Win32/Olmarik trojan Issue

Solved
Thread Status:
Not open for further replies.
  1. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    05:57
    My System
    Loading...

    Hi Guys,

    I've just bought a second hand PC from a person and have just used my new subscription with ESET to scan the computer for malware. It's come up with a threat existing called Win32/Olmarik trojan and is not able to clean it.

    I've also used the latest version of Malwarebytes Anti-Malware to do a quick scan but this comes back with no malicious files found.

    I've started having problems with using browsers on the infected PC to access sites, including this one...but am using a second laptop to get online.

    I've ran through the prework list and will provide the log data in subsequent posts below now also.

    I appreciate any help you can give me guys.

    Thanks,
    Kieren
     
  2. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    05:57
    My System
    Loading...

    ..I'm having problems being able to post the log data to this forum as the browser shuts down and has issues every time due to the trojan interfering.. :( any ideas on how I can possibly get around this?
     
  3. Hengis

    Hengis Proud PCHF'er since 2004 Tech Member Elite Member

    Joined:
    Jan 1, 2004
    Posts:
    39,703
    Likes Received:
    5,037
    Local time:
    21:57
    My System
    Loading...

  4. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    05:57
    My System
    Loading...

    Thanks for your reply. I'm sorry I didn't make my log posting issue very clear...the problem I'm having with uploading is actually being able to use any browser (on the infected pc) to do any uploading/emailing/etc. of the logs.

    Same goes for logging in to this forum- it crashes the browser as soon as I try to login. I'm replying here using my other computer instead.

    I've tried a number of things to no avail...the browsers on the system work, but keep getting shut down or disconnected whenever I try to login to any email accounts or post the log data anywhere else it seems.
     
  5. Hengis

    Hengis Proud PCHF'er since 2004 Tech Member Elite Member

    Joined:
    Jan 1, 2004
    Posts:
    39,703
    Likes Received:
    5,037
    Local time:
    21:57
    My System
    Loading...

    Eeeekk...

    Ok, hold tight and wait for one of the Security Team, they may have some work-arounds for you...
     
  6. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    05:57
    My System
    Loading...

    That was my reaction too! Eeek! ..I've tried setting up hotmail and gmail accounts so I can send it to my other email account, but each time I try to click send it now says "the connection to the server was reset while the page was loading" ..when I know it shouldn't be.

    Ok, thanks for your attention.

    ps. I do have an external HD attached to the infected pc atm, but am not confident as to whether to try to use it to transfer the logs file between computers... if I use that, I figure it may likely transfer the trojan to my good pc too.
     
  7. Hengis

    Hengis Proud PCHF'er since 2004 Tech Member Elite Member

    Joined:
    Jan 1, 2004
    Posts:
    39,703
    Likes Received:
    5,037
    Local time:
    21:57
    My System
    Loading...

    NO! Don't connect that drive...wait for expert advice from the Sec Techs.
     
  8. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    05:57
    My System
    Loading...

    Thanks. I wont.. :)
     
  9. Hengis

    Hengis Proud PCHF'er since 2004 Tech Member Elite Member

    Joined:
    Jan 1, 2004
    Posts:
    39,703
    Likes Received:
    5,037
    Local time:
    21:57
    My System
    Loading...

    Our Sec Techs are based in the US, UK and Oz so someone will be with you soon...
     
  10. Crush

    Crush Active Member

    Joined:
    Sep 28, 2008
    Posts:
    4,634
    Likes Received:
    2
    Local time:
    16:57
    My System
    Loading...

    Hi kierenm,

    We can use that drive. We just have to outfit it with some armor first :D


    Please download Flash_Disinfector from HERE
    • First, download it to your desktop.
    • Now double click it to run it and will tell it you what to do when you open it.
    • It will temporarily kill explorer.exe and your desktop will go blank.
    • Let Flash_Disinfector do it's job and it will restart explorer.exe for you.
    • It will make a dummy autorun.inf in the root of every drive.
    • You can now delete Flash_Disinfector.exe.
    Then try following up with the Prework please
     
  11. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    05:57
    My System
    Loading...

    Thanks for your reply Crush.

    I have downloaded the Flash_Disinfector.exe and tried to run it but it wont seem to run. Upon double clicking the file the cursor indicates it's loading for a second and then nothing further happens.
     
  12. Crush

    Crush Active Member

    Joined:
    Sep 28, 2008
    Posts:
    4,634
    Likes Received:
    2
    Local time:
    16:57
    My System
    Loading...

    Is the drive plugged in to your clean machine and are you running it from that machine?
     
  13. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    05:57
    My System
    Loading...

    No, unfortunately it's plugged in on the infected machine...

    I have found a way around the issue of posting the Logs to the forum...I have finished collecting these in a txt doc on my good machine now and will post them shortly.

    (ps. To send the logs I ended up having to post small parts of them to the comments section of a Wordpress blog I have, and then went to my good machine and copied these snippets from my wordpress comment emails into a txt editor. Had to do small "comments" of the logs each time as large comments were getting the browser shut down also.)

    ...
     
  14. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    05:57
    My System
    Loading...

    ===================================
    OTL.txt
    ===================================

    OTL logfile created on: 2/21/2011 6:28:37 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\TomJ\Downloads\programs
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.79 Gb Total Space | 66.05 Gb Free Space | 59.09% Space Free | Partition Type: NTFS
    Drive D: | 232.88 Gb Total Space | 214.92 Gb Free Space | 92.29% Space Free | Partition Type: NTFS
    Drive F: | 232.83 Gb Total Space | 67.96 Gb Free Space | 29.19% Space Free | Partition Type: FAT32

    Computer Name: HOTCOREDUO | User Name: TomJ | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/21 18:20:08 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\TomJ\Downloads\programs\OTL.exe
    PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
    PRC - [2010/12/04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/03/22 09:17:22 | 000,191,080 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    PRC - [2010/03/22 09:17:20 | 000,133,736 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
    PRC - [2009/12/24 05:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    PRC - [2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 09:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
    PRC - [2009/07/14 09:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009/06/15 12:28:45 | 006,959,104 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
    PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2008/11/11 16:25:56 | 001,799,456 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
    PRC - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/02/21 18:20:08 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\TomJ\Downloads\programs\OTL.exe
    MOD - [2009/07/14 09:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/14 09:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/14 09:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/14 09:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/14 09:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/14 09:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/14 09:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
    MOD - [2009/07/14 09:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (WinHttpAutoProxySvc)
    SRV - File not found [Auto | Stopped] -- -- (NIHardwareService)
    SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
    SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
    SRV - [2010/09/28 18:23:31 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
    SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/05/01 01:54:55 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/22 09:17:22 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
    SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
    SRV - [2009/12/24 05:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
    SRV - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2009/07/14 09:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/14 09:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/14 09:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/14 09:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/14 09:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/14 09:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 09:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/14 09:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/14 09:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/14 09:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/14 09:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/14 09:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/14 09:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/14 09:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/14 09:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/14 09:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/14 09:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/14 09:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/12/21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
    DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2010/12/21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
    DRV - [2010/12/21 13:47:38 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
    DRV - [2010/12/21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
    DRV - [2010/07/22 12:45:37 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/07/06 18:30:24 | 003,132,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2010/06/08 07:57:00 | 010,888,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/02/24 07:06:30 | 000,562,464 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
    DRV - [2009/12/15 14:41:30 | 000,268,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
    DRV - [2009/12/11 15:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/10/09 14:00:44 | 000,003,328 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rminiv3.sys -- (mirrorv3)
    DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)
    DRV - [2009/08/23 05:06:38 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
    DRV - [2009/08/23 02:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
    DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
    DRV - [2009/07/14 09:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/14 09:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/14 09:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/14 09:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/14 09:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/14 09:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/14 09:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/14 09:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/14 09:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/14 09:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/14 09:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/14 09:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/14 09:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/14 09:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/14 09:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/14 09:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/14 09:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/14 09:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/14 09:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/14 09:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/14 09:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/14 09:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/14 09:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/14 09:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/14 09:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/14 09:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/14 09:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/14 09:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/14 09:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/14 09:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/14 09:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/14 09:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/14 09:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/14 09:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/14 09:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/14 09:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/14 08:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/14 08:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/14 08:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/14 07:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/14 07:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/14 07:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 07:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
    DRV - [2009/07/14 07:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/14 07:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/14 07:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/14 07:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/14 07:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/14 07:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/14 07:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/14 07:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/14 07:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/14 07:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/14 07:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/14 06:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/14 06:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/14 06:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/14 06:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/14 06:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/14 06:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/14 06:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2009/07/14 06:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/14 06:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/14 06:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009/06/02 17:35:08 | 000,368,128 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rt61.sys -- (RT61)
    DRV - [2009/05/12 06:47:54 | 000,154,664 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\mv61xx.sys -- (mv61xx)
    DRV - [2009/05/06 02:35:16 | 000,413,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\t3.sys -- (t3)
    DRV - [2009/03/15 18:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2008/11/25 17:18:24 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
    DRV - [2008/11/25 17:18:24 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "*****Removed for privacy*****"
    FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
    FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.72.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/21 11:36:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/21 11:36:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/02/21 14:41:53 | 000,000,000 | ---D | M]

    [2011/02/21 11:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomJ\AppData\Roaming\mozilla\Extensions
    [2011/02/21 12:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomJ\AppData\Roaming\mozilla\Firefox\Profiles\qs3aadfz.default\extensions
    [2011/02/21 12:36:55 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\TomJ\AppData\Roaming\mozilla\Firefox\Profiles\qs3aadfz.default\extensions\support@lastpass.com
    [2011/02/21 11:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/25 18:46:30 | 000,000,000 | ---D | M] (Download Accelerator Plus Integration) -- C:\PROGRAM FILES\DAP\DAPFIREFOX

    O1 HOSTS File: ([2010/07/26 16:20:34 | 000,000,940 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
    O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.exe (SpeedBit Ltd.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: CLTQMXS = C:\Windows\system32\gpscriptj.exe
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
    O8 - Extra context menu item: &amp:Download with &amp:DAP - C:\Program Files\DAP\dapextie.htm ()
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
    O13 - gopher Prefix: missing
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O27 - HKLM IFEO\NIHardwareService.exe: Debugger - rundll32.exe File not found
    O27 - HKLM IFEO\UpdateCenterService.exe: Debugger - rundll32.exe File not found
    O29 - HKLM SecurityProviders - (credssp.dll) - File not found
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/11/17 15:06:10 | 000,000,069 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{04a9eea4-d7ac-11df-a26a-00221583aaa0}\Shell - "" = AutoRun
    O33 - MountPoints2\{04a9eea4-d7ac-11df-a26a-00221583aaa0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{084f5fea-d4d8-11df-a35d-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{084f5fea-d4d8-11df-a35d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{084f601e-d4d8-11df-a35d-00c0ca19db56}\Shell - "" = AutoRun
    O33 - MountPoints2\{084f601e-d4d8-11df-a35d-00c0ca19db56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{1782dd69-d4d9-11df-a041-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{1782dd69-d4d9-11df-a041-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{1da7c495-d669-11df-91e7-00221583aaa0}\Shell - "" = AutoRun
    O33 - MountPoints2\{1da7c495-d669-11df-91e7-00221583aaa0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{1da7c4e8-d669-11df-91e7-00221583aaa0}\Shell - "" = AutoRun
    O33 - MountPoints2\{1da7c4e8-d669-11df-91e7-00221583aaa0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{1da7c4eb-d669-11df-91e7-00221583aaa0}\Shell - "" = AutoRun
    O33 - MountPoints2\{1da7c4eb-d669-11df-91e7-00221583aaa0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{3411110b-cf32-11df-8788-00c0ca19db56}\Shell - "" = AutoRun
    O33 - MountPoints2\{3411110b-cf32-11df-8788-00c0ca19db56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{34111110-cf32-11df-8788-00c0ca19db56}\Shell - "" = AutoRun
    O33 - MountPoints2\{34111110-cf32-11df-8788-00c0ca19db56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{50cb658a-d139-11df-8f30-00221583aaa0}\Shell - "" = AutoRun
    O33 - MountPoints2\{50cb658a-d139-11df-8f30-00221583aaa0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{b725878b-d53c-11df-96cc-00c0ca19db56}\Shell - "" = AutoRun
    O33 - MountPoints2\{b725878b-d53c-11df-96cc-00c0ca19db56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{b725879a-d53c-11df-96cc-00c0ca19db56}\Shell - "" = AutoRun
    O33 - MountPoints2\{b725879a-d53c-11df-96cc-00c0ca19db56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{e157920a-d26e-11df-a95d-00c0ca19db56}\Shell - "" = AutoRun
    O33 - MountPoints2\{e157920a-d26e-11df-a95d-00c0ca19db56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{e157920e-d26e-11df-a95d-00c0ca19db56}\Shell - "" = AutoRun
    O33 - MountPoints2\{e157920e-d26e-11df-a95d-00c0ca19db56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

    MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    MsConfig - StartUpReg: RGSC - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
    MsConfig - StartUpReg: SPIRunE - hkey= - key= - File not found
    MsConfig - StartUpReg: SSDMonitor - hkey= - key= - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    MsConfig - State: "startup" - 2

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: NTDS - File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vmms - Service
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {28F482CA-BADB-4145-2848-0721F8A40676} - Browser Customizations
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: aux - wdmaud.drv File not found
    Drivers32: aux1 - wdmaud.drv File not found
    Drivers32: midi - wdmaud.drv File not found
    Drivers32: midi1 - wdmaud.drv File not found
    Drivers32: midimapper - midimap.dll File not found
    Drivers32: mixer - wdmaud.drv File not found
    Drivers32: mixer1 - wdmaud.drv File not found
    Drivers32: msacm.imaadpcm - imaadp32.acm File not found
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - msadp32.acm File not found
    Drivers32: msacm.msg711 - msg711.acm File not found
    Drivers32: msacm.msgsm610 - msgsm32.acm File not found
    Drivers32: msacm.siren - sirenacm.dll File not found
    Drivers32: msacm.vorbis - vorbis.acm File not found
    Drivers32: vidc.cvid - iccvid.dll File not found
    Drivers32: VIDC.FPS1 - frapsvid.dll File not found
    Drivers32: vidc.i420 - iyuv_32.dll File not found
    Drivers32: vidc.iyuv - iyuv_32.dll File not found
    Drivers32: vidc.mrle - msrle32.dll File not found
    Drivers32: vidc.msvc - msvidc32.dll File not found
    Drivers32: vidc.uyvy - msyuv.dll File not found
    Drivers32: vidc.yuy2 - msyuv.dll File not found
    Drivers32: vidc.yvu9 - tsbyuv.dll File not found
    Drivers32: vidc.yvyu - msyuv.dll File not found
    Drivers32: wave - wdmaud.drv File not found
    Drivers32: wave1 - wdmaud.drv File not found
    Drivers32: wavemapper - msacm32.drv File not found


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/21 14:42:55 | 000,000,000 | ---D | C] -- C:\Users\TomJ\AppData\Roaming\ESET
    [2011/02/21 14:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    [2011/02/21 14:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/02/21 13:07:42 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z......Z...Z
    [2011/02/21 12:36:53 | 000,000,000 | ---D | C] -- C:\Users\TomJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
    [2011/02/21 12:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
    [2011/02/21 12:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\LastPass
    [2011/02/21 12:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZipGenius 6
    [2011/02/21 12:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\ZipGenius 6
    [2011/02/21 11:59:58 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06Z...Z.ZZZ....ZZZ
    [2011/02/21 11:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/02/21 11:55:29 | 000,000,000 | R--D | C] -- C:\Users\TomJ\Favorites
    [2011/02/21 11:36:31 | 000,000,000 | ---D | C] -- C:\Users\TomJ\AppData\Roaming\Mozilla
    [2011/02/21 11:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
    [2011/02/21 11:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/02/04 12:59:37 | 000,000,000 | ---D | C] -- C:\Users\TomJ\AppData\Roaming\WinBatch
    [2010/09/27 17:03:52 | 000,047,360 | R--- | C] (VSO Software) -- C:\Users\TomJ\AppData\Roaming\pcouffin.sys
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/02/21 18:15:55 | 000,022,400 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/02/21 18:15:55 | 000,022,400 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/02/21 14:45:52 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011/02/21 14:45:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/02/21 14:45:38 | 2415,173,632 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/21 12:36:56 | 000,001,168 | ---- | M] () -- C:\Users\TomJ\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
    [2011/02/21 12:36:53 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk
    [2011/02/21 11:55:42 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/02/21 11:40:33 | 000,001,049 | ---- | M] () -- C:\Users\TomJ\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/21 11:36:07 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/02/21 10:57:46 | 000,666,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/02/21 10:57:46 | 000,125,222 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/02/20 15:56:11 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
    [2011/02/20 15:56:10 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
    [2011/02/12 23:00:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At1.job
    [2011/02/10 15:38:38 | 000,315,686 | RHS- | M] () -- C:\LRMOQ
    [2011/02/10 15:38:38 | 000,000,020 | RHS- | M] () -- C:\win7.ld
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/02/21 14:42:51 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
    [2011/02/21 12:36:55 | 000,001,168 | ---- | C] () -- C:\Users\TomJ\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
    [2011/02/21 12:36:53 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk
    [2011/02/21 11:55:42 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/02/21 11:40:33 | 000,001,049 | ---- | C] () -- C:\Users\TomJ\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/21 11:36:07 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/02/21 11:07:53 | 000,368,901 | ---- | C] () -- C:\Users\TomJ\Desktop\PC Secret Formula.PDF
    [2011/02/10 15:38:38 | 000,315,686 | RHS- | C] () -- C:\LRMOQ
    [2011/02/10 15:38:38 | 000,000,020 | RHS- | C] () -- C:\win7.ld
    [2010/09/27 17:04:49 | 000,001,041 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\vso_ts_preview.xml
    [2010/09/27 17:04:31 | 000,000,034 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\pcouffin.log
    [2010/09/27 17:03:52 | 000,087,608 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\inst.exe
    [2010/09/27 17:03:52 | 000,007,887 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\pcouffin.cat
    [2010/09/27 17:03:52 | 000,001,144 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\pcouffin.inf
    [2010/07/10 19:03:52 | 000,010,609 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\PStrip.bk!
    [2010/07/09 18:43:13 | 000,010,432 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\PStrip.bko
    [2010/05/24 19:17:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010/05/23 07:57:40 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
    [2010/05/23 07:57:40 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
    [2010/05/23 07:57:39 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
    [2010/05/23 07:57:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
    [2010/05/11 16:49:26 | 000,000,011 | ---- | C] () -- C:\Windows\EuBcd.ini
    [2010/05/11 16:47:07 | 000,472,064 | ---- | C] () -- C:\Windows\System32\NTFSFormat.dll
    [2010/05/11 16:47:07 | 000,180,736 | ---- | C] () -- C:\Windows\System32\DeviceManager.dll
    [2010/05/11 16:47:07 | 000,139,776 | ---- | C] () -- C:\Windows\System32\NTFSCopy.dll
    [2010/05/11 16:47:07 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Partition.dll
    [2010/05/11 16:47:07 | 000,086,528 | ---- | C] () -- C:\Windows\System32\NTFSLib.dll
    [2010/05/11 16:47:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\ResizeNTFS.dll
    [2010/05/11 16:47:07 | 000,068,096 | ---- | C] () -- C:\Windows\System32\Device.dll
    [2010/05/11 16:47:07 | 000,065,536 | ---- | C] () -- C:\Windows\System32\FatCopy.dll
    [2010/05/11 16:47:07 | 000,061,952 | ---- | C] () -- C:\Windows\System32\FatResizeMove.dll
    [2010/05/11 16:47:07 | 000,045,568 | ---- | C] () -- C:\Windows\System32\FileSystemCheck.dll
    [2010/05/11 16:47:07 | 000,031,744 | ---- | C] () -- C:\Windows\System32\FatLib.dll
    [2010/05/11 16:47:07 | 000,025,088 | ---- | C] () -- C:\Windows\System32\FATFileSystemAnalyser.dll
    [2010/05/11 16:47:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\NTFSFileSystemAnalyser.dll
    [2010/05/11 16:47:07 | 000,022,016 | ---- | C] () -- C:\Windows\System32\FatFormat.dll
    [2010/05/11 16:47:07 | 000,021,504 | ---- | C] () -- C:\Windows\System32\Fixup.dll
    [2010/05/11 16:47:07 | 000,017,920 | ---- | C] () -- C:\Windows\System32\SectorCopy.dll
    [2010/05/11 16:47:07 | 000,014,848 | ---- | C] () -- C:\Windows\System32\FileSystemAnalyser.dll
    [2010/05/11 16:47:07 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
    [2010/05/11 16:47:07 | 000,010,752 | ---- | C] () -- C:\Windows\System32\DeviceAdapter.dll
    [2010/05/11 16:47:07 | 000,006,656 | ---- | C] () -- C:\Windows\System32\CallbackOperator.dll
    [2010/05/11 16:47:05 | 000,003,072 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
    [2010/05/11 16:47:04 | 000,009,728 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
    [2010/04/27 00:13:27 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2010/04/27 00:13:26 | 000,022,328 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\PnkBstrK.sys
    [2010/04/25 19:18:48 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
    [2010/04/25 18:51:18 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2010/04/25 12:19:17 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
    [2010/04/25 12:19:17 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
    [2010/04/25 12:19:14 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
    [2010/04/25 12:19:14 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
    [2010/04/25 12:19:14 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
    [2010/04/25 12:19:14 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
    [2010/04/25 12:19:14 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
    [2010/04/25 12:19:14 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
    [2010/04/25 12:19:14 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
    [2010/04/25 12:19:14 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
    [2010/04/25 12:19:14 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
    [2010/04/25 12:19:14 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
    [2010/04/25 12:19:14 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
    [2010/04/25 12:19:14 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
    [2010/04/25 12:19:14 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
    [2010/04/25 12:19:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
    [2010/04/25 12:19:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
    [2010/04/25 12:19:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
    [2010/04/25 12:19:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
    [2010/04/25 12:19:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
    [2010/04/25 12:19:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
    [2010/04/25 12:13:20 | 000,000,481 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2010/04/25 12:13:20 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
    [2010/04/25 06:40:58 | 000,010,586 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\PStrip.ini
    [2010/04/25 06:40:58 | 000,010,586 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\PStrip.bak
    [2009/12/15 14:41:30 | 000,268,912 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
    [2009/08/26 05:29:28 | 000,150,016 | ---- | C] () -- C:\Windows\System32\OemSpiE.dll
    [2009/07/15 08:22:48 | 000,032,914 | ---- | C] () -- C:\Windows\System32\t3.ini
    [2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2008/10/07 07:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
    [2001/08/29 14:11:40 | 000,398,848 | R--- | C] () -- C:\Windows\System32\DK2WIN32.DLL
    [1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

    ========== LOP Check ==========

    [2010/07/26 04:10:25 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\AstoundStereoExpander
    [2010/07/26 05:06:29 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Command & Conquer 3 Tiberium Wars Demo
    [2010/04/25 19:24:21 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\DAEMON Tools Lite
    [2010/05/23 07:57:07 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\DataCast
    [2010/09/28 14:28:41 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\DC++
    [2011/02/21 14:42:55 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\ESET
    [2010/07/26 17:55:02 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\GetRightToGo
    [2010/04/25 07:44:30 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\IObit
    [2010/10/09 12:41:13 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Nokia
    [2010/10/09 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\PC Suite
    [2010/05/16 21:32:35 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Publish Providers
    [2010/07/26 13:26:23 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Red Alert 3 Demo
    [2010/04/25 08:37:58 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Registry Mechanic
    [2010/05/16 21:32:37 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Sony
    [2010/04/25 06:51:36 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Trillian
    [2010/09/28 17:35:17 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Vso
    [2011/02/04 12:59:37 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\WinBatch
    [2011/02/12 23:00:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At1.job
    [2011/02/20 15:18:08 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    ========== Custom Scans ==========


    < %systemroot%\Fonts\*.com >
    [2009/07/14 12:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 12:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 12:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 12:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/11 05:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/14 09:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2009/07/14 09:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 12:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/04/25 06:03:56 | 000,000,221 | -HS- | M] () -- C:\Users\TomJ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/11 05:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/07/26 19:43:04 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/07/26 19:43:04 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/07/18 22:50:19 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/07/18 22:50:19 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/07/26 19:43:04 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\*.exe >
    [2010/12/04 03:35:07 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
    [2010/12/04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    [2010/12/04 03:35:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    [2010/12/04 03:35:08 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/02/21 11:55:29 | 000,000,402 | -HS- | M] () -- C:\Users\TomJ\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2009/07/14 09:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll
    [2009/07/14 09:16:19 | 000,507,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\wmdrmdev.dll

    < %systemroot%\system32\*.exe /lockedfiles >
    [2010/02/27 20:07:48 | 003,954,568 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntkrnlpa.exe

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >
    [2010/07/22 12:45:37 | 000,697,328 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

    < %systemroot%\System32\config\*.sav >

    < %systemroot%\system32\*.sys >
    [2009/07/14 05:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
    [2009/07/14 09:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
    [2009/07/14 05:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
    [2008/11/25 17:18:24 | 000,009,728 | ---- | M] () -- C:\Windows\System32\epmntdrv.sys
    [2008/11/25 17:18:24 | 000,003,072 | ---- | M] () -- C:\Windows\System32\EuGdiDrv.sys
    [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () -- C:\Windows\System32\giveio.sys
    [2009/07/14 05:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
    [2009/07/14 05:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
    [2009/07/14 05:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
    [2009/07/14 05:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
    [2009/07/14 05:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
    [2009/07/14 05:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
    [2009/07/14 05:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
    [2009/07/14 05:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
    [2009/07/14 05:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
    [2009/07/14 05:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
    [2009/07/14 05:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
    [2009/07/14 05:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
    [2009/07/14 05:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
    [2005/08/03 16:05:02 | 000,035,892 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\SER9PL.sys
    [2006/09/24 21:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\speedfan.sys
    [2009/07/14 07:26:52 | 002,326,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

    < %systemroot%\system32\drivers\*.dll >

    < %systemroot%\system32\drivers\*.ini >

    < %systemroot%\system32\drivers\*.exe >

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2009/07/14 09:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2009/07/14 09:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %SYSTEMDRIVE%\*.* >
    [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/07/14 09:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/04/25 19:56:26 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/10/09 08:01:00 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
    [2010/07/03 16:36:16 | 000,000,049 | ---- | M] () -- C:\calc.bat
    [2009/06/11 05:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/07/02 18:37:26 | 000,000,256 | ---- | M] () -- C:\dk2.mem
    [2010/04/13 18:34:11 | 000,000,119 | ---- | M] () -- C:\download.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2010/10/09 08:00:58 | 000,383,592 | RHS- | M] () -- C:\gdrop
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/02/21 14:45:38 | 2415,173,632 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2010/04/25 18:43:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/01/13 03:32:32 | 000,901,137 | ---- | M] () -- C:\libcurl-4.dll
    [2011/02/10 15:38:38 | 000,315,686 | RHS- | M] () -- C:\LRMOQ
    [2010/05/23 11:23:20 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2010/04/25 18:43:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/02/21 14:45:40 | 3220,234,240 | -HS- | M] () -- C:\pagefile.sys
    [2010/04/21 00:48:24 | 000,000,306 | ---- | M] () -- C:\Radi-radi.wsf
    [2010/07/03 16:36:16 | 000,000,000 | ---- | M] () -- C:\return
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2011/02/10 15:38:38 | 000,000,020 | RHS- | M] () -- C:\win7.ld
    [2008/09/25 00:12:22 | 000,075,264 | ---- | M] (Zlib) -- C:\zlib1.dll

    < %PROGRAMFILES%\*. >
    [2011/02/21 09:33:26 | 000,000,000 | ---D | M] -- C:\Program Files\3 Mobile Broadband
    [2010/07/26 16:12:53 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
    [2010/04/25 11:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2010/07/22 17:39:23 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
    [2010/07/22 12:56:15 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
    [2010/07/21 13:35:46 | 000,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
    [2011/02/21 09:23:50 | 000,000,000 | ---D | M] -- C:\Program Files\Battlefield Bad Company 2
    [2011/02/21 11:55:42 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
    [2010/05/01 23:23:47 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
    [2011/02/21 09:50:54 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2010/09/27 17:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\ConvertX
    [2010/04/25 18:51:20 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
    [2010/04/25 18:49:11 | 000,000,000 | ---D | M] -- C:\Program Files\DAP
    [2010/04/25 05:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\DC++
    [2010/10/09 11:17:22 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
    [2009/07/14 15:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
    [2010/04/25 06:02:40 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
    [2010/05/11 16:47:04 | 000,000,000 | ---D | M] -- C:\Program Files\EASEUS Partition Manager 3.0 Home Edition
    [2010/07/26 16:28:05 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
    [2010/05/09 17:21:03 | 000,000,000 | ---D | M] -- C:\Program Files\Emule XDP
    [2011/02/21 14:41:52 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
    [2011/02/12 14:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\Fallout 3
    [2010/05/29 18:41:55 | 000,000,000 | ---D | M] -- C:\Program Files\File Scavenger 3.2
    [2010/04/25 19:03:50 | 000,000,000 | ---D | M] -- C:\Program Files\FlashFXP
    [2011/02/21 10:08:43 | 000,000,000 | ---D | M] -- C:\Program Files\Fraps
    [2011/02/21 10:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line
    [2011/02/21 09:28:48 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2010/07/18 23:21:11 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
    [2010/07/22 20:28:43 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2010/07/12 13:55:45 | 000,000,000 | ---D | M] -- C:\Program Files\Just Cause 2
    [2011/02/21 12:36:55 | 000,000,000 | ---D | M] -- C:\Program Files\LastPass
    [2010/04/25 06:03:30 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
    [2011/02/21 11:27:39 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/05/23 07:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\MarkAny
    [2010/07/18 22:47:51 | 000,000,000 | ---D | M] -- C:\Program Files\Marvell
    [2010/04/30 08:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
    [2009/07/14 15:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
    [2011/02/21 10:12:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
    [2010/05/31 19:05:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2010/04/30 13:06:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
    [2010/05/24 14:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2010/04/26 20:37:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
    [2010/07/02 14:25:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
    [2010/07/22 20:17:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
    [2010/07/25 23:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\Modern Warfare 2
    [2011/02/21 11:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2010/05/24 14:48:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2011/02/21 09:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\Native Instruments
    [2010/04/25 19:17:06 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
    [2010/07/25 19:32:20 | 000,000,000 | ---D | M] -- C:\Program Files\nLite
    [2011/02/21 14:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\NOD32 Antivirus
    [2011/02/21 09:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
    [2011/02/11 08:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
    [2010/07/26 17:59:08 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA nTune Performance Application
    [2010/09/27 15:30:37 | 000,000,000 | ---D | M] -- C:\Program Files\OJOsoft
    [2010/07/21 13:29:35 | 000,000,000 | ---D | M] -- C:\Program Files\Outsim
    [2010/10/09 11:17:19 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
    [2010/10/09 10:18:02 | 000,000,000 | ---D | M] -- C:\Program Files\Perfect Uninstaller
    [2010/04/25 18:42:42 | 000,000,000 | ---D | M] -- C:\Program Files\PowerISO
    [2010/04/25 06:46:12 | 000,000,000 | ---D | M] -- C:\Program Files\Ralink
    [2010/07/26 04:58:04 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
    [2009/07/14 12:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2010/07/01 12:39:41 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
    [2010/07/10 21:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    [2010/06/02 21:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\Rockstar Games
    [2010/04/28 06:57:11 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
    [2010/05/23 07:57:07 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
    [2011/02/21 09:29:41 | 000,000,000 | ---D | M] -- C:\Program Files\seba14mods
    [2010/04/25 19:11:51 | 000,000,000 | ---D | M] -- C:\Program Files\SoulseekNS
    [2011/02/21 09:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\Sound Forge Pro 10.0
    [2010/04/25 06:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search &amp; Destroy
    [2010/09/27 15:30:42 | 000,000,000 | ---D | M] -- C:\Program Files\Total Video Converter
    [2010/12/11 13:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\Trillian
    [2010/07/23 14:40:01 | 000,000,000 | ---D | M] -- C:\Program Files\Valve
    [2010/08/03 18:09:55 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
    [2010/10/04 17:17:58 | 000,000,000 | ---D | M] -- C:\Program Files\VIRGIN BROADBAND
    [2010/04/25 06:03:10 | 000,000,000 | ---D | M] -- C:\Program Files\VLC
    [2010/09/27 17:03:35 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
    [2011/02/21 10:05:39 | 000,000,000 | ---D | M] -- C:\Program Files\VstPlugins
    [2010/07/26 20:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows 7 Manager
    [2009/07/14 12:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
    [2009/07/14 15:50:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
    [2011/02/21 10:10:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
    [2010/05/23 07:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
    [2010/02/10 13:48:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2009/07/14 12:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2009/07/14 12:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
    [2009/07/14 12:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
    [2009/07/14 12:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
    [2010/07/26 20:37:33 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
    [2011/02/21 12:17:11 | 000,000,000 | ---D | M] -- C:\Program Files\ZipGenius 6

    < %appdata%\*.* >
    [2010/09/27 17:03:52 | 000,087,608 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\inst.exe
    [2010/09/27 17:03:52 | 000,007,887 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\pcouffin.cat
    [2010/09/27 17:03:52 | 000,001,144 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\pcouffin.inf
    [2010/09/27 17:04:31 | 000,000,034 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\pcouffin.log
    [2010/09/27 17:03:52 | 000,047,360 | R--- | M] (VSO Software) -- C:\Users\TomJ\AppData\Roaming\pcouffin.sys
    [2010/04/30 15:01:52 | 000,022,328 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\PnkBstrK.sys
    [2010/07/25 19:33:00 | 000,010,586 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\PStrip.bak
    [2010/07/22 19:11:06 | 000,010,609 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\PStrip.bk!
    [2010/07/10 19:24:43 | 000,010,432 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\PStrip.bko
    [2010/07/25 19:33:00 | 000,010,586 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\PStrip.ini
    [2010/09/28 17:35:16 | 000,001,041 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\vso_ts_preview.xml


    < MD5 for: AGP440.SYS >
    [2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
    [2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
    [2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
    [2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
    [2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
    [2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

    < MD5 for: DISK.SYS >
    [2009/07/14 09:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
    [2009/07/14 09:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
    [2009/07/14 09:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

    < MD5 for: IASTORV.SYS >
    [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
    [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
    [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

    < MD5 for: MV61XX.SYS >
    [2009/05/12 06:47:54 | 000,154,664 | ---- | M] (Marvell Semiconductor, Inc.) MD5=AA8CB9E508E9F193177D977859CC735C -- C:\Program Files\Marvell\61xx\driver\mv61xx.sys
    [2009/05/12 06:47:54 | 000,154,664 | ---- | M] (Marvell Semiconductor, Inc.) MD5=AA8CB9E508E9F193177D977859CC735C -- C:\Windows\System32\drivers\mv61xx.sys
    [2009/05/12 06:47:54 | 000,154,664 | ---- | M] (Marvell Semiconductor, Inc.) MD5=AA8CB9E508E9F193177D977859CC735C -- C:\Windows\System32\DriverStore\FileRepository\mv61xx.inf_x86_neutral_ec11ce6291065a36\mv61xx.sys

    < MD5 for: NETLOGON.DLL >
    [2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
    [2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
    [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
    [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
    [2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

    < MD5 for: USBSTOR.SYS >
    [2009/07/14 07:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 — C:\Windows\System32\drivers\USBSTOR.SYS
    [2009/07/14 07:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 — C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_83027f5d5b2468d3\USBSTOR.SYS
    [2009/07/14 07:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 — C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_485ca4d9f926b0b4\USBSTOR.SYS

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-09 02:58:36

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 448 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z......Z...Z:1
    @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A9662AE0
    @Alternate Data Stream - 1068 bytes -> C:\ProgramData\TEMP:CFAFAA98

    < End of report >
     
  15. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    05:57
    My System
    Loading...

    ====================================
    Extras.txt
    ====================================


    OTL Extras logfile created on: 2/21/2011 6:28:37 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\TomJ\Downloads\programs
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.79 Gb Total Space | 66.05 Gb Free Space | 59.09% Space Free | Partition Type: NTFS
    Drive D: | 232.88 Gb Total Space | 214.92 Gb Free Space | 92.29% Space Free | Partition Type: NTFS
    Drive F: | 232.83 Gb Total Space | 67.96 Gb Free Space | 29.19% Space Free | Partition Type: FAT32

    Computer Name: HOTCOREDUO | User Name: TomJ | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .reg [@ = regfile] -- regedit.exe "%1"

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [open] -- regedit.exe "%1"
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V"
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
    "{13DE3939-422A-44D5-BD52-B85EF48DBDAB}" = Windows 7 Manager
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
    "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
    "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
    "{38D80A4C-D893-4985-BA3F-0B1D9E848CED}" = ESET Smart Security
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
    "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
    "{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8dc091d9-d759-45f9-bfc4-574633b784ad}" = Nero 9 Trial
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
    "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
    "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
    "{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
    "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
    "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
    "{D0A858BE-A665-4C0D-BC5F-C37E534B7669}" = PC Connectivity Solution
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
    "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
    "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink RT7x Wireless LAN Card
    "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6.3
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop CS4_is1" = Adobe Photoshop CS4
    "ASIO4ALL" = ASIO4ALL
    "CCleaner" = CCleaner
    "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
    "EASEUS Partition Manager Home Edition_is1" = EASEUS Partition Manager 3.0 Home Edition
    "InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "mv61xxDriver" = marvell 61xx
    "NoteTab Light 6_is1" = NoteTab Light 6 (Remove only)
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "OJOsoft Total Video Converter2.5.1.1121" = OJOsoft Total Video Converter
    "Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8
    "PowerISO" = PowerISO
    "Registry Mechanic_is1" = Registry Mechanic 9.0
    "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    "Soulseek2" = SoulSeek 157 NS 13e
    "V3.2_is1" = File Scavenger 3.2
    "Video Player1.0" = Video Player
    "VIRGIN BROADBAND" = VIRGIN BROADBAND
    "VLC media player" = VLC media player 0.9.9
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "LastPass" = LastPass (uninstall only)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/11/2011 12:15:47 AM | Computer Name = HotcoreDuo | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
    stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
    id: 0x40c Faulting application start time: 0x01cbc8f5d9a3ebd5 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 99a82305-3595-11e0-9a15-00221583aaa0

    Error - 2/11/2011 1:21:47 AM | Computer Name = HotcoreDuo | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
    stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
    id: 0x174c Faulting application start time: 0x01cbc9a26dc4b607 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: d1f4f7b9-359e-11e0-9a15-00221583aaa0

    Error - 2/11/2011 12:30:57 PM | Computer Name = HotcoreDuo | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
    PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/11/2011 12:32:01 PM | Computer Name = HotcoreDuo | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files\microsoft\search
    enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
    file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
    on line 2. Invalid Xml syntax.

    Error - 2/12/2011 12:30:57 PM | Computer Name = HotcoreDuo | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
    PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/12/2011 12:31:59 PM | Computer Name = HotcoreDuo | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files\microsoft\search
    enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
    file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
    on line 2. Invalid Xml syntax.

    Error - 2/18/2011 3:51:07 AM | Computer Name = HotcoreDuo | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
    PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/18/2011 3:52:06 AM | Computer Name = HotcoreDuo | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files\microsoft\search
    enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
    file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
    on line 2. Invalid Xml syntax.

    Error - 2/20/2011 3:05:14 AM | Computer Name = HotcoreDuo | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
    stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
    id: 0x410 Faulting application start time: 0x01cbd0ca7245e079 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: c388af7e-3cbf-11e0-9807-00221583aaa0

    Error - 2/20/2011 3:18:08 AM | Computer Name = HotcoreDuo | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
    stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
    id: 0xef0 Faulting application start time: 0x01cbd0cca9e1b783 Faulting application
    path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 90b42874-3cc1-11e0-9807-00221583aaa0

    [ Media Center Events ]
    Error - 8/2/2010 1:38:17 PM | Computer Name = HotcoreDuo | Source = MCUpdate | ID = 0
    Description = 1:36:42 AM - Failed to retrieve MCEClientUX (Error: The underlying
    connection was closed: An unexpected error occurred on a receive.)

    Error - 9/27/2010 12:26:36 AM | Computer Name = HotcoreDuo | Source = MCUpdate | ID = 0
    Description = 12:26:30 PM - Error connecting to the internet. 12:26:30 PM - Unable
    to contact server..

    [ System Events ]
    Error - 1/27/2011 2:44:09 AM | Computer Name = HotcoreDuo | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%-2140993535

    Error - 1/29/2011 1:29:48 AM | Computer Name = HotcoreDuo | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the NIHardwareService
    service to connect.

    Error - 1/29/2011 1:29:48 AM | Computer Name = HotcoreDuo | Source = Service Control Manager | ID = 7000
    Description = The NIHardwareService service failed to start due to the following
    error: %%1053

    Error - 1/29/2011 1:29:52 AM | Computer Name = HotcoreDuo | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Update
    Center Service service to connect.

    Error - 1/29/2011 1:30:17 AM | Computer Name = HotcoreDuo | Source = PNRPSvc | ID = 102
    Description =

    Error - 1/29/2011 1:30:17 AM | Computer Name = HotcoreDuo | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%-2140993535

    Error - 1/29/2011 1:30:17 AM | Computer Name = HotcoreDuo | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%-2140993535

    Error - 1/29/2011 1:30:27 AM | Computer Name = HotcoreDuo | Source = PNRPSvc | ID = 102
    Description =

    Error - 1/29/2011 1:30:27 AM | Computer Name = HotcoreDuo | Source = PNRPSvc | ID = 102
    Description =

    Error - 1/29/2011 1:30:27 AM | Computer Name = HotcoreDuo | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%-2140993535


    < End of report >
     
Similar Threads
Forum Title Date
System Security "Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean" Nov 4, 2012
System Security Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean Aug 3, 2012
System Security System is infected with Win32/olmarik.tdl4 Trojan Aug 2, 2012
System Security Win32/Olmarik.TDL4 Trojan. Help plz D: Jul 24, 2012

Thread Status:
Not open for further replies.