TechSpot

Firefox playing random audio adverts in the background

Solved
By prydemusic
Nov 23, 2010
  1. For a while now I have been suffering from firefox playing random adverts in the background I thought nothing of them until they started getting annoyingly longer I fear it may have something to do with the plugincontainer.exe. your help would be much appreachied in helping me fix this.
    I am currently running spybot, Zonealarm and avast on my computer and have done numerous scans in different senarios to try and find the answer but have had no results
     
  2. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    Welcome aboard :)

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    All required logs have to be PASTED.

    If some log exceeds 50,000 characters, split it between couple of posts.
    The above rule will be strictly enforced.
    Attached logs will NOT be reviewed
     
  3. prydemusic

    prydemusic TS Rookie Topic Starter

    MBAM logs

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5179

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    24/11/2010 07:08:22
    mbam-log-2010-11-24 (07-08-22).txt

    Scan type: Quick scan
    Objects scanned: 150815
    Time elapsed: 7 minute(s), 45 second(s)

    Memory Processes Infected: 2
    Memory Modules Infected: 1
    Registry Keys Infected: 12
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 6
    Files Infected: 7

    Memory Processes Infected:
    C:\ProgramData\QueryExplorer\queryexplorer119.exe (Adware.QueryExplorer) -> Unloaded process successfully.
    C:\Program Files (x86)\QueryExplorer\queryexplorer.exe (Adware.QueryExplorer) -> Unloaded process successfully.

    Memory Modules Infected:
    C:\Program Files (x86)\QueryExplorer\queryexplorer.dll (Adware.Agent.Gen) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\shopperreports.reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\shopperreports.reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QueryExplorer Service (Adware.QueryExplorer) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\srs_it_e8790570b5765d5230af96 (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\ProgramData\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464} (Adware.QueryExplorer) -> Delete on reboot.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome (Adware.QueryExplorer) -> Delete on reboot.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\defaults (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\defaults\preferences (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\QueryExplorer (Adware.QueryExplorer) -> Delete on reboot.

    Files Infected:
    C:\Program Files (x86)\QueryExplorer\queryexplorer.dll (Adware.Agent.Gen) -> Delete on reboot.
    C:\ProgramData\QueryExplorer\queryexplorer119.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\QueryExplorer\queryexplorer.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome.manifest (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\install.rdf (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\chrome\queryexplorer.jar (Adware.QueryExplorer) -> Delete on reboot.
    C:\Program Files (x86)\Mozilla Firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}\defaults\preferences\prefs.js (Adware.QueryExplorer) -> Quarantined and deleted successfully.
     
  4. prydemusic

    prydemusic TS Rookie Topic Starter

    GMER log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-24 08:02:18
    Windows 6.1.7600
    Running: rix2mb04.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0x36 0x0C 0x6D ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0xE1 0x0C 0x9E ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC1 0xE7 0x26 0xF5 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x85 0x9A 0xD5 0xBA ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x62 0x6A 0xE4 0xFD ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0x36 0x0C 0x6D ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0xE1 0x0C 0x9E ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC1 0xE7 0x26 0xF5 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x85 0x9A 0xD5 0xBA ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x62 0x6A 0xE4 0xFD ...

    ---- EOF - GMER 1.0.15 ----
     
  5. prydemusic

    prydemusic TS Rookie Topic Starter

    DDS

    DDS (Ver_10-11-10.01) - NTFS_AMD64
    Run by Joe at 8:04:19.37 on 24/11/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.4091.2107 [GMT 0:00]

    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\AESTSr64.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\3\3Connect\BecHelperService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe
    C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\SysWOW64\rpcnet.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Windows\OEM13Mon.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\Logitech\SetPointG\SetPointII.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Joe\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: AnchorFree Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB: AnchorFree Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [SpeedConnectStartUp] C:\Program Files (x86)\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe -run
    uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
    mRun: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
    mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    StartupFolder: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk.disabled
    StartupFolder: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk.disabled
    StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
    StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk.disabled
    StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk.disabled
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Edit with Altova X&MLSpy - C:\Program Files (x86)\Altova\XMLSpy2011\spy.htm
    IE: {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2011\spy.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    LSP: tms.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    TCP: {29B603D5-4F4C-4335-A44E-FEA16739F6B3} = 8.8.8.8,8.8.4.4
    TCP: 244584F6D656845726D213234433 = 8.8.8.8,8.8.4.4
    TCP: {3BBC5CEE-EC6B-4572-8CC2-7F068C79F530} = 10.25.24.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO-X64: ZoneAlarm Security Engine Registrar - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
    TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    mRun-x64: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
    mRun-x64: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
    FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
    FF - plugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

    ---- FIREFOX POLICIES ----
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 DLACDBHE;DLACDBHE;C:\Windows\System32\drivers\DLACDBHE.SYS [2010-5-25 17776]
    R0 DRVECDB;DRVECDB;C:\Windows\System32\drivers\DRVECDB.SYS [2010-5-25 124112]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-25 55856]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-10-23 121936]
    R1 DLARTL_E;DLARTL_E;C:\Windows\System32\drivers\DLARTL_E.SYS [2010-5-25 41072]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\AESTSr64.exe [2010-5-18 89600]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-10-23 20048]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-10-23 61008]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-23 40384]
    R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3\3Connect\BecHelperService.exe [2010-9-2 1737464]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 DLABMFSE;DLABMFSE;C:\Windows\System32\drivers\DLABMFSE.SYS [2010-5-25 46448]
    R2 DLABOIOE;DLABOIOE;C:\Windows\System32\drivers\DLABOIOE.SYS [2010-5-25 42352]
    R2 DLADResE;DLADResE;C:\Windows\System32\drivers\DLADResE.SYS [2010-5-25 9968]
    R2 DLAIFS_E;DLAIFS_E;C:\Windows\System32\drivers\DLAIFS_E.SYS [2010-5-25 146672]
    R2 DLAOPIOE;DLAOPIOE;C:\Windows\System32\drivers\DLAOPIOE.SYS [2010-5-25 35056]
    R2 DLAPoolE;DLAPoolE;C:\Windows\System32\drivers\DLAPoolE.SYS [2010-5-25 19824]
    R2 DLAUDF_E;DLAUDF_E;C:\Windows\System32\drivers\DLAUDF_E.SYS [2010-5-25 144112]
    R2 DLAUDFAE;DLAUDFAE;C:\Windows\System32\drivers\DLAUDFAE.SYS [2010-5-25 135152]
    R2 DRVEDDM;DRVEDDM;C:\Windows\System32\drivers\DRVEDDM.SYS [2010-5-25 63984]
    R2 GJService;Game Jackal Server;C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe [2010-11-14 3043264]
    R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2010-9-2 33528]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2010-9-2 823288]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-16 1153368]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
    R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-23 40384]
    R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-23 40384]
    R3 MaplomL;MaplomL;C:\Windows\System32\drivers\maploml.sys [2010-11-14 58816]
    R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;C:\Windows\System32\drivers\OEM13Vfx.sys [2007-3-5 12288]
    R3 OEM13Vid;Creative Camera OEM013 Driver;C:\Windows\System32\drivers\OEM13Vid.sys [2008-5-28 267296]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-5 291328]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate1caf8242e21407d;Google Update Service (gupdate1caf8242e21407d);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-20 133104]
    S2 KMService;KMService;C:\Windows\system32\srvany.exe --> C:\Windows\system32\srvany.exe [?]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-6-12 1038088]
    S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2010-2-26 25088]
    S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2010-2-26 12288]
    S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2010-2-26 173056]
    S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2010-2-26 19456]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-18 1255736]

    =============== Created Last 30 ================

    2010-11-24 06:37:19 -------- d-----w- C:\Users\Joe\AppData\Roaming\Malwarebytes
    2010-11-24 06:36:13 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-11-24 06:36:12 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-11-24 06:36:10 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-24 06:36:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-11-15 06:17:14 -------- d-----w- C:\PROGRA~3\Odeon
    2010-11-15 06:17:14 -------- d-----w- C:\Odeon10CombinedDemo
    2010-11-15 06:17:08 -------- d-----w- C:\Program Files (x86)\Odeon10CombinedDemo
    2010-11-14 02:49:14 -------- d-----w- C:\Users\Joe\AppData\Local\Activision
    2010-11-14 02:45:58 540688 ----a-w- C:\Windows\System32\d3dx10_38.dll
    2010-11-14 02:32:18 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
    2010-11-14 02:26:42 -------- d-----w- C:\Logs
    2010-11-14 02:26:37 58816 ----a-w- C:\Windows\System32\drivers\maploml.sys
    2010-11-14 02:26:37 34240 ----a-w- C:\Windows\System32\drivers\maplom.sys
    2010-11-14 02:26:35 -------- d-----w- C:\Program Files (x86)\SlySoft
    2010-11-13 23:57:10 -------- d-----w- C:\Program Files (x86)\PowerISO
    2010-11-04 13:32:11 -------- d-----w- C:\Perl64
    2010-11-04 13:25:46 -------- d-----w- C:\wepcrack
    2010-11-03 13:22:03 -------- d-----w- C:\aircrack-ng-1.1-win
    2010-10-28 03:12:49 -------- d-----w- C:\Program Files (x86)\Common Files\Altova
    2010-10-28 03:12:49 -------- d-----w- C:\Program Files (x86)\Altova
    2010-10-28 03:12:23 -------- d-----w- C:\PROGRA~3\Altova
    2010-10-28 02:32:42 -------- d-----w- C:\Windows\Downloaded Installations
    2010-10-25 23:48:17 -------- d-----w- C:\Users\Joe\AppData\Local\FalloutNV
    2010-10-25 22:32:20 -------- d-----w- C:\Windows\IswTmp

    ==================== Find3M ====================

    2010-11-24 07:25:53 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
    2010-11-24 07:25:51 57752 ----a-w- C:\Windows\SysWow64\rpcnet.dll
    2010-10-24 01:05:16 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
    2010-10-14 01:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
    2010-10-14 01:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
    2010-10-06 16:15:00 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2010-10-06 16:15:00 218496 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2010-09-27 18:52:35 730480 ----a-w- C:\Windows\SysWow64\Setup.exe
    2010-09-27 18:52:09 726384 ----a-w- C:\Windows\SysWow64\AutoRun.exe
    2010-09-24 20:02:42 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
    2010-09-24 20:01:59 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
    2010-09-22 19:19:02 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys
    2010-09-22 19:19:02 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys
    2010-09-20 15:14:54 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
    2010-09-15 16:18:53 2601752 ----a-w- C:\Windows\SysWow64\pbsvc_moh.exe
    2010-09-10 02:57:14 282624 ----a-w- C:\Windows\SysWow64\tms.dll
    2010-09-08 10:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-09-08 10:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-07 15:12:17 38848 ----a-w- C:\Windows\avastSS.scr
    2010-09-07 14:47:33 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2010-09-06 14:05:54 610304 ----a-r- C:\Windows\SysWow64\XmlSpyLib.dll
    2010-09-02 17:25:05 71259 ----a-w- C:\Windows\Huawei ModemsUninstall.exe
    2010-09-02 08:20:54 1238528 ----a-w- C:\Windows\SysWow64\zpeng25.dll
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

    ============= FINISH: 8:05:19.95 ===============
     
  6. prydemusic

    prydemusic TS Rookie Topic Starter

    DDS attach

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 25/05/2010 13:54:36
    System Uptime: 24/11/2010 07:25:18 (1 hours ago)

    Motherboard: Dell Inc. | | 0P369J
    Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | U2E1 | 2401/266mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 298 GiB total, 39.965 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    I: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&58CFC51&0&01
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&58CFC51&0&01
    Service: vwifimp

    Class GUID:
    Description: Mass Storage Controller
    Device ID: PCI\VEN_1217&DEV_8130&SUBSYS_02C01028&REV_01\4&1B364FDD&0&02E4
    Manufacturer:
    Name: Mass Storage Controller
    PNP Device ID: PCI\VEN_1217&DEV_8130&SUBSYS_02C01028&REV_01\4&1B364FDD&0&02E4
    Service:

    ==== System Restore Points ===================

    RP114: 14/11/2010 02:32:31 - Device Driver Package Install: Elaborate Bytes AG Storage controllers
    RP115: 14/11/2010 02:43:58 - Installed DirectX
    RP116: 17/11/2010 03:00:13 - Windows Update

    ==== Installed Programs ======================

    3Connect
    7-Zip 4.65
    Acrobat.com
    Activision(R)
    Adobe Acrobat 9.2.0 - CPSID_50026
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Asset Services CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Recommended Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Extra Settings CS4
    Adobe Color Video Profiles AE CS4
    Adobe Color Video Profiles CS CS4
    Adobe Contribute CS4
    Adobe Creative Suite 4 Master Collection
    Adobe CS4 American English Speech Analysis Models
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Download Manager
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe Encore CS4
    Adobe Encore CS4 Codecs
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Dolby
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe OnLocation CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Premiere Pro CS4
    Adobe Premiere Pro CS4 Functional Content
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Reader 9.4.0
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe SING CS4
    Adobe Soundbooth CS4
    Adobe Soundbooth CS4 Codecs
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Akamai NetSession Interface
    Altova MissionKit® 2011 for Enterprise XML Developers
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    avast! Free Antivirus
    Battlefield: Bad Company™ 2
    BingoLinerUK
    Blur(TM)
    BufferChm
    Call of Duty: Black Ops
    Capture NX 2
    Connect
    Copy
    Dell Driver Download Manager
    Dell Resource CD
    Destinations
    DeviceDiscovery
    DivX Codec
    DivX Setup
    DJ_AIO_03_F2200_Software_Min
    DJ_SF_06_D1600_SW_Min
    EAX Unified
    eReg
    F2200
    Fallout: New Vegas
    File Uploader
    FileZilla Client 3.3.5
    Garmin City Navigator Europe v8
    GIMP 2.6.8
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    GPBaseService2
    GUNDAM MOD 3.0
    Homeworld2
    Hotspot Shield 1.52
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    Huawei modem
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 21
    Juiced2_HIN
    Junk Mail filter update
    King Arthur
    kuler
    Macromedia FreeHand MXa
    Mafia
    Mafia II
    Mafia II DLC Jimmy's Vendetta
    Mafia II Update 1
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Click-to-Run 2010
    Microsoft Office Home and Business 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server System CLR Types
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual Studio 2010 Shell (Isolated) - ENU
    mIRC
    Mozilla Firefox (3.6.12)
    MSVC80_x86_v2
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Napoleon: Total War
    Nikon Message Center
    Nikon Transfer
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Nokia Software Updater
    Notepad++
    NVIDIA PhysX
    Odeon 10 CombinedDemo (remove only)
    openlp.org 1.2.4
    OpenOffice.org 3.2
    Orca
    PC Alarm Clock
    PC Connectivity Solution
    PDF Settings CS4
    Photoshop Camera Raw
    Pixel Bender Toolkit
    PowerDVD DX
    PowerISO
    PunkBuster Services
    QuickTime
    R.U.S.E. Demo
    RarZilla Free Unrar
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Sid Meier's Civilization V
    Sid Meier's Civilization V SDK
    Skype Toolbars
    Skype™ 4.2
    SkyPlayer for Windows Media Center
    SmartWebPrinting
    Sniper Ghost Warrior
    Sol Survivor
    SolutionCenter
    Sonic CinePlayer Decoder Pack
    SpeedConnect Internet Accelerator v.7.5
    Spotify
    Spybot - Search & Destroy
    Status
    Steam
    Suite Shared Configuration CS4
    The Movies(TM)
    The Movies(TM) Stunts & Effects
    Toolbox
    TrayApp
    Trillian
    TuneUp Companion 1.8.1
    UnloadSupport
    VC80CRTRedist - 8.0.50727.4053
    VirtualCloneDrive
    VLC media player 1.1.4
    Vuze
    WebReg
    Windows Live Essentials
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Xvid 1.2.1 final uninstall
    ZionWorx
    ZoneAlarm

    ==== Event Viewer Messages From Past Week ========

    24/11/2010 08:04:25, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    24/11/2010 07:26:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SCDEmu
    24/11/2010 07:25:28, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\SCDEmu.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    24/11/2010 07:08:18, Error: Service Control Manager [7034] - The QueryExplorer Service service terminated unexpectedly. It has done this 1 time(s).
    21/11/2010 01:34:54, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 0, function 0. Please contact your system vendor for technical assistance.
    20/11/2010 16:38:51, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000008, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c9b0d6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112010-22479-01.

    ==== End Of File ===========================
     
  7. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.
     
  8. prydemusic

    prydemusic TS Rookie Topic Starter

    mbr check

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Vostro 1720
    Logical Drives Mask: 0x0001017c

    Kernel Drivers (total 230):
    0x02C67000 \SystemRoot\system32\ntoskrnl.exe
    0x02C1E000 \SystemRoot\system32\hal.dll
    0x00BBB000 \SystemRoot\system32\kdcom.dll
    0x00C86000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CCA000 \SystemRoot\system32\PSHED.dll
    0x00CDE000 \SystemRoot\system32\CLFS.SYS
    0x00D3C000 \SystemRoot\system32\CI.dll
    0x00E8F000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F33000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x010D4000 \SystemRoot\System32\Drivers\spll.sys
    0x01000000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x01009000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x01038000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x0108F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x01099000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F42000 \SystemRoot\system32\DRIVERS\pci.sys
    0x010A6000 \SystemRoot\System32\drivers\partmgr.sys
    0x010BB000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x010C4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00F75000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F8A000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FE6000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00E09000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00E33000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x00E3E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00E4E000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00E59000 \SystemRoot\system32\drivers\fileinfo.sys
    0x010D0000 \SystemRoot\System32\Drivers\DLACDBHE.SYS
    0x00E6D000 \SystemRoot\System32\Drivers\DRVECDB.SYS
    0x00C4C000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x01238000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x014C5000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01523000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0153D000 \SystemRoot\System32\Drivers\cng.sys
    0x015B0000 \SystemRoot\System32\drivers\pcw.sys
    0x015C1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01630000 \SystemRoot\system32\drivers\ndis.sys
    0x01722000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01782000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01803000 \SystemRoot\System32\drivers\tcpip.sys
    0x017AD000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01600000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01610000 \SystemRoot\System32\Drivers\spldr.sys
    0x0144C000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01618000 \SystemRoot\System32\Drivers\mup.sys
    0x017F7000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01486000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x015CB000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x00C59000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02CE8000 \SystemRoot\System32\Drivers\Null.SYS
    0x02CF1000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02CF8000 \SystemRoot\System32\Drivers\DLARTL_E.SYS
    0x02D01000 \SystemRoot\System32\drivers\vga.sys
    0x02D0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02D34000 \SystemRoot\System32\drivers\watchdog.sys
    0x02D44000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02D4D000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02D56000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02D5F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02D6A000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02D7B000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02D99000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02DA6000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x02C00000 \SystemRoot\system32\drivers\afd.sys
    0x02C8A000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x02C94000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03ADB000 \SystemRoot\system32\DRIVERS\vsdatant.sys
    0x03B70000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x03B7B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03B84000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03BAA000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x03BC0000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03BCF000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03BEA000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03A51000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03A5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03A68000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
    0x03A73000 \SystemRoot\System32\drivers\discache.sys
    0x03C3A000 \SystemRoot\system32\drivers\csc.sys
    0x03CBD000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03CDB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03CEC000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x03D0F000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x04844000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x0533A000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x03EEB000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03E00000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x03E46000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x03E53000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03EA9000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03EBA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x0533C000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x04063000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
    0x0430B000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x04318000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x04356000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x04376000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x0437B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x04399000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x043A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x043B7000 \SystemRoot\System32\Drivers\MaplomL.SYS
    0x043C9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x043D6000 \SystemRoot\System32\Drivers\Maplom.SYS
    0x04000000 \SystemRoot\System32\Drivers\aclrir2z.SYS
    0x04045000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x043E2000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x03FDF000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x05387000 \SystemRoot\system32\DRIVERS\HssDrv.sys
    0x053A0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x043F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x053C4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04800000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0481B000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03D35000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x03EDE000 \SystemRoot\system32\DRIVERS\taphss.sys
    0x03FF5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x03D4F000 \SystemRoot\system32\DRIVERS\VClone.sys
    0x043FE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x03D5E000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03DA1000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x05812000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0586C000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05881000 \SystemRoot\system32\DRIVERS\stwrt64.sys
    0x058FC000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x05939000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x0595B000 \SystemRoot\system32\drivers\ksthunk.sys
    0x000D0000 \SystemRoot\System32\win32k.sys
    0x05961000 \SystemRoot\System32\drivers\Dxapi.sys
    0x0596D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x0598A000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x0598C000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0599A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x059A6000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x059B1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x03DB3000 \SystemRoot\system32\DRIVERS\OEM13Vid.sys
    0x059C4000 \SystemRoot\system32\DRIVERS\OEM13Vfx.sys
    0x059CD000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x059DB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x059F4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x03C00000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0x05800000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x03C14000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0x03C28000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x005F0000 \SystemRoot\System32\TSDDD.dll
    0x00740000 \SystemRoot\System32\ATMFD.DLL
    0x009B0000 \SystemRoot\System32\cdd.dll
    0x03A90000 \SystemRoot\system32\drivers\luafv.sys
    0x02DB6000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x053F3000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x03AB3000 \SystemRoot\System32\Drivers\DRVEDDM.SYS
    0x0580D000 \SystemRoot\System32\Drivers\DLADResE.SYS
    0x013DB000 \SystemRoot\System32\Drivers\DLAIFS_E.SYS
    0x0405B000 \SystemRoot\System32\Drivers\DLAOPIOE.SYS
    0x0580E000 \SystemRoot\System32\Drivers\DLAPoolE.SYS
    0x03DF5000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
    0x046A0000 \SystemRoot\system32\drivers\WudfPf.sys
    0x046C1000 \SystemRoot\System32\Drivers\DLABMFSE.SYS
    0x046CB000 \SystemRoot\System32\Drivers\DLABOIOE.SYS
    0x046D4000 \SystemRoot\System32\Drivers\DLAUDFAE.SYS
    0x046F4000 \SystemRoot\System32\Drivers\DLAUDF_E.SYS
    0x04716000 \SystemRoot\system32\DRIVERS\RMCAST.sys
    0x04750000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x04765000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x047B8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x047CB000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x047E3000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    0x06E56000 \SystemRoot\system32\drivers\HTTP.sys
    0x06F1E000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x06F3C000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x06F54000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x06F81000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x06FCF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06E00000 \SystemRoot\System32\Drivers\adfs.SYS
    0x0862D000 \SystemRoot\system32\drivers\peauth.sys
    0x086D3000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x086DE000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
    0x08795000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    0x08600000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x087E2000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x04600000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x087F4000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    0x092CD000 \SystemRoot\System32\DRIVERS\srv.sys
    0x09363000 \SystemRoot\system32\drivers\spsys.sys
    0x093D4000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x093E2000 \SystemRoot\system32\drivers\MSPQM.sys
    0x77480000 \Windows\System32\ntdll.dll
    0x47A60000 \Windows\System32\smss.exe
    0xFF7A0000 \Windows\System32\apisetschema.dll
    0xFF9B0000 \Windows\System32\autochk.exe
    0xFF6B0000 \Windows\System32\advapi32.dll
    0xFF6A0000 \Windows\System32\lpk.dll
    0x77380000 \Windows\System32\user32.dll
    0xFF620000 \Windows\System32\difxapi.dll
    0xFF4F0000 \Windows\System32\wininet.dll
    0xFF370000 \Windows\System32\urlmon.dll
    0xFE5E0000 \Windows\System32\shell32.dll
    0xFE4B0000 \Windows\System32\rpcrt4.dll
    0xFE2A0000 \Windows\System32\ole32.dll
    0xFE280000 \Windows\System32\imagehlp.dll
    0xFE1E0000 \Windows\System32\clbcatq.dll
    0xFDF80000 \Windows\System32\iertutil.dll
    0xFDEE0000 \Windows\System32\msvcrt.dll
    0x77260000 \Windows\System32\kernel32.dll
    0xFDE60000 \Windows\System32\shlwapi.dll
    0xFDE10000 \Windows\System32\ws2_32.dll
    0x77650000 \Windows\System32\psapi.dll
    0xFDD40000 \Windows\System32\usp10.dll
    0xFDD20000 \Windows\System32\sechost.dll
    0xFDC40000 \Windows\System32\oleaut32.dll
    0xFDBA0000 \Windows\System32\comdlg32.dll
    0xFDB30000 \Windows\System32\gdi32.dll
    0xFDB20000 \Windows\System32\nsi.dll
    0x77640000 \Windows\System32\normaliz.dll
    0xFDAF0000 \Windows\System32\imm32.dll
    0xFDAA0000 \Windows\System32\Wldap32.dll
    0xFD8C0000 \Windows\System32\setupapi.dll
    0xFD7B0000 \Windows\System32\msctf.dll
    0xFD770000 \Windows\System32\cfgmgr32.dll
    0xFD600000 \Windows\System32\crypt32.dll
    0xFD590000 \Windows\System32\KernelBase.dll
    0xFD550000 \Windows\System32\wintrust.dll
    0xFD530000 \Windows\System32\devobj.dll
    0xFD490000 \Windows\System32\comctl32.dll
    0xFD480000 \Windows\System32\msasn1.dll
    0x76960000 \Windows\SysWOW64\normaliz.dll

    Processes (total 83):
    0 System Idle Process
    4 System
    292 C:\Windows\System32\smss.exe
    456 csrss.exe
    516 C:\Windows\System32\wininit.exe
    528 csrss.exe
    564 C:\Windows\System32\services.exe
    580 C:\Windows\System32\lsass.exe
    588 C:\Windows\System32\lsm.exe
    712 C:\Windows\System32\svchost.exe
    856 C:\Windows\System32\nvvsvc.exe
    936 C:\Windows\System32\svchost.exe
    996 C:\Windows\System32\svchost.exe
    108 C:\Windows\System32\svchost.exe
    468 C:\Windows\System32\svchost.exe
    336 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\stacsv64.exe
    1140 C:\Windows\System32\svchost.exe
    1248 C:\Windows\System32\svchost.exe
    1344 C:\Windows\System32\winlogon.exe
    1500 C:\Windows\System32\nvvsvc.exe
    1732 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1760 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    1240 C:\Windows\System32\spoolsv.exe
    1208 C:\Windows\System32\svchost.exe
    1572 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\AESTSr64.exe
    1664 C:\Windows\SysWOW64\svchost.exe
    2132 C:\Program Files (x86)\3\3Connect\BecHelperService.exe
    2188 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2244 C:\Windows\System32\svchost.exe
    2272 C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe
    2324 C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
    2348 C:\Windows\SysWOW64\svchost.exe
    2384 C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
    2424 C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    2616 C:\Windows\SysWOW64\PnkBstrA.exe
    2640 C:\Windows\SysWOW64\rpcnet.exe
    2976 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    3000 C:\Windows\System32\svchost.exe
    3048 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2532 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    3196 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    3548 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3588 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    3712 C:\Windows\System32\SearchIndexer.exe
    3996 C:\Windows\System32\svchost.exe
    3636 C:\Windows\System32\sppsvc.exe
    2392 C:\Windows\System32\taskhost.exe
    4244 C:\Windows\System32\dwm.exe
    4272 C:\Windows\explorer.exe
    4520 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    4540 C:\Windows\System32\rundll32.exe
    4556 C:\Program Files\Logitech\SetPointP\SetPoint.exe
    4572 C:\Program Files\IDT\WDM\sttray64.exe
    4608 C:\Program Files (x86)\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
    4628 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
    4636 C:\Program Files (x86)\Steam\Steam.exe
    4832 C:\Windows\OEM13Mon.exe
    4852 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    4876 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    4920 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    4948 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    4992 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    4224 C:\Program Files\Logitech\SetPointG\SetPointII.exe
    1996 C:\Windows\System32\svchost.exe
    4076 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5840 dllhost.exe
    5388 C:\Windows\System32\svchost.exe
    5572 C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
    6028 C:\Windows\SysWOW64\ctfmon.exe
    1316 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    5268 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    5992 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    3268 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    4516 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    7912 C:\Windows\System32\audiodg.exe
    1908 WmiPrvSE.exe
    5172 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2100 C:\Program Files\iPod\bin\iPodService.exe
    7580 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    7436 MpCmdRun.exe
    1668 C:\Users\Joe\Downloads\MBRCheck.exe
    6092 C:\Windows\System32\conhost.exe
    6392 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\Q: --> error 5

    PhysicalDrive0 Model Number: FUJITSUMHZ2320BJFFSG2, Rev: 0085001C

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  9. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    Go on...........
     
  10. prydemusic

    prydemusic TS Rookie Topic Starter

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/26/2010 at 06:01 PM

    Application Version : 4.46.1000

    Core Rules Database Version : 5916
    Trace Rules Database Version: 3728

    Scan type : Complete Scan
    Total Scan Time : 00:51:31

    Memory items scanned : 350
    Memory threats detected : 0
    Registry items scanned : 14798
    Registry threats detected : 0
    File items scanned : 57198
    File threats detected : 504

    Adware.Tracking Cookie
    [omitted - Broni]

    Trojan.Agent/Gen-FraudLoad
    C:\USERS\JOE\DESKTOP\LEFT 4 DEAD 2\LEFT4DEAD2\SOUND\GLOBE CONVERTER.EXE
     
  11. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
     
  12. prydemusic

    prydemusic TS Rookie Topic Starter

    OTL

    OTL logfile created on: 26/11/2010 22:45:29 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Joe\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.99 Gb Total Space | 41.86 Gb Free Space | 14.05% Space Free | Partition Type: NTFS

    Computer Name: JOES-PC | User Name: Joe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/26 22:43:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
    PRC - [2010/11/23 16:36:36 | 000,740,144 | ---- | M] (Pinball Corporation.) -- C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\ClickPotatoLiteSA.exe
    PRC - [2010/11/17 04:53:04 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2010/10/30 10:17:44 | 003,043,264 | ---- | M] () -- C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe
    PRC - [2010/10/29 16:03:39 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    PRC - [2010/10/29 16:03:31 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/09/23 16:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
    PRC - [2010/09/22 23:25:24 | 000,107,568 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
    PRC - [2010/09/22 23:24:22 | 000,265,776 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
    PRC - [2010/09/22 19:19:06 | 000,325,168 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    PRC - [2010/09/07 15:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/09/02 08:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    PRC - [2010/09/02 08:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2010/05/25 13:14:13 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
    PRC - [2010/05/18 17:38:45 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2010/04/24 00:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2010/04/24 00:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2010/02/06 13:48:40 | 000,603,136 | ---- | M] (CBS Software) -- C:\Program Files (x86)\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
    PRC - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files (x86)\3\3Connect\BecHelperService.exe
    PRC - [2009/06/17 11:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/01/07 16:00:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM13Mon.exe
    PRC - [2006/09/11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/26 22:43:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
    MOD - [2010/09/02 12:26:22 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
    MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/12/29 06:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
    MOD - [2009/06/10 21:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
    MOD - [2009/06/10 21:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
    SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService)
    SRV:64bit: - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV:64bit: - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV:64bit: - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/09/02 12:26:32 | 000,823,288 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
    SRV:64bit: - [2010/06/29 17:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2010/06/12 23:01:27 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2010/01/29 21:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/16 01:47:20 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\AESTSr64.exe -- (AESTFilters)
    SRV - [2010/11/23 02:09:56 | 003,020,376 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_5632d69.dll -- (Akamai)
    SRV - [2010/10/30 10:17:44 | 003,043,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe -- (GJService)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/09/23 16:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
    SRV - [2010/09/22 23:25:28 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
    SRV - [2010/09/22 23:24:22 | 000,265,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
    SRV - [2010/09/22 19:19:06 | 000,325,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - [2010/09/02 08:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2010/08/09 10:52:16 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
    SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010/06/12 22:59:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/05/25 13:14:13 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
    SRV - [2010/05/20 04:47:23 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
    SRV - [2010/05/18 17:38:45 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/04/24 00:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2010/04/24 00:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3\3Connect\BecHelperService.exe -- (BecHelperService)
    SRV - [2009/07/16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/08/15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/09/22 19:19:02 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
    DRV:64bit: - [2010/09/22 19:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
    DRV:64bit: - [2010/09/07 14:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2010/09/02 12:26:10 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
    DRV:64bit: - [2010/07/12 18:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/05/25 13:18:40 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/05/15 15:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
    DRV:64bit: - [2010/04/24 00:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2010/04/24 00:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2010/04/24 00:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2010/04/24 00:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2010/02/26 13:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
    DRV:64bit: - [2010/02/26 13:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
    DRV:64bit: - [2010/02/26 13:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
    DRV:64bit: - [2010/02/26 13:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
    DRV:64bit: - [2010/02/26 13:21:22 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
    DRV:64bit: - [2010/02/26 13:21:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
    DRV:64bit: - [2010/02/17 18:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 18:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2010/01/28 12:34:32 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2009/12/17 22:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2009/11/10 11:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2009/11/10 11:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2009/11/05 13:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/10/10 02:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/08/09 21:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2009/07/16 01:47:20 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 00:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
    DRV:64bit: - [2009/07/14 00:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2009/07/07 23:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/08 15:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
    DRV:64bit: - [2008/08/28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
    DRV:64bit: - [2008/05/28 16:01:00 | 000,267,296 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM13Vid.sys -- (OEM13Vid)
    DRV:64bit: - [2007/07/23 14:05:22 | 000,009,968 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLADResE.SYS -- (DLADResE)
    DRV:64bit: - [2007/07/23 14:05:12 | 000,135,152 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS -- (DLAUDFAE)
    DRV:64bit: - [2007/07/23 14:05:12 | 000,046,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLABMFSE.SYS -- (DLABMFSE)
    DRV:64bit: - [2007/07/23 14:05:10 | 000,144,112 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS -- (DLAUDF_E)
    DRV:64bit: - [2007/07/23 14:05:08 | 000,035,056 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS -- (DLAOPIOE)
    DRV:64bit: - [2007/07/23 14:05:06 | 000,042,352 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLABOIOE.SYS -- (DLABOIOE)
    DRV:64bit: - [2007/07/23 14:05:06 | 000,019,824 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAPoolE.SYS -- (DLAPoolE)
    DRV:64bit: - [2007/07/23 14:05:04 | 000,146,672 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS -- (DLAIFS_E)
    DRV:64bit: - [2007/07/23 13:55:46 | 000,124,112 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
    DRV:64bit: - [2007/07/23 13:49:50 | 000,041,072 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
    DRV:64bit: - [2007/07/23 13:49:50 | 000,017,776 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DLACDBHE.SYS -- (DLACDBHE)
    DRV:64bit: - [2007/07/23 13:43:46 | 000,063,984 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
    DRV:64bit: - [2007/03/05 09:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OEM13Vfx.sys -- (OEM13Vfx)
    DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
    DRV - [2006/03/18 02:24:59 | 000,026,844 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\scdemu.sys -- (SCDEmu)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF 46 1B 73 8C 71 CB 01 [binary data]
    IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
    FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
    FF - prefs.js..extensions.enabledItems: cnextend@babelphish.net:1.4.8
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
    FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.624.0
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/16 10:02:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/08/28 16:05:12 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/10/23 16:41:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\firefox\extensions [2010/11/26 21:59:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/15 09:11:26 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/26 21:59:56 | 000,000,000 | ---D | M]

    [2010/05/25 12:59:31 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions
    [2010/11/26 22:01:06 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions
    [2010/11/05 16:37:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2010/11/18 21:22:11 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
    [2010/10/15 15:25:51 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
    [2010/05/23 16:02:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/05/23 16:02:30 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
    [2010/08/14 10:45:34 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    [2010/05/23 16:02:30 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
    [2010/05/20 12:49:23 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
    [2010/07/23 10:03:03 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2010/11/13 17:18:05 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
    [2010/11/05 16:37:13 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
    [2010/10/23 16:40:54 | 000,000,000 | ---D | M] (ZoneAlarm Security Toolbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
    [2010/05/23 16:02:30 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
    [2010/10/15 15:25:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2010/08/22 07:47:42 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
    [2010/11/05 16:37:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/10/09 15:25:14 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2010/10/27 23:57:33 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/10/27 18:20:56 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/11/12 16:47:39 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
    [2010/05/23 16:02:30 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
    [2010/05/23 16:02:30 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\aging-tabs@design-noir.de
    [2010/11/05 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\autopager@mozilla.org
    [2010/09/03 23:53:22 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\chromeview@systemantics.net
    [2010/08/20 13:07:45 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\cnextend@babelphish.net
    [2010/11/05 16:37:14 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\elemhidehelper@adblockplus.org
    [2010/05/23 15:48:46 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\glasser@sixxgate.com
    [2010/06/19 15:23:54 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\piclens@cooliris.com
    [2010/06/19 15:23:54 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\piclens@cooliris.com-trash
    [2010/05/23 16:02:30 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\safariviewwin@systemantics.net
    [2010/11/12 16:47:39 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\SkipScreen@SkipScreen
    [2010/11/10 04:25:10 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\smarterwiki@wikiatic.com
    [2010/10/30 07:05:32 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\toolbar@ask.com
    [2010/11/24 07:28:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/11/23 16:42:22 | 000,087,344 | ---- | M] (Pinball Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    [2010/08/25 00:24:53 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/08/25 00:24:53 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/08/25 00:24:53 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/08/25 00:24:53 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    Hosts file not found
    O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AnchorFree Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (AnchorFree Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (AnchorFree Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.DLL (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [ClickPotatoLiteSA] C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\ClickPotatoLiteSA.exe (Pinball Corporation.)
    O4 - HKLM..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [SpeedConnectStartUp] C:\Program Files (x86)\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe (CBS Software)
    O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk.disabled ()
    O4 - Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk.disabled ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files (x86)\Altova\XMLSpy2011\spy.htm ()
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files (x86)\Altova\XMLSpy2011\spy.htm ()
    O9 - Extra Button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2011\spy.htm ()
    O9 - Extra 'Tools' menuitem : Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2011\spy.htm ()
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.624.0\ClickPotatoLiteSABHO.dll (Pinball Corporation)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{26172ca7-ef82-11df-8524-0024e8bb7dcc}\Shell\AutoRun\command - "" = I:\SETUP.EXE -- File not found
    O33 - MountPoints2\{8418cab5-6803-11df-ad6f-00225fca58dd}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
    O33 - MountPoints2\{cbf0d984-a913-11df-85bd-00225fca58dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\{cbf0d988-a913-11df-85bd-00225fca58dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\{cbf0d9ba-a913-11df-85bd-0024e8bb7dcc}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\{f22e51ae-a5b7-11df-a9e6-0024e8bb7dcc}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{f22e51b7-a5b7-11df-a9e6-0024e8bb7dcc}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{fe09bfb1-bb9c-11df-a8b0-0024e8bb7dcc}\Shell\AutoRun\command - "" = F:\steambackup.exe -- File not found
    O33 - MountPoints2\{fe09bfb2-bb9c-11df-a8b0-0024e8bb7dcc}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivXNetworks, Inc.)
    Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivXNetworks, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
  13. prydemusic

    prydemusic TS Rookie Topic Starter

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/26 22:43:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
    [2010/11/26 21:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ClickPotatoLiteSA
    [2010/11/26 21:59:55 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\ClickPotatoLite
    [2010/11/26 21:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClickPotatoLite
    [2010/11/26 21:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    [2010/11/25 11:43:18 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\SUPERAntiSpyware.com
    [2010/11/25 11:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/11/25 11:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2010/11/25 11:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/11/25 11:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/11/25 11:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/11/24 06:37:19 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Malwarebytes
    [2010/11/24 06:36:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/24 06:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/24 06:36:10 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/11/24 06:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/11/24 04:46:10 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Microsoft Office 2007
    [2010/11/20 16:38:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2010/11/15 06:17:14 | 000,000,000 | ---D | C] -- C:\Odeon10CombinedDemo
    [2010/11/15 06:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Odeon
    [2010/11/15 06:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Odeon10CombinedDemo
    [2010/11/14 02:49:14 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Activision
    [2010/11/14 02:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
    [2010/11/14 02:26:42 | 000,000,000 | ---D | C] -- C:\Logs
    [2010/11/14 02:26:37 | 000,058,816 | ---- | C] (SlySoft Inc.) -- C:\Windows\SysNative\drivers\maploml.sys
    [2010/11/14 02:26:37 | 000,034,240 | ---- | C] (SlySoft Inc.) -- C:\Windows\SysNative\drivers\maplom.sys
    [2010/11/14 02:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
    [2010/11/13 23:57:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
    [2010/11/04 13:32:11 | 000,000,000 | ---D | C] -- C:\Perl64
    [2010/11/04 13:25:46 | 000,000,000 | ---D | C] -- C:\wepcrack
    [2010/11/03 13:22:03 | 000,000,000 | ---D | C] -- C:\aircrack-ng-1.1-win
    [2010/10/28 03:14:47 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\Altova
    [2010/10/28 03:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Altova
    [2010/10/28 03:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Altova
    [2010/10/28 03:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Altova
    [2010/10/28 02:32:42 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
    [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/11/26 22:43:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
    [2010/11/26 22:16:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/26 22:16:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/26 22:04:55 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/26 22:04:55 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/26 18:04:35 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
    [2010/11/26 18:04:35 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2010/11/26 18:04:34 | 000,000,044 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2010/11/26 18:04:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/26 18:04:19 | 3217,256,448 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/26 18:04:12 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
    [2010/11/26 18:04:12 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
    [2010/11/26 11:46:09 | 000,023,609 | ---- | M] () -- C:\Users\Joe\Desktop\R-31469.tif
    [2010/11/26 11:44:29 | 000,779,080 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/26 11:44:29 | 000,664,572 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/26 11:44:29 | 000,125,018 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/25 11:43:12 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/25 11:20:24 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/24 06:36:16 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/22 16:11:33 | 000,000,447 | ---- | M] () -- C:\Users\Joe\Desktop\tcirc.html
    [2010/11/21 16:13:09 | 000,000,461 | ---- | M] () -- C:\Users\Joe\Desktop\apply.html
    [2010/11/21 15:40:29 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
    [2010/11/20 16:38:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\cd.dat
    [2010/11/20 16:38:37 | 555,666,053 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/11/20 06:45:28 | 000,612,029 | ---- | M] () -- C:\Users\Joe\Desktop\Untitled.png
    [2010/11/15 11:40:04 | 000,015,872 | ---- | M] () -- C:\Users\Joe\Desktop\Copy of initial analysis.xls
    [2010/11/15 11:39:52 | 000,145,920 | ---- | M] () -- C:\Users\Joe\Desktop\principles of acoustics.doc
    [2010/11/15 11:39:23 | 000,019,456 | ---- | M] () -- C:\Users\Joe\Desktop\Copy of suggested analysis.xls
    [2010/11/15 11:38:05 | 000,115,836 | ---- | M] () -- C:\Users\Joe\Desktop\principles of acoustics.odt
    [2010/11/15 11:29:57 | 000,031,203 | ---- | M] () -- C:\Users\Joe\Desktop\Copy of suggested analysis.ods
    [2010/11/15 06:17:24 | 000,001,071 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Odeon.lnk
    [2010/11/15 06:17:24 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Odeon.lnk
    [2010/11/15 05:16:50 | 000,029,471 | ---- | M] () -- C:\Users\Joe\Desktop\Copy of initial analysis.ods
    [2010/11/14 02:43:34 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty - Black Ops Call MP.lnk
    [2010/11/14 02:43:34 | 000,002,200 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk
    [2010/11/14 02:33:08 | 000,001,254 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
    [2010/11/13 22:13:22 | 001,444,384 | ---- | M] () -- C:\Users\Joe\Desktop\1992-10.pdf
    [2010/11/05 02:17:03 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2010/10/30 10:17:14 | 000,058,816 | ---- | M] (SlySoft Inc.) -- C:\Windows\SysNative\drivers\maploml.sys
    [2010/10/30 10:16:56 | 000,034,240 | ---- | M] (SlySoft Inc.) -- C:\Windows\SysNative\drivers\maplom.sys
    [2010/10/29 02:58:56 | 000,039,015 | ---- | M] () -- C:\Users\Joe\Desktop\at-first-i-was-like.jpg
    [2010/10/28 03:46:16 | 000,016,917 | ---- | M] () -- C:\Users\Joe\Desktop\sorttable.js
    [2010/10/28 03:14:32 | 000,003,077 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova SemanticWorks.lnk
    [2010/10/28 03:14:32 | 000,003,061 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova StyleVision.lnk
    [2010/10/28 03:14:32 | 000,003,059 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova SchemaAgent.lnk
    [2010/10/28 03:14:32 | 000,003,053 | ---- | M] () -- C:\Users\Public\Desktop\Altova SemanticWorks.lnk
    [2010/10/28 03:14:32 | 000,003,037 | ---- | M] () -- C:\Users\Public\Desktop\Altova StyleVision.lnk
    [2010/10/28 03:14:32 | 000,003,037 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova MapForce.lnk
    [2010/10/28 03:14:32 | 000,003,035 | ---- | M] () -- C:\Users\Public\Desktop\Altova SchemaAgent.lnk
    [2010/10/28 03:14:32 | 000,003,033 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova XMLSpy.lnk
    [2010/10/28 03:14:32 | 000,003,013 | ---- | M] () -- C:\Users\Public\Desktop\Altova MapForce.lnk
    [2010/10/28 03:14:32 | 000,003,009 | ---- | M] () -- C:\Users\Public\Desktop\Altova XMLSpy.lnk
    [2010/10/28 03:14:32 | 000,002,965 | ---- | M] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova DiffDog.lnk
    [2010/10/28 03:14:32 | 000,002,941 | ---- | M] () -- C:\Users\Public\Desktop\Altova DiffDog.lnk
    [2010/10/28 00:10:24 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/11/26 11:46:06 | 000,023,609 | ---- | C] () -- C:\Users\Joe\Desktop\R-31469.tif
    [2010/11/25 11:43:12 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/25 11:20:24 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/24 06:36:16 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/22 16:10:39 | 000,000,447 | ---- | C] () -- C:\Users\Joe\Desktop\tcirc.html
    [2010/11/21 15:39:23 | 000,000,461 | ---- | C] () -- C:\Users\Joe\Desktop\apply.html
    [2010/11/20 16:38:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
    [2010/11/20 16:38:37 | 555,666,053 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/11/20 06:45:27 | 000,612,029 | ---- | C] () -- C:\Users\Joe\Desktop\Untitled.png
    [2010/11/15 11:40:01 | 000,015,872 | ---- | C] () -- C:\Users\Joe\Desktop\Copy of initial analysis.xls
    [2010/11/15 11:39:52 | 000,145,920 | ---- | C] () -- C:\Users\Joe\Desktop\principles of acoustics.doc
    [2010/11/15 11:39:15 | 000,019,456 | ---- | C] () -- C:\Users\Joe\Desktop\Copy of suggested analysis.xls
    [2010/11/15 11:38:03 | 000,115,836 | ---- | C] () -- C:\Users\Joe\Desktop\principles of acoustics.odt
    [2010/11/15 06:17:24 | 000,001,071 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Odeon.lnk
    [2010/11/15 06:17:24 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Odeon.lnk
    [2010/11/15 05:16:22 | 000,031,203 | ---- | C] () -- C:\Users\Joe\Desktop\Copy of suggested analysis.ods
    [2010/11/14 21:31:11 | 000,029,471 | ---- | C] () -- C:\Users\Joe\Desktop\Copy of initial analysis.ods
    [2010/11/14 02:43:34 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty - Black Ops Call MP.lnk
    [2010/11/14 02:43:34 | 000,002,200 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk
    [2010/11/14 02:33:08 | 000,001,254 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
    [2010/11/14 02:26:42 | 000,000,044 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2010/11/13 22:13:22 | 001,444,384 | ---- | C] () -- C:\Users\Joe\Desktop\1992-10.pdf
    [2010/10/29 02:57:30 | 000,039,015 | ---- | C] () -- C:\Users\Joe\Desktop\at-first-i-was-like.jpg
    [2010/10/28 03:46:09 | 000,016,917 | ---- | C] () -- C:\Users\Joe\Desktop\sorttable.js
    [2010/10/28 03:14:32 | 000,003,077 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova SemanticWorks.lnk
    [2010/10/28 03:14:32 | 000,003,061 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova StyleVision.lnk
    [2010/10/28 03:14:32 | 000,003,059 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova SchemaAgent.lnk
    [2010/10/28 03:14:32 | 000,003,053 | ---- | C] () -- C:\Users\Public\Desktop\Altova SemanticWorks.lnk
    [2010/10/28 03:14:32 | 000,003,037 | ---- | C] () -- C:\Users\Public\Desktop\Altova StyleVision.lnk
    [2010/10/28 03:14:32 | 000,003,037 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova MapForce.lnk
    [2010/10/28 03:14:32 | 000,003,035 | ---- | C] () -- C:\Users\Public\Desktop\Altova SchemaAgent.lnk
    [2010/10/28 03:14:32 | 000,003,033 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova XMLSpy.lnk
    [2010/10/28 03:14:32 | 000,003,013 | ---- | C] () -- C:\Users\Public\Desktop\Altova MapForce.lnk
    [2010/10/28 03:14:32 | 000,003,009 | ---- | C] () -- C:\Users\Public\Desktop\Altova XMLSpy.lnk
    [2010/10/28 03:14:32 | 000,002,965 | ---- | C] () -- C:\Users\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Altova DiffDog.lnk
    [2010/10/28 03:14:32 | 000,002,941 | ---- | C] () -- C:\Users\Public\Desktop\Altova DiffDog.lnk
    [2010/10/28 00:10:24 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/10/24 23:40:56 | 000,007,597 | ---- | C] () -- C:\Users\Joe\AppData\Local\resmon.resmoncfg
    [2010/10/24 01:05:16 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
    [2010/10/24 01:01:56 | 000,020,102 | ---- | C] () -- C:\Program Files (x86)\Readme.txt
    [2010/10/24 01:01:56 | 000,010,960 | ---- | C] () -- C:\Program Files (x86)\EULA.txt
    [2010/10/24 01:01:56 | 000,000,730 | ---- | C] () -- C:\Program Files (x86)\INSTALL.LOG
    [2010/10/19 02:50:17 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2010/10/19 02:50:17 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2010/09/22 20:49:13 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2010/09/10 02:57:14 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\tms.dll
    [2010/08/07 15:49:46 | 000,765,056 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/05/26 20:57:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Libraries
    [2010/05/26 20:57:43 | 000,000,268 | RH-- | C] () -- C:\Users\Joe\AppData\Roaming\Keychains
    [2010/05/26 20:57:43 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
    [2010/05/26 20:57:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Licenses
    [2010/05/26 20:57:42 | 000,000,268 | RH-- | C] () -- C:\Users\Joe\AppData\Roaming\LaserPrinter
    [2010/05/26 20:49:23 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
    [2010/05/26 20:48:31 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Documentation
    [2010/05/26 20:48:31 | 000,000,268 | RH-- | C] () -- C:\Users\Joe\AppData\Roaming\Digital Mono
    [2010/05/26 20:48:31 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
    [2010/05/26 00:40:50 | 000,025,088 | ---- | C] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/25 13:41:28 | 000,000,234 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/05/25 12:48:56 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2010/05/19 04:54:10 | 000,001,164 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2003/04/09 09:28:44 | 000,233,472 | R--- | C] () -- C:\Users\Joe\AppData\Roaming\MafiaSetup.exe

    ========== LOP Check ==========

    [2010/09/20 12:57:56 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\.minecraft
    [2010/11/11 08:28:48 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Azureus
    [2010/08/12 10:24:44 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Birdstep Technology
    [2010/09/16 14:23:36 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\bizarre creations
    [2010/10/23 16:41:40 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\CheckPoint
    [2010/11/26 21:59:55 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\ClickPotatoLite
    [2010/08/15 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\com.adobe.ExMan
    [2010/09/01 23:44:46 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\DAEMON Tools Lite
    [2010/11/26 14:42:59 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\FileZilla
    [2010/10/10 18:05:22 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Firaxis
    [2010/08/15 17:59:46 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\gtk-2.0
    [2010/05/19 04:06:58 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Leadertech
    [2010/06/14 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Lionhead Studios
    [2010/05/26 20:57:51 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Nikon
    [2010/08/28 16:07:41 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Nokia
    [2010/09/23 22:45:59 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Notepad++
    [2010/06/30 15:56:04 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\OpenOffice.org
    [2010/08/28 16:05:51 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\PC Suite
    [2010/11/26 16:28:52 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\SoftGrid Client
    [2010/05/25 17:52:14 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Spotify
    [2010/10/25 00:20:28 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\The Creative Assembly
    [2010/11/24 04:46:55 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Thinstall
    [2010/08/07 15:51:50 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\TP
    [2010/08/20 00:48:31 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Trillian
    [2010/09/18 23:38:13 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Tropico 3
    [2010/11/25 11:13:59 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\TuneUpMedia
    [2010/09/21 11:53:36 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2010/11/26 18:04:19 | 3217,256,448 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2010/05/19 04:04:00 | 000,001,279 | ---- | M] () -- C:\LGSInst.Log
    [2010/11/26 18:04:19 | 4289,679,360 | -HS- | M] () -- C:\pagefile.sys
    [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2010/11/03 13:25:45 | 000,000,077 | ---- | M] () -- C:\wepkeys.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 05:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 05:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 05:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 05:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 20:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/07 15:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
    [2003/09/03 06:46:54 | 000,010,960 | ---- | M] () -- C:\Program Files (x86)\EULA.txt
    [2010/10/24 01:13:06 | 000,000,730 | ---- | M] () -- C:\Program Files (x86)\INSTALL.LOG
    [2003/12/18 10:33:46 | 000,020,102 | ---- | M] () -- C:\Program Files (x86)\Readme.txt

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/05/25 12:55:30 | 000,000,221 | -HS- | M] () -- C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/09/20 12:47:18 | 000,232,504 | ---- | M] () -- C:\Users\Joe\Desktop\Minecraft.exe
    [2010/11/26 22:43:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
    [2010/10/20 00:25:13 | 019,657,194 | ---- | M] () -- C:\Users\Joe\Desktop\vlc-1.1.4-win32.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/03 21:02:32 | 000,000,402 | -HS- | M] () -- C:\Users\Joe\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/11/26 18:04:34 | 000,000,044 | -HS- | M] () -- C:\ProgramData\.zreglib
    [2010/05/26 20:48:31 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Documentation
    [2010/06/16 11:19:57 | 000,001,164 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2010/05/26 20:57:43 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Libraries
    [2010/05/26 20:57:42 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Licenses

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    Huawei ModemsUninstall.exe

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2010/06/19 13:36:50 | 000,000,000 | ---D | M](C:\Users\Joe\Favorites\?Usorted Bookmarks) -- C:\Users\Joe\Favorites\Ǔsorted Bookmarks

    < End of report >
     
  14. prydemusic

    prydemusic TS Rookie Topic Starter

    OTL Extras logfile created on: 26/11/2010 22:45:29 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Joe\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 297.99 Gb Total Space | 41.86 Gb Free Space | 14.05% Space Free | Partition Type: NTFS

    Computer Name: JOES-PC | User Name: Joe | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3690900F-85EA-447F-BAD1-5CA25AA9B627}" = HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}" = Microsoft Xbox 360 Accessories 1.1
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
    "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}" = Roxio Drag-to-Disc
    "{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
    "{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF43C0DC-7BD2-4A01-BDB0-46A010C51131}" = ActivePerl 5.12.2 Build 1202 (64-bit)
    "34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem (06/09/2010 4.5)
    "Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
    "EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
    "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Game Jackal v4_is1" = Game Jackal v4.1.1.0 (64 bit)
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "NVIDIA Drivers" = NVIDIA Drivers
    "Shop for HP Supplies" = Shop for HP Supplies
    "SP6" = Logitech SetPoint 6.0
    "ZoneAlarm Toolbar" = ZoneAlarm Toolbar

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
    "{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
    "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
    "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
    "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
    "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
    "{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
    "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
    "{2BB0BDFF-E193-42A0-90BE-2D59441E51D2}" = F2200
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{3879E12E-DA5B-4451-B973-DA0E2FEE7039}" = Garmin City Navigator Europe v8
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
    "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
    "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{4ECA710C-B818-4751-A3B8-42C2D93922A8}" = Nokia Software Updater
    "{50E4FCC7-90B9-48C6-9D17-7AE66F282878}" = Juiced2_HIN
    "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
    "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
    "{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
    "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
    "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
    "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}" = Orca
    "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A2DB3367-C2CC-4C12-A299-37B85223BB71}" = Altova MissionKit® 2011 for Enterprise XML Developers
    "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
    "{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-1033-F400-7760-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
    "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies(TM) Stunts & Effects
    "{C222566F-1C50-4ECD-A01E-77F9C4B95458}" = DJ_AIO_03_F2200_Software_Min
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
    "{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
    "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
    "{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
    "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
    "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
    "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 4.65
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
    "Akamai" = Akamai NetSession Interface
    "avast5" = avast! Free Antivirus
    "Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
    "Capture NX 2" = Capture NX 2
    "ClickPotatoLiteSA" = ClickPotato
    "DivX Codec" = DivX Codec
    "DivX Setup.divx.com" = DivX Setup
    "EAX Unified" = EAX Unified
    "FileZilla Client" = FileZilla Client 3.3.5
    "Google Chrome" = Google Chrome
    "Homeworld2" = Homeworld2
    "HotspotShield" = Hotspot Shield 1.52
    "Huawei Modems" = Huawei modem
    "HW2 GUNDAM-MOD_is1" = GUNDAM MOD 3.0
    "InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) Stunts & Effects
    "InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
    "King Arthur" = King Arthur
    "Mafia" = Mafia
    "Mafia II DLC Jimmy's Vendetta_is1" = Mafia II DLC Jimmy's Vendetta
    "Mafia II Update 1_is1" = Mafia II Update 1
    "Mafia II_is1" = Mafia II
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "mIRC" = mIRC
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "Nokia PC Suite" = Nokia PC Suite
    "Notepad++" = Notepad++
    "Odeon10CombinedDemo" = Odeon 10 CombinedDemo (remove only)
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "openlp.org_is1" = openlp.org 1.2.4
    "PC Alarm Clock" = PC Alarm Clock
    "PowerISO" = PowerISO
    "PunkBusterSvc" = PunkBuster Services
    "RarZilla Free Unrar" = RarZilla Free Unrar
    "Sniper Ghost Warrior_is1" = Sniper Ghost Warrior
    "SpeedConnect Internet Accelerator v.7.5_is1" = SpeedConnect Internet Accelerator v.7.5
    "Spotify" = Spotify
    "Steam App 16830" = Sid Meier's Civilization V SDK
    "Steam App 22380" = Fallout: New Vegas
    "Steam App 240" = Counter-Strike: Source
    "Steam App 33310" = R.U.S.E. Demo
    "Steam App 34030" = Napoleon: Total War
    "Steam App 45000" = Sol Survivor
    "Steam App 8930" = Sid Meier's Civilization V
    "Trillian" = Trillian
    "TuneUpMedia" = TuneUp Companion 1.9.0
    "VirtualCloneDrive" = VirtualCloneDrive
    "VLC media player" = VLC media player 1.1.4
    "WinGimp-2.0_is1" = GIMP 2.6.8
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Xvid_is1" = Xvid 1.2.1 final uninstall
    "ZionWorx" = ZionWorx
    "ZoneAlarm" = ZoneAlarm

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BingoLinerUK" = BingoLinerUK
    "f031ef6ac137efc5" = Dell Driver Download Manager

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 25/11/2010 09:19:20 | Computer Name = Joes-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 25/11/2010 09:19:55 | Computer Name = Joes-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
    PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 25/11/2010 09:19:59 | Computer Name = Joes-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\odeon10combineddemo\DelZip179.dll".Error
    in manifest or policy file "c:\program files (x86)\odeon10combineddemo\DelZip179.dll"
    on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
    invalid.

    Error - 26/11/2010 06:00:20 | Computer Name = Joes-PC | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
    DownloadLatest Failed:

    Error - 26/11/2010 07:01:22 | Computer Name = Joes-PC | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
    DownloadLatest Failed:

    Error - 26/11/2010 07:35:35 | Computer Name = Joes-PC | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
    DownloadLatest Failed:

    Error - 26/11/2010 08:43:32 | Computer Name = Joes-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
    9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    Error - 26/11/2010 08:44:33 | Computer Name = Joes-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 26/11/2010 08:45:04 | Computer Name = Joes-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files (x86)\Nokia\Nokia
    PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 26/11/2010 08:45:07 | Computer Name = Joes-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\odeon10combineddemo\DelZip179.dll".Error
    in manifest or policy file "c:\program files (x86)\odeon10combineddemo\DelZip179.dll"
    on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
    invalid.

    [ Media Center Events ]
    Error - 03/09/2010 20:53:53 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
    Description = 01:53:49 - Failed to retrieve Broadband (Error: The underlying connection
    was closed: The connection was closed unexpectedly.)

    Error - 03/09/2010 21:57:27 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
    Description = 02:57:26 - Failed to retrieve MCESpotlight (Error: The underlying
    connection was closed: The connection was closed unexpectedly.)

    Error - 03/09/2010 21:57:30 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
    Description = 02:57:28 - Failed to retrieve Broadband (Error: The underlying connection
    was closed: The connection was closed unexpectedly.)

    Error - 04/09/2010 20:14:30 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
    Description = 01:14:29 - Failed to retrieve MCESpotlight (Error: The underlying
    connection was closed: An unexpected error occurred on a receive.)

    Error - 24/09/2010 22:39:35 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
    Description = 03:39:34 - Error connecting to the internet. 03:39:34 - Unable
    to contact server..

    Error - 25/09/2010 10:15:52 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
    Description = 15:15:51 - Error connecting to the internet. 15:15:51 - Unable
    to contact server..

    Error - 24/10/2010 22:32:54 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
    Description = 03:32:53 - Error connecting to the internet. 03:32:53 - Unable
    to contact server..

    Error - 24/10/2010 23:33:00 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
    Description = 04:33:00 - Error connecting to the internet. 04:33:00 - Unable
    to contact server..

    Error - 25/10/2010 00:33:05 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
    Description = 05:33:05 - Error connecting to the internet. 05:33:05 - Unable
    to contact server..

    Error - 25/10/2010 07:52:17 | Computer Name = Joes-PC | Source = MCUpdate | ID = 0
    Description = 12:52:16 - Error connecting to the internet. 12:52:17 - Unable
    to contact server..

    [ System Events ]
    Error - 09/11/2010 20:43:14 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 09/11/2010 20:43:15 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 09/11/2010 20:43:17 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 09/11/2010 20:51:38 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 09/11/2010 20:52:41 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 09/11/2010 20:52:41 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 09/11/2010 20:52:41 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 09/11/2010 20:52:41 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 09/11/2010 20:52:42 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 09/11/2010 20:52:45 | Computer Name = Joes-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    Does your ZoneAlarm include AV part, or it's a firewall only?

    ========================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Uninstall Ask Toolbar, known adware.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService)
      SRV - [2010/08/09 10:52:16 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
      [2010/10/30 07:05:32 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\toolbar@ask.com
      FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
      O2 - BHO: (AnchorFree Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (AnchorFree Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKCU\..\Toolbar\WebBrowser: (AnchorFree Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O33 - MountPoints2\{26172ca7-ef82-11df-8524-0024e8bb7dcc}\Shell\AutoRun\command - "" = I:\SETUP.EXE -- File not found
      O33 - MountPoints2\{8418cab5-6803-11df-ad6f-00225fca58dd}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
      O33 - MountPoints2\{cbf0d984-a913-11df-85bd-00225fca58dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
      O33 - MountPoints2\{cbf0d988-a913-11df-85bd-00225fca58dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
      O33 - MountPoints2\{cbf0d9ba-a913-11df-85bd-0024e8bb7dcc}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
      O33 - MountPoints2\{f22e51ae-a5b7-11df-a9e6-0024e8bb7dcc}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
      O33 - MountPoints2\{f22e51b7-a5b7-11df-a9e6-0024e8bb7dcc}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
      O33 - MountPoints2\{fe09bfb1-bb9c-11df-a8b0-0024e8bb7dcc}\Shell\AutoRun\command - "" = F:\steambackup.exe -- File not found
      O33 - MountPoints2\{fe09bfb2-bb9c-11df-a8b0-0024e8bb7dcc}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
      
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. prydemusic

    prydemusic TS Rookie Topic Starter

    my zone alarm is only the free firewall.
    i will carry out all the steps above when i get back tonight as im busy all day
    thanks very much for all your help so far
     
  17. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    You're very welcome [​IMG]
     
  18. prydemusic

    prydemusic TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Service KMService stopped successfully!
    Service KMService deleted successfully!
    File C:\Windows\SysNative\srvany.exe not found.
    Error: No service named KMService was found to stop!
    Service\Driver key KMService not found.
    C:\Windows\SysWOW64\srvany.exe moved successfully.
    Folder C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\f1z5tiz4.default\extensions\toolbar@ask.com\ not found.
    Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26172ca7-ef82-11df-8524-0024e8bb7dcc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26172ca7-ef82-11df-8524-0024e8bb7dcc}\ not found.
    File I:\SETUP.EXE not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8418cab5-6803-11df-ad6f-00225fca58dd}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8418cab5-6803-11df-ad6f-00225fca58dd}\ not found.
    File E:\autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbf0d984-a913-11df-85bd-00225fca58dd}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbf0d984-a913-11df-85bd-00225fca58dd}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbf0d988-a913-11df-85bd-00225fca58dd}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbf0d988-a913-11df-85bd-00225fca58dd}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbf0d9ba-a913-11df-85bd-0024e8bb7dcc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbf0d9ba-a913-11df-85bd-0024e8bb7dcc}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f22e51ae-a5b7-11df-a9e6-0024e8bb7dcc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f22e51ae-a5b7-11df-a9e6-0024e8bb7dcc}\ not found.
    File G:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f22e51b7-a5b7-11df-a9e6-0024e8bb7dcc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f22e51b7-a5b7-11df-a9e6-0024e8bb7dcc}\ not found.
    File G:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe09bfb1-bb9c-11df-a8b0-0024e8bb7dcc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe09bfb1-bb9c-11df-a8b0-0024e8bb7dcc}\ not found.
    File F:\steambackup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe09bfb2-bb9c-11df-a8b0-0024e8bb7dcc}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe09bfb2-bb9c-11df-a8b0-0024e8bb7dcc}\ not found.
    File G:\Autorun.exe not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Joe
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78615514 bytes
    ->Java cache emptied: 27346 bytes
    ->FireFox cache emptied: 52204796 bytes
    ->Google Chrome cache emptied: 11685554 bytes
    ->Flash cache emptied: 8629 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1861389 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 355 bytes

    Total Files Cleaned = 138.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Joe
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11302010_090041

    Files\Folders moved on Reboot...
    C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN5HAOXC\topmarketsearch_com[1].txt moved successfully.
    C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6JWPZVC\searchTrackCAVMGTSO.php moved successfully.
    C:\Users\Joe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\51G9JLAK\showbannerCAU15HYX.php moved successfully.
    C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\f1z5tiz4.default\Cache\_CACHE_001_ moved successfully.
    C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\f1z5tiz4.default\Cache\_CACHE_002_ moved successfully.
    C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\f1z5tiz4.default\Cache\_CACHE_003_ moved successfully.
    C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\f1z5tiz4.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\f1z5tiz4.default\urlclassifier3.sqlite moved successfully.
    C:\Users\Joe\AppData\Local\Mozilla\Firefox\Profiles\f1z5tiz4.default\XUL.mfl moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\Windows\temp\ZLT05ca6.TMP not found!

    Registry entries deleted on Reboot...
     
  19. prydemusic

    prydemusic TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    avast! Free Antivirus
    ZoneAlarm
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    TuneUp Companion 1.9.0
    Java(TM) 6 Update 20
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9.4.0
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Spybot Teatimer.exe is disabled!
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    Zone Labs ZoneAlarm zlclient.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  20. prydemusic

    prydemusic TS Rookie Topic Starter

    ESET logs
    C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application
    C:\Program Files (x86)\Sierra\Homeworld2\Bin\Release\Homeworld2.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan
    C:\Users\Joe\AppData\Local\Temp\jar_cache3411008061008849146.tmp a variant of Java/TrojanDownloader.OpenStream.NAU trojan
    C:\Users\Joe\AppData\Local\Temp\jar_cache3682321904243500042.tmp multiple threats
    C:\Users\Joe\AppData\Local\Temp\jar_cache3923356081705212885.tmp a variant of Java/TrojanDownloader.OpenStream.NAU trojan
    C:\Users\Joe\AppData\Local\Temp\jar_cache4316352864087477289.tmp a variant of Java/TrojanDownloader.OpenStream.NAU trojan
    C:\Users\Joe\AppData\Local\Temp\jar_cache4637076659082022845.tmp multiple threats
    C:\Users\Joe\AppData\Local\Temp\jar_cache7206832203688875741.tmp multiple threats
    C:\Users\Joe\AppData\Local\Temp\jar_cache7306116444400822501.tmp multiple threats
    C:\Users\Joe\AppData\Local\Temp\jar_cache8869624155160911559.tmp a variant of Java/TrojanDownloader.OpenStream.NAU trojan
    C:\Users\Joe\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000a0300002h\MSACCESS.EXE probably a variant of Win32/Agent.CQFXUJI trojan
    C:\Users\Joe\Documents\Vuze Downloads\Homeworld2.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan
    C:\Users\Joe\Documents\Vuze Downloads\HomeWorld2.rar NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan
    C:\Users\Joe\Documents\Vuze Downloads\rld-ruse.cloudshadow-working.iso multiple threats
    C:\Users\Joe\Documents\Vuze Downloads\HomeWorld2\hw2\Manual\AdbeRdr60_enu_full.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan
    C:\Users\Joe\Documents\Vuze Downloads\HomeWorld2\hw2\Patch\homeworld2_update_en_10_11.exe NSIS/TrojanDownloader.FakeAlert.DK.Gen trojan
    C:\Users\Joe\Downloads\VLCSetup.exe a variant of Win32/Adware.HotBar.H application
    C:\Users\Joe\Downloads\XvidSetup.exe a variant of Win32/Adware.HotBar.H application
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7IJ6IFN\upgrade[1].cab a variant of Win32/Adware.OneStep.P application
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWVA0QOR\upgrade[1].cab a variant of Win32/Adware.OneStep.P application
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7IJ6IFN\upgrade[1].cab a variant of Win32/Adware.OneStep.P application
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWVA0QOR\upgrade[1].cab a variant of Win32/Adware.OneStep.P application
     
  21. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    You didn't run JavaRa to remove old Java versions.
    Please, do it now.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe 
      C:\Program Files (x86)\Sierra\Homeworld2\Bin\Release\Homeworld2.exe 
      C:\Users\Joe\AppData\Local\Temp\jar_cache3411008061008849146.tmp 
      C:\Users\Joe\AppData\Local\Temp\jar_cache3682321904243500042.tmp 
      C:\Users\Joe\AppData\Local\Temp\jar_cache3923356081705212885.tmp 
      C:\Users\Joe\AppData\Local\Temp\jar_cache4316352864087477289.tmp 
      C:\Users\Joe\AppData\Local\Temp\jar_cache4637076659082022845.tmp 
      C:\Users\Joe\AppData\Local\Temp\jar_cache7206832203688875741.tmp 
      C:\Users\Joe\AppData\Local\Temp\jar_cache7306116444400822501.tmp 
      C:\Users\Joe\AppData\Local\Temp\jar_cache8869624155160911559.tmp 
      C:\Users\Joe\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000a0300002h\MSACCESS.EXE 
      C:\Users\Joe\Documents\Vuze Downloads\Homeworld2.exe 
      C:\Users\Joe\Documents\Vuze Downloads\HomeWorld2.rar 
      C:\Users\Joe\Documents\Vuze Downloads\rld-ruse.cloudshadow-working.iso 
      C:\Users\Joe\Documents\Vuze Downloads\HomeWorld2\hw2\Manual\AdbeRdr60_enu_full.exe 
      C:\Users\Joe\Documents\Vuze Downloads\HomeWorld2\hw2\Patch\homeworld2_update_en_10_11.exe 
      C:\Users\Joe\Downloads\VLCSetup.exe 
      C:\Users\Joe\Downloads\XvidSetup.exe 
      C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7IJ6IFN\upgrade[1].cab 
      C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWVA0QOR\upgrade[1].cab 
      C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P7IJ6IFN\upgrade[1].cab 
      C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\XWVA0QOR\upgrade[1].cab
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    The issue seems to be resolved...
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.