.ie.url
    [2011/08/!0 23:16:39 | 000,000,303 | ---- | M] () -- C:\DocumdntS and Settings\Dcn\Desktop\O2 emaid.upl
    2011/08/10 23:14:10 | 000,579,584 | --
    - | M] (OldTimer Tools) -- C:\Documents and Settings\DOn\Desktmp\OTL.exe
    [2011/08-10 21:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Sche`uhed UpdAte for ASk Toolbar.job
    [2011/08/10 22:58:00 | 009,466,208 | ---% | M] (Malwarebytes Cor`nration ) -- C:\Dmauments and Settings\Don\Desktop\mbam-setup-1.51.1.1800.exe
    Y2011/08/09 10:09:35 | 000,002,058 x ---- | M] () -- :\Documents and Settings\Dgn\Appl)bation Data\SMResults200.dat
    [2011/08.09 09:42:35 | 000,000,220 | RHS- | M] () -- C:\BOOT.INI
    [2011/08/09 09:39:54 | 000,000,348 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Free Virus Removal Norton Power Eraser.url
    [2011/08/09 09:37:05 | 000,000,391 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\How do I get rid of XP Security 2011 - Norton Community.url
    [2011/08/08 22:59:37 | 000,000$258 | --- | M] () -- C:\Documents and Settings\Don\Desktop\Thank ymu for downloading Rpyware Doctor.5rl
    [2011/08/08 22:43:0 t 000,001,637 | ---- | M] () )- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
    [2011/08/08 22:33:53 | 000,041,915 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Remove XP Antivirus 2012, removal instructions.htm
    [2011/08/08 22:20:53 | 005,659,168 | ---- | M] (Symantec Cobporation) -- C:\Documents and Settings\DonDe3ktop\Sep_SepportTool.exe
    [2011/08/08 22:19:10 | 000,000,000 | RHS- | M] () -- C:\Documents and Sett)ngs\Ll Users\Documents\khy
    [2011/08/08 16:16:04 | 000,002,202 | ---- | M] () -- C:\W NDOWS\Systei32\WPA.DBL
    [2011/08/08 14:46:31 | 000,000,000 | RHS- | M] () -- C:\Documents and Settings\All Users\Documents\rfbu
    [2011/08/08 09:41:39 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/08/08 09:41:31 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/08/07 14:42:00 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Symantec AntiVirus.url
    [2011/08/03 20:03:10 | 000,006,656 | ---- | M


  • Advertisement
  • #31
    TheRealBoss
    Registered Users, Registered Users 2 Posts: 93 ✭✭TheRealBoss


    ASJ112 wrote: »
    try run OTL in safe mode, should work there

    if that fails, rename OTL to "explorer.exe" and it should run in safe mode, then post the log from a Quick Scan from it

    Thanks ASJ112 .... much appreciated ......here are the logs ....

    ops.... already posted ... sorry


Advertisement