also @ TechSpot: Apple's iOS 7 to be "black, white and flat all over"

Trouble with Firefox on startup

Discussion in 'Virus and Malware Removal' started by verity25, Jun 12, 2011.

Page 2 of 3

  1. Broni Malware Annihilator Posts: 39,398   +177

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
    Broni, Jun 18, 2011
    #21

  2. verity25 TechSpot Enthusiast Posts: 108

    Just tried to send test email in outlook but got a send error also
    verity25, Jun 18, 2011
    #22

  3. Broni Malware Annihilator Posts: 39,398   +177

    OK, go on with TDSSKiller.
    Broni, Jun 18, 2011
    #23

  4. verity25 TechSpot Enthusiast Posts: 108

    Clicked the link but got the same error.....so couldn't download the file
    verity25, Jun 18, 2011
    #24

  5. Broni Malware Annihilator Posts: 39,398   +177

    You'll need to use another working computer and USB flash drive to get the file to your computer.
    Broni, Jun 18, 2011
    #25

  6. verity25 TechSpot Enthusiast Posts: 108

    ok.....I'll get to it tomorrow.....thanks...
    verity25, Jun 18, 2011
    #26
     

  7. Broni Malware Annihilator Posts: 39,398   +177

    No problem :)
    Broni, Jun 18, 2011
    #27

  8. verity25 TechSpot Enthusiast Posts: 108

    Here is the log, no infection was found

    2011/06/20 17:19:12.0031 3276 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
    2011/06/20 17:19:12.0046 3276 ================================================================================
    2011/06/20 17:19:12.0046 3276 SystemInfo:
    2011/06/20 17:19:12.0046 3276
    2011/06/20 17:19:12.0046 3276 OS Version: 5.1.2600 ServicePack: 3.0
    2011/06/20 17:19:12.0046 3276 Product type: Workstation
    2011/06/20 17:19:12.0046 3276 ComputerName: ALANS
    2011/06/20 17:19:12.0046 3276 UserName: Alan
    2011/06/20 17:19:12.0046 3276 Windows directory: C:\WINDOWS
    2011/06/20 17:19:12.0046 3276 System windows directory: C:\WINDOWS
    2011/06/20 17:19:12.0046 3276 Processor architecture: Intel x86
    2011/06/20 17:19:12.0046 3276 Number of processors: 4
    2011/06/20 17:19:12.0046 3276 Page size: 0x1000
    2011/06/20 17:19:12.0046 3276 Boot type: Normal boot
    2011/06/20 17:19:12.0046 3276 ================================================================================
    2011/06/20 17:19:13.0328 3276 Initialize success
    2011/06/20 17:19:20.0640 3892 ================================================================================
    2011/06/20 17:19:20.0640 3892 Scan started
    2011/06/20 17:19:20.0640 3892 Mode: Manual;
    2011/06/20 17:19:20.0640 3892 ================================================================================
    2011/06/20 17:19:21.0578 3892 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/06/20 17:19:21.0609 3892 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/06/20 17:19:21.0640 3892 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/06/20 17:19:21.0656 3892 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    2011/06/20 17:19:21.0765 3892 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
    2011/06/20 17:19:21.0843 3892 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/06/20 17:19:21.0890 3892 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
    2011/06/20 17:19:21.0921 3892 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/06/20 17:19:21.0937 3892 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/06/20 17:19:22.0078 3892 ati2mtag (8e280e25a7a3ca8f5f35946cdf41d434) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/06/20 17:19:22.0203 3892 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/06/20 17:19:22.0234 3892 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/06/20 17:19:22.0281 3892 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/06/20 17:19:22.0328 3892 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/06/20 17:19:22.0343 3892 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/06/20 17:19:22.0375 3892 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/06/20 17:19:22.0406 3892 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/06/20 17:19:22.0421 3892 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/06/20 17:19:22.0453 3892 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
    2011/06/20 17:19:22.0578 3892 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/06/20 17:19:22.0640 3892 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/06/20 17:19:22.0671 3892 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/06/20 17:19:22.0687 3892 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/06/20 17:19:22.0703 3892 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/06/20 17:19:22.0734 3892 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/06/20 17:19:22.0765 3892 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/06/20 17:19:22.0796 3892 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/06/20 17:19:22.0812 3892 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/06/20 17:19:22.0828 3892 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/06/20 17:19:22.0843 3892 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/06/20 17:19:22.0859 3892 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/06/20 17:19:22.0875 3892 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/06/20 17:19:22.0875 3892 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/06/20 17:19:22.0890 3892 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/06/20 17:19:22.0906 3892 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/06/20 17:19:22.0953 3892 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/06/20 17:19:22.0984 3892 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/06/20 17:19:23.0000 3892 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/06/20 17:19:23.0562 3892 IntcAzAudAddService (4808a5fef0bf1aca59300f09920a9cf8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/06/20 17:19:23.0812 3892 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/06/20 17:19:23.0828 3892 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/06/20 17:19:23.0843 3892 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/06/20 17:19:23.0859 3892 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/06/20 17:19:23.0875 3892 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/06/20 17:19:23.0890 3892 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/06/20 17:19:23.0921 3892 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/06/20 17:19:23.0937 3892 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/06/20 17:19:23.0953 3892 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/06/20 17:19:23.0984 3892 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/06/20 17:19:24.0000 3892 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/06/20 17:19:24.0031 3892 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/06/20 17:19:24.0046 3892 L1e (93e64bab9dee162ca0ca5258d132a047) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
    2011/06/20 17:19:24.0171 3892 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
    2011/06/20 17:19:24.0265 3892 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
    2011/06/20 17:19:24.0328 3892 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
    2011/06/20 17:19:24.0390 3892 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
    2011/06/20 17:19:24.0453 3892 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
    2011/06/20 17:19:24.0531 3892 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
    2011/06/20 17:19:24.0562 3892 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    2011/06/20 17:19:24.0609 3892 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    2011/06/20 17:19:24.0609 3892 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
    2011/06/20 17:19:24.0671 3892 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
    2011/06/20 17:19:24.0734 3892 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/06/20 17:19:24.0781 3892 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/06/20 17:19:24.0828 3892 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
    2011/06/20 17:19:24.0906 3892 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/06/20 17:19:24.0937 3892 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/06/20 17:19:24.0953 3892 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/06/20 17:19:24.0984 3892 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    2011/06/20 17:19:25.0031 3892 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/06/20 17:19:25.0062 3892 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/06/20 17:19:25.0078 3892 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/06/20 17:19:25.0093 3892 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/06/20 17:19:25.0109 3892 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/06/20 17:19:25.0125 3892 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/06/20 17:19:25.0140 3892 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/06/20 17:19:25.0156 3892 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/06/20 17:19:25.0187 3892 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    2011/06/20 17:19:25.0203 3892 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    2011/06/20 17:19:25.0250 3892 mv61xx (a95fed4c2fb11c79e7ddbe2eff1919b5) C:\WINDOWS\system32\DRIVERS\mv61xx.sys
    2011/06/20 17:19:25.0265 3892 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/06/20 17:19:25.0281 3892 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/06/20 17:19:25.0296 3892 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/06/20 17:19:25.0312 3892 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/06/20 17:19:25.0328 3892 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/06/20 17:19:25.0343 3892 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/06/20 17:19:25.0375 3892 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/06/20 17:19:25.0390 3892 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/06/20 17:19:25.0421 3892 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/06/20 17:19:25.0453 3892 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/06/20 17:19:25.0468 3892 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/06/20 17:19:25.0500 3892 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/06/20 17:19:25.0531 3892 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/06/20 17:19:25.0562 3892 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/06/20 17:19:25.0578 3892 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/06/20 17:19:25.0609 3892 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/06/20 17:19:25.0625 3892 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2011/06/20 17:19:25.0656 3892 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/06/20 17:19:25.0671 3892 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/06/20 17:19:25.0687 3892 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/06/20 17:19:25.0718 3892 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/06/20 17:19:25.0750 3892 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/06/20 17:19:25.0781 3892 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
    2011/06/20 17:19:25.0890 3892 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/06/20 17:19:25.0921 3892 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/06/20 17:19:25.0937 3892 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/06/20 17:19:25.0953 3892 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/06/20 17:19:26.0109 3892 RapportCerberus_26762 (7bf4f7e3ff7067b80b7d3d1e031bcb0e) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys
    2011/06/20 17:19:26.0234 3892 RapportEI (1602ff4aec5c2246ac387e49e474dd7b) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
    2011/06/20 17:19:26.0250 3892 RapportKELL (12031844f5ad4126eab4c410623f7789) C:\WINDOWS\system32\Drivers\RapportKELL.sys
    2011/06/20 17:19:26.0265 3892 RapportPG (1c303f85986c3dfcb01cc67f185c32e5) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
    2011/06/20 17:19:26.0296 3892 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/06/20 17:19:26.0328 3892 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/06/20 17:19:26.0343 3892 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/06/20 17:19:26.0343 3892 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/06/20 17:19:26.0375 3892 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/06/20 17:19:26.0390 3892 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/06/20 17:19:26.0421 3892 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/06/20 17:19:26.0453 3892 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/06/20 17:19:26.0484 3892 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/06/20 17:19:26.0546 3892 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/06/20 17:19:26.0578 3892 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/06/20 17:19:26.0593 3892 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/06/20 17:19:26.0609 3892 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/06/20 17:19:26.0656 3892 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/06/20 17:19:26.0687 3892 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/06/20 17:19:26.0703 3892 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/06/20 17:19:26.0734 3892 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/06/20 17:19:26.0750 3892 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/06/20 17:19:26.0765 3892 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/06/20 17:19:26.0796 3892 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/06/20 17:19:26.0843 3892 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/06/20 17:19:26.0890 3892 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/06/20 17:19:26.0906 3892 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/06/20 17:19:26.0921 3892 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/06/20 17:19:26.0937 3892 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/06/20 17:19:26.0968 3892 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/06/20 17:19:27.0015 3892 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/06/20 17:19:27.0078 3892 USB28xxBGA (766d95f2b1ed36a56b47eb945d5c7dd6) C:\WINDOWS\system32\DRIVERS\emBDA.sys
    2011/06/20 17:19:27.0187 3892 USB28xxOEM (f04b1d3c419265eb2be6d2fa5edc7653) C:\WINDOWS\system32\DRIVERS\emOEM.sys
    2011/06/20 17:19:27.0250 3892 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/06/20 17:19:27.0265 3892 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/06/20 17:19:27.0265 3892 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/06/20 17:19:27.0281 3892 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/06/20 17:19:27.0312 3892 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/06/20 17:19:27.0359 3892 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/06/20 17:19:27.0375 3892 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/06/20 17:19:27.0390 3892 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/06/20 17:19:27.0406 3892 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2011/06/20 17:19:27.0421 3892 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/06/20 17:19:27.0484 3892 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/06/20 17:19:27.0515 3892 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
    2011/06/20 17:19:27.0578 3892 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
    2011/06/20 17:19:27.0625 3892 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
    2011/06/20 17:19:27.0656 3892 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/06/20 17:19:27.0703 3892 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/06/20 17:19:27.0734 3892 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/06/20 17:19:27.0781 3892 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/06/20 17:19:27.0812 3892 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/06/20 17:19:27.0843 3892 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    2011/06/20 17:19:27.0953 3892 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk1\DR5
    2011/06/20 17:19:27.0968 3892 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR7
    2011/06/20 17:19:27.0968 3892 ================================================================================
    2011/06/20 17:19:27.0968 3892 Scan finished
    2011/06/20 17:19:27.0968 3892 ================================================================================
    2011/06/20 17:19:27.0984 2692 Detected object count: 0
    2011/06/20 17:19:27.0984 2692 Actual detected object count: 0
    verity25, Jun 20, 2011
    #28

  9. Broni Malware Annihilator Posts: 39,398   +177

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
    Broni, Jun 20, 2011
    #29

  10. verity25 TechSpot Enthusiast Posts: 108

    This might have cleared the problem, seems ok right now....Thanks for your help...
    verity25, Jun 21, 2011
    #30

  11. Broni Malware Annihilator Posts: 39,398   +177

    Good news :)

    Let's run some more checks to make sure, nothing else is hiding there....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
    Broni, Jun 21, 2011
    #31

  12. verity25 TechSpot Enthusiast Posts: 108

    Here is the OTL results:

    OTL logfile created on: 22/06/2011 17:27:42 - Run 1
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Alan\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.25 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 81.37% Memory free
    5.09 Gb Paging File | 4.25 Gb Available in Paging File | 83.50% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.48 Gb Total Space | 82.09 Gb Free Space | 56.04% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 150.29 Gb Free Space | 32.27% Space Free | Partition Type: NTFS
    Drive E: | 97.65 Gb Total Space | 94.00 Gb Free Space | 96.26% Space Free | Partition Type: NTFS
    Drive F: | 97.65 Gb Total Space | 71.08 Gb Free Space | 72.78% Space Free | Partition Type: NTFS
    Drive G: | 123.96 Gb Total Space | 123.89 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

    Computer Name: ALANS | User Name: Alan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/22 17:25:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
    PRC - [2011/06/16 09:51:23 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2011/06/10 16:54:30 | 000,419,104 | ---- | M] (GameStop Corporation) -- C:\Program Files\Impulse\Now\ImpulseNow.exe
    PRC - [2011/05/05 15:44:48 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2011/04/28 14:34:42 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
    PRC - [2010/11/10 00:29:54 | 012,001,224 | ---- | M] (Adobe Systems, Inc.) -- F:\Adobe\Adobe Bridge CS5\Bridge.exe
    PRC - [2010/10/12 15:04:20 | 004,142,448 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
    PRC - [2010/10/01 02:50:23 | 000,296,448 | ---- | M] (Microsoft) -- C:\Program Files\Stardock\ObjectDockPlus2\ObjectDockTray.exe
    PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    PRC - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
    PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2008/06/03 01:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
    PRC - [2008/05/30 13:56:00 | 010,235,904 | ---- | M] (Silicon Image, Inc.) -- C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe
    PRC - [2008/05/29 15:55:24 | 001,286,144 | ---- | M] () -- C:\Program Files\ASUS\Drive Xpert\SteelVine.exe
    PRC - [2008/05/21 13:30:26 | 001,423,360 | ---- | M] () -- C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/11/16 15:12:44 | 001,209,856 | ---- | M] () -- C:\Program Files\ASUS\AI Direct Link\AsShare.exe
    PRC - [2007/09/07 19:16:50 | 000,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    PRC - [2007/09/07 19:16:18 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
    PRC - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/22 17:25:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
    MOD - [2010/10/01 02:50:23 | 000,675,840 | ---- | M] () -- C:\Program Files\Stardock\ObjectDockPlus2\DockShellHook.dll
    MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/01/28 16:57:47 | 000,070,960 | ---- | M] (Stardock.net, Inc) -- C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
    MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
    MOD - [2007/02/05 09:29:04 | 000,139,264 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (igytbyfj)
    SRV - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
    SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/05/20 04:35:38 | 001,128,944 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
    SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2008/05/29 15:55:24 | 001,286,144 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\Drive Xpert\SteelVine.exe -- (57xx SteelVine Manager)
    SRV - [2007/09/07 19:16:18 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
    SRV - [2007/04/13 07:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/06/17 09:31:21 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
    DRV - [2011/05/31 17:21:28 | 006,348,392 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2011/04/28 14:34:50 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2011/04/28 14:34:50 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2011/04/28 14:34:48 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2011/04/20 03:41:56 | 006,537,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2009/04/22 15:26:18 | 000,528,256 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
    DRV - [2009/04/22 15:25:54 | 000,566,784 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
    DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/06/25 17:47:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
    DRV - [2008/06/23 23:21:48 | 000,150,568 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
    DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
    DRV - [2007/12/17 10:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
    DRV - [2007/02/16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV - [2007/02/16 19:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
    DRV - [2007/02/16 01:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
    DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1292428093-1123561945-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk
    IE - HKU\S-1-5-21-1292428093-1123561945-725345543-1003\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1292428093-1123561945-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1292428093-1123561945-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Bing"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.talktalk.net"

    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/06/22 16:43:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/06/16 09:51:59 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/21 21:24:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/06/16 00:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Extensions
    [2011/06/16 17:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\o4c9q1d1.default\extensions
    [2011/06/16 00:28:07 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\Alan\Application Data\Mozilla\Firefox\Profiles\o4c9q1d1.default\searchplugins\wot-safe-search.xml
    [2011/06/18 09:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/06/21 16:58:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    File not found (No name found) --
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\ALAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\O4C9Q1D1.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\ALAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\O4C9Q1D1.DEFAULT\EXTENSIONS\{B442F4C0-C292-4998-AABE-48608A73BA75}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\ALAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\O4C9Q1D1.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\ALAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\O4C9Q1D1.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\ALAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\O4C9Q1D1.DEFAULT\EXTENSIONS\GMAILTHIS@LAZYRUSSIAN.COM.XPI
    [2011/06/16 09:51:59 | 000,000,000 | ---D | M] (Roboform Toolbar for Firefox) -- C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX
    [2011/06/15 21:35:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/04/14 17:46:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
    [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
    [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2011/06/18 22:43:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin1.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110617095446.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: () - {B5205BFB-2051-498E-7323-23EA03F4F87A} - File not found
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1292428093-1123561945-725345543-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKU\S-1-5-21-1292428093-1123561945-725345543-1003\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe ()
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe ()
    O4 - HKLM..\Run: [Drive Xpert] C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe (Silicon Image, Inc.)
    O4 - HKLM..\Run: [Launch As Cmd Runner] C:\Program Files\ASUS\AI Direct Link\AsCmd.exe ()
    O4 - HKLM..\Run: [Launch Direct Link] C:\Program Files\ASUS\AI Direct Link\AsShare.exe ()
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe ()
    O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-1292428093-1123561945-725345543-1003..\Run: [AdobeBridge] F:\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
    O4 - HKU\S-1-5-21-1292428093-1123561945-725345543-1003..\Run: [java checksys] File not found
    O4 - HKU\S-1-5-21-1292428093-1123561945-725345543-1003..\Run: [java system update] File not found
    O4 - HKU\S-1-5-21-1292428093-1123561945-725345543-1003..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKU\S-1-5-21-1292428093-1123561945-725345543-1003..\Run: [winupdate system] File not found
    O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Impulse\Now\ImpulseNow.exe (GameStop Corporation)
    O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O4 - Startup: C:\Documents and Settings\Alan\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1292428093-1123561945-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1308151277785 (MUWebControl Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
    O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll (Stardock)
    O24 - Desktop WallPaper: C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/06/15 12:52:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/07/10 17:54:54 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: igytbyfj - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902053519425536)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/22 17:25:27 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe
    [2011/06/22 16:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2011/06/21 21:29:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
    [2011/06/21 21:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\Apple Computer
    [2011/06/21 21:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/06/21 21:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/06/21 21:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/06/21 21:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2011/06/21 21:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/06/21 21:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2011/06/21 21:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2011/06/21 21:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2011/06/21 21:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Local Settings\Application Data\Apple
    [2011/06/21 21:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2011/06/21 21:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2011/06/21 21:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
    [2011/06/21 21:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Local Settings\Application Data\Apple Computer
    [2011/06/21 21:17:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TML-Studios
    [2011/06/21 20:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\TripleHippo
    [2011/06/21 20:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\The Tarot's Misfortune
    [2011/06/21 20:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lichterfelde
    [2011/06/21 20:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Local Settings\Application Data\TechnoBrain
    [2011/06/21 20:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Games By GG releases
    [2011/06/21 17:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
    [2011/06/21 17:10:14 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/06/21 17:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/06/21 17:10:10 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/06/21 17:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/06/21 16:57:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/06/21 16:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\PriceGong
    [2011/06/21 16:57:03 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/06/21 16:57:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\Malwarebytes
    [2011/06/18 23:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\My Documents\Euro Truck Simulator
    [2011/06/18 22:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\PriceGong(2)
    [2011/06/18 22:53:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011/06/18 22:45:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER(2)
    [2011/06/18 21:53:26 | 000,000,000 | ---D | C] -- C:\cmdcons
    [2011/06/18 21:52:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/06/18 21:52:19 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/06/18 16:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2011
    [2011/06/18 15:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2011/06/18 14:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2010
    [2011/06/18 14:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\My Documents\PcSetup
    [2011/06/18 14:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CloneDVD
    [2011/06/18 14:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio
    [2011/06/18 14:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\CloneDVD
    [2011/06/18 09:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2011/06/18 09:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/06/18 09:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2011/06/18 09:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\Sun
    [2011/06/17 22:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\onOne Software
    [2011/06/17 22:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\onOne Software
    [2011/06/17 22:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software
    [2011/06/17 22:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Start Menu\Programs\MagicDisc
    [2011/06/17 22:47:24 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
    [2011/06/17 22:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
    [2011/06/17 22:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Start Menu\Programs\MagicISO
    [2011/06/17 22:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
    [2011/06/17 22:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\Adobe Mini Bridge CS5
    [2011/06/17 21:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2011/06/17 21:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2011/06/17 21:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
    [2011/06/17 21:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
    [2011/06/17 21:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2011/06/17 17:06:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Alan\My Documents\My Videos
    [2011/06/17 17:06:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Alan\Start Menu\Programs\Administrative Tools
    [2011/06/17 15:18:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{B98A2B83-8BB0-42E7-AA1D-D6FA6E7C8F31}
    [2011/06/17 15:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Stardock
    [2011/06/17 13:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Local Settings\Application Data\ODUI
    [2011/06/17 11:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/06/17 10:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\My Documents\Stardock
    [2011/06/17 10:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
    [2011/06/17 10:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stardock
    [2011/06/17 10:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
    [2011/06/17 10:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\Stardock
    [2011/06/17 10:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Gibraltar
    [2011/06/17 10:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Stardock
    [2011/06/17 10:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Impulse
    [2011/06/17 10:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Impulse
    [2011/06/17 10:42:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{F17D9C21-2BB9-4DE6-A952-721D90A7029A}
    [2011/06/17 09:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Local Settings\Application Data\Trusteer
    [2011/06/16 23:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [2011/06/16 23:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
    [2011/06/16 23:28:01 | 000,359,016 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
    [2011/06/16 23:27:59 | 000,129,640 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
    [2011/06/16 23:27:56 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
    [2011/06/16 23:15:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UAB
    [2011/06/16 23:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Local Settings\Application Data\PC_Drivers_Headquarters
    [2011/06/16 23:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2011/06/16 23:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Detective
    [2011/06/16 23:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
    [2011/06/16 23:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\Trusteer
    [2011/06/16 23:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Rapport
    [2011/06/16 23:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
    [2011/06/16 23:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2011/06/16 22:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\PFStaticIP
    [2011/06/16 22:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Start Menu\Programs\Portforward.com
    [2011/06/16 22:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\PFStaticIP
    [2011/06/16 22:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Local Settings\Application Data\Stardock
    [2011/06/16 22:19:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
    [2011/06/16 22:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Local Settings\Application Data\PackageAware
    [2011/06/16 22:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\Windows Search
    [2011/06/16 17:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\My Documents\Outlook Files
    [2011/06/16 11:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Local Settings\Application Data\Adobe
    [2011/06/16 11:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2011/06/16 11:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2011/06/16 11:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2011/06/16 10:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Local Settings\Application Data\Scansoft
    [2011/06/16 10:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WTablet
    [2011/06/16 10:40:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Uninstall
    [2011/06/16 10:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio
    [2011/06/16 10:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
    [2011/06/16 10:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
    [2011/06/16 10:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Roxio Easy VHS to DVD
    [2011/06/16 10:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
    [2011/06/16 10:27:57 | 000,112,640 | ---- | C] (eMPIA Technology, Inc.) -- C:\WINDOWS\System32\emPRP.ax
    [2011/06/16 10:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio Easy VHS to DVD
    [2011/06/16 10:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\WTablet
    [2011/06/16 10:21:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Pen Tablet
    [2011/06/16 10:21:29 | 002,684,200 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\PenTablet.cpl
    [2011/06/16 10:21:23 | 000,011,440 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\WacomVKHid.sys
    [2011/06/16 10:21:14 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacommousefilter.sys
    [2011/06/16 10:21:13 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomvhid.sys
    [2011/06/16 10:21:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WTablet
    [2011/06/16 10:21:09 | 001,373,480 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.exe
    [2011/06/16 10:21:09 | 000,181,544 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
    [2011/06/16 10:21:09 | 000,128,296 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.dll
    [2011/06/16 10:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
    [2011/06/16 10:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    [2011/06/16 10:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MP610 series User Registration
    [2011/06/16 10:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
    [2011/06/16 10:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CD-LabelPrint
    [2011/06/16 10:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
    [2011/06/16 10:11:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2011/06/16 10:11:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
    [2011/06/16 10:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MP610 series
    [2011/06/16 10:11:04 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
    [2011/06/16 10:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
    [2011/06/16 10:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
    [2011/06/16 10:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\ScanSoft
    [2011/06/16 10:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage SE 4
    [2011/06/16 10:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
    [2011/06/16 10:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2011/06/16 10:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
    [2011/06/16 09:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RoboForm
    [2011/06/16 09:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RoboForm
    [2011/06/16 09:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\My Documents\My RoboForm Data
    [2011/06/16 09:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
    [2011/06/16 00:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
    [2011/06/16 00:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\My Documents\Downloads
    [2011/06/16 00:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Local Settings\Application Data\Mozilla
    [2011/06/16 00:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\Mozilla
    [2011/06/16 00:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/06/15 22:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
    [2011/06/15 22:34:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
    [2011/06/15 22:34:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
    [2011/06/15 22:34:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
    [2011/06/15 22:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Local Settings\Application Data\Identities
    [2011/06/15 22:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan\Application Data\Windows Desktop Search
    [2011/06/15 22:33:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
    [2011/06/15 22:33:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2011/06/15 22:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
    [2011/06/15 22:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
    [2011/06/15 22:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2011/06/15 22:30:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
    [2011/06/15 21:50:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2011/06/15 21:06:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
    [2011/06/15 21:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2011/06/15 21:06:23 | 000,000,000 | ---D | C] -- C:\1287bd8a094eb607500a86
    [2011/06/15 21:04:40 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers
    verity25, Jun 22, 2011
    #32

  13. verity25 TechSpot Enthusiast Posts: 108

    Here is the last part of the OTL:

    ========== LOP Check ==========

    [2011/06/21 16:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\onOne Software
    [2011/06/16 22:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\PFStaticIP
    [2011/06/21 16:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\PriceGong
    [2011/06/21 16:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\PriceGong(2)
    [2011/06/16 10:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\ScanSoft
    [2011/06/17 21:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2011/06/17 10:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Stardock
    [2011/06/21 20:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\TripleHippo
    [2011/06/16 23:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Trusteer
    [2011/06/21 16:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\uTorrent
    [2011/06/15 22:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Windows Desktop Search
    [2011/06/16 22:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\Windows Search
    [2011/06/16 10:11:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2011/06/16 10:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
    [2011/06/18 14:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio
    [2011/06/17 10:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gibraltar
    [2011/06/17 22:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\onOne Software
    [2011/06/16 23:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2011/06/17 21:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2011/06/16 09:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
    [2011/06/16 10:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2011/06/17 10:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
    [2011/06/16 23:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2011/06/16 23:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
    [2011/06/16 10:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
    [2011/06/15 17:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2011/06/16 22:19:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
    [2011/06/21 21:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2011/06/17 15:18:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B98A2B83-8BB0-42E7-AA1D-D6FA6E7C8F31}
    [2011/06/17 10:42:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F17D9C21-2BB9-4DE6-A952-721D90A7029A}
    [2011/06/17 09:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
    [2011/06/15 16:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2011/06/22 16:48:10 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{945CE2F9-7C7F-4646-9F9A-EEE1A13FCCEE}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/06/15 12:52:29 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/06/15 12:47:48 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/06/15 12:47:48 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/06/18 22:48:21 | 000,015,435 | ---- | M] () -- C:\ComboFix.txt
    [2011/06/15 12:52:29 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/06/15 12:52:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/06/15 12:52:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/02/28 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2011/06/15 18:40:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/06/22 16:43:35 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2011/06/15 15:41:09 | 000,000,581 | ---- | M] () -- C:\RHDSetup.log
    [2011/06/20 17:20:09 | 000,042,984 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_20.06.2011_17.19.12_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2011/06/15 12:52:11 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/04/15 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD93.DLL
    [2007/04/15 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP93.DLL
    [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2011/06/15 12:32:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2011/06/15 12:32:57 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2011/06/15 12:32:57 | 000,946,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2011/06/15 18:43:51 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >
    [2011/06/15 16:12:43 | 000,006,144 | ---- | M] () -- C:\WINDOWS\system32\SV_SQL3_Config.db
    [2011/06/15 16:12:43 | 000,002,048 | ---- | M] () -- C:\WINDOWS\system32\SV_SQL3_Events.db
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/06/15 12:58:04 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2011/06/15 12:58:03 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Alan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/06/22 17:25:27 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/06/17 18:01:41 | 000,000,210 | -H-- | M] () -- C:\Documents and Settings\Alan\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/06/22 17:21:59 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Alan\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
    [2006/06/24 07:48:54 | 000,032,768 | R--- | M] (AsusTek Inc.) -- C:\WINDOWS\inf\UpdateUSB.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 01:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 15:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 01:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 19:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 19:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 19:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2011/06/17 17:49:40 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
    verity25, Jun 22, 2011
    #33

  14. verity25 TechSpot Enthusiast Posts: 108

    Here is the extras file:

    OTL Extras logfile created on: 22/06/2011 17:27:51 - Run 1
    OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Alan\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.25 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 81.37% Memory free
    5.09 Gb Paging File | 4.25 Gb Available in Paging File | 83.50% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.48 Gb Total Space | 82.09 Gb Free Space | 56.04% Space Free | Partition Type: NTFS
    Drive D: | 465.76 Gb Total Space | 150.29 Gb Free Space | 32.27% Space Free | Partition Type: NTFS
    Drive E: | 97.65 Gb Total Space | 94.00 Gb Free Space | 96.26% Space Free | Partition Type: NTFS
    Drive F: | 97.65 Gb Total Space | 71.08 Gb Free Space | 72.78% Space Free | Partition Type: NTFS
    Drive G: | 123.96 Gb Total Space | 123.89 Gb Free Space | 99.95% Space Free | Partition Type: NTFS

    Computer Name: ALANS | User Name: Alan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-1292428093-1123561945-725345543-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- F:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
    "1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
    "C:\Documents and Settings\Alan\Desktop\utorrent.exe" = C:\Documents and Settings\Alan\Desktop\utorrent.exe:*:Enabled:µTorrent


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
    "{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}" = Roxio Activation Module
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}" = Roxio Easy VHS to DVD Content
    "{24933F5C-87D7-4BB8-ABA1-85FF59F74584}" = City Bus Simulator 2010 - New York
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
    "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
    "{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Easy VHS to DVD
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{424230DD-0906-47C3-8646-980393CD569E}" = Roxio Video Capture USB
    "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
    "{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
    "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
    "{6C9EF6DE-391E-665A-92F2-2BF72DF53E61}" = Catalyst Control Center
    "{7919D8D9-69FB-4E94-B330-04C4AF251867}" = Roxio Easy VHS to DVD
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 2.5
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{AFBF90DF-9FBE-002F-E8F4-2EC713678BD7}" = Catalyst Control Center InstallProxy
    "{BDD11F42-6F08-4BB6-B4CA-3258BB58CDD5}" = Drive Xpert
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}" = Roxio CinePlayer Decoder Pack
    "{C312984C-E386-4C2D-B33E-7B54355FB16E}" = AI Direct Link
    "{C85C8CE6-CA92-7CDC-75C3-AA9C22E7FD75}" = ccc-utility
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D41DA7B0-DE4C-20A5-FC4C-F00327548F0D}" = CCC Help English
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
    "{E40D6E16-6D7D-4AF3-9E13-B3A308571E81}" = Roxio Easy VHS to DVD
    "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse®
    "{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F90D9C89-7918-7994-66CC-513C4A92D3A6}" = Catalyst Control Center Graphics Previews Common
    "{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AI RoboForm" = RoboForm 7-1-9 (All Users)
    "Canon MP610 series User Registration" = Canon MP610 series User Registration
    "CANONIJPLM100" = PIXMA Extended Survey Program
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "conduitEngine" = Conduit Engine
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Euro Truck Simulator 1.3" = Euro Truck Simulator 1.3
    "I am an Air Traffic Controller3" = I am an Air Traffic Controller3
    "IconPackager" = IconPackager
    "ie8" = Windows Internet Explorer 8
    "Impulse®" = Impulse®
    "Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
    "MediaNavigation.CDLabelPrint" = CD-LabelPrint
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
    "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
    "MSC" = McAfee AntiVirus Plus
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "mv61xxDriver" = marvell 61xx
    "ObjectDock Plus 2" = ObjectDock Plus 2
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Pen Tablet Driver" = Pen Tablet
    "Portforward Static IP Address" = Portforward Static IP Address 1.0.45
    "Rapport_msi" = Rapport
    "The Tarot's Misfortune % CompanyName%" = The Tarot's Misfortune % CompanyName%
    "TVEpaDrv" = Roxio Video Capture USB Driver
    "Tweak UI 2.10" = Tweak UI
    "UltimateDefrag" = Disktrix UltimateDefrag
    "uTorrent" = µTorrent
    "uTorrentBar Toolbar" = uTorrentBar Toolbar
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 15/06/2011 12:48:36 | Computer Name = ALANS | Source = Application Hang | ID = 1002
    Description = Hanging application utorrent[1].exe, version 2.2.1.25302, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 15/06/2011 12:48:39 | Computer Name = ALANS | Source = Application Hang | ID = 1001
    Description = Fault bucket -1846535027.

    Error - 15/06/2011 12:50:05 | Computer Name = ALANS | Source = Application Hang | ID = 1002
    Description = Hanging application utorrent[1].exe, version 2.2.1.25302, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 15/06/2011 12:51:15 | Computer Name = ALANS | Source = Application Hang | ID = 1002
    Description = Hanging application utorrent[1].exe, version 2.2.1.25302, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 15/06/2011 12:53:36 | Computer Name = ALANS | Source = Application Hang | ID = 1002
    Description = Hanging application utorrent.exe, version 2.2.1.25130, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 16/06/2011 04:06:24 | Computer Name = ALANS | Source = Windows Search Service | ID = 3024
    Description = The update cannot be started because the content sources cannot be
    accessed. Fix the errors and try the update again. Context: Application, SystemIndex
    Catalog

    Error - 17/06/2011 06:35:53 | Computer Name = ALANS | Source = McLogEvent | ID = 5051
    Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    took longer than 90000 ms to complete a request. The process will be terminated.
    Thread
    id : 3656 (0xe48) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
    / 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\wrbhaouj.dll

    by C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

    7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

    Error - 17/06/2011 06:35:53 | Computer Name = ALANS | Source = McLogEvent | ID = 5051
    Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    took longer than 90000 ms to complete a request. The process will be terminated.
    Thread
    id : 3672 (0xe58) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
    / 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\wrbhaouj.dll

    by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
    7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

    [ System Events ]
    Error - 15/06/2011 11:55:45 | Computer Name = ALANS | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\WINDOWS\system32\atiadlxx.dll.
    Reference
    error message: The operation completed successfully. .

    Error - 15/06/2011 11:55:52 | Computer Name = ALANS | Source = SideBySide | ID = 16842784
    Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
    Error was The referenced assembly is not installed on your system.

    Error - 15/06/2011 11:55:52 | Computer Name = ALANS | Source = SideBySide | ID = 16842811
    Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
    message: The referenced assembly is not installed on your system. .

    Error - 15/06/2011 11:55:52 | Computer Name = ALANS | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\WINDOWS\system32\atiadlxx.dll.
    Reference
    error message: The operation completed successfully. .

    Error - 15/06/2011 14:30:53 | Computer Name = ALANS | Source = Service Control Manager | ID = 7022
    Description = The Windows Firewall/Internet Connection Sharing (ICS) service hung
    on starting.

    Error - 15/06/2011 17:19:59 | Computer Name = ALANS | Source = DCOM | ID = 10010
    Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
    with DCOM within the required timeout.

    Error - 16/06/2011 04:07:52 | Computer Name = ALANS | Source = DCOM | ID = 10010
    Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
    with DCOM within the required timeout.

    Error - 16/06/2011 06:24:12 | Computer Name = ALANS | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service WSearch with
    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error - 16/06/2011 06:24:12 | Computer Name = ALANS | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Windows Search service
    to connect.

    Error - 16/06/2011 06:24:12 | Computer Name = ALANS | Source = Service Control Manager | ID = 7000
    Description = The Windows Search service failed to start due to the following error:
    %%1053


    < End of report >
    verity25, Jun 22, 2011
    #34

  15. Broni Malware Annihilator Posts: 39,398   +177

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
SRV - File not found [Auto | Stopped] -- -- (igytbyfj)
O2 - BHO: () - {B5205BFB-2051-498E-7323-23EA03F4F87A} - File not found
O4 - HKU\S-1-5-21-1292428093-1123561945-725345543-1003..\Run: [java checksys] File not found
O4 - HKU\S-1-5-21-1292428093-1123561945-725345543-1003..\Run: [java system update] File not found
O4 - HKU\S-1-5-21-1292428093-1123561945-725345543-1003..\Run: [winupdate system] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/06/21 16:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\PriceGong
[2011/06/21 16:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan\Application Data\PriceGong(2)


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
    Broni, Jun 22, 2011
    #35

  16. verity25 TechSpot Enthusiast Posts: 108

    All processes killed
    ========== OTL ==========
    Service igytbyfj stopped successfully!
    Service igytbyfj deleted successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5205BFB-2051-498E-7323-23EA03F4F87A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5205BFB-2051-498E-7323-23EA03F4F87A}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1292428093-1123561945-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\java checksys not found.
    Registry value HKEY_USERS\S-1-5-21-1292428093-1123561945-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\java system update not found.
    Registry value HKEY_USERS\S-1-5-21-1292428093-1123561945-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\winupdate system not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Documents and Settings\Alan\Application Data\PriceGong\Data folder moved successfully.
    C:\Documents and Settings\Alan\Application Data\PriceGong folder moved successfully.
    C:\Documents and Settings\Alan\Application Data\PriceGong(2)\Data(2) folder moved successfully.
    C:\Documents and Settings\Alan\Application Data\PriceGong(2) folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Alan
    ->Temp folder emptied: 6039298 bytes
    ->Temporary Internet Files folder emptied: 41483678 bytes
    ->FireFox cache emptied: 21357596 bytes
    ->Flash cache emptied: 60137 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56468 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 32969 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2176856 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 112743765 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 5357330187 bytes

    Total Files Cleaned = 5,285.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Alan
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.24.1 log created on 06232011_170939

    Files\Folders moved on Reboot...
    C:\WINDOWS\temp\Perflib_Perfdata_9b0.dat moved successfully.

    Registry entries deleted on Reboot...
    verity25, Jun 23, 2011
    #36

  17. verity25 TechSpot Enthusiast Posts: 108

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Disabled!
    McAfee AntiVirus Plus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Adobe Flash Player 10.3.181.26
    Adobe Reader X (10.1.0)
    Mozilla Firefox (x86 en-GB..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    ``````````End of Log````````````
    verity25, Jun 23, 2011
    #37

  18. Broni Malware Annihilator Posts: 39,398   +177

    Looks good :)

    ...and Eset...
    Broni, Jun 23, 2011
    #38

  19. verity25 TechSpot Enthusiast Posts: 108

    Eset found nothing but I still getting Google-analytics opening up unwanted webpages
    verity25, Jun 24, 2011
    #39

  20. Broni Malware Annihilator Posts: 39,398   +177

    Does it happen in Firefox only?
    Can you check IE?
    Broni, Jun 24, 2011
    #40
Page 2 of 3
Topic Status:
Not open for further replies.

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.