Win32/Olmarik trojan Issue

Solved
Thread Status:
Not open for further replies.
  1. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    11:09
    My System
    Loading...

    Hi Guys,

    I've just bought a second hand PC from a person and have just used my new subscription with ESET to scan the computer for malware. It's come up with a threat existing called Win32/Olmarik trojan and is not able to clean it.

    I've also used the latest version of Malwarebytes Anti-Malware to do a quick scan but this comes back with no malicious files found.

    I've started having problems with using browsers on the infected PC to access sites, including this one...but am using a second laptop to get online.

    I've ran through the prework list and will provide the log data in subsequent posts below now also.

    I appreciate any help you can give me guys.

    Thanks,
    Kieren
  2. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    11:09
    My System
    Loading...

    ..I'm having problems being able to post the log data to this forum as the browser shuts down and has issues every time due to the trojan interfering.. :( any ideas on how I can possibly get around this?
  3. Hengis

    Hengis Proud PCHF'er since 2004 Tech Member Elite Member

    Joined:
    Jan 1, 2004
    Posts:
    41,340
    Likes Received:
    5,660
    Location:
    Southern UK
    Local time:
    03:09
    My System
    Loading...

  4. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    11:09
    My System
    Loading...

    Thanks for your reply. I'm sorry I didn't make my log posting issue very clear...the problem I'm having with uploading is actually being able to use any browser (on the infected pc) to do any uploading/emailing/etc. of the logs.

    Same goes for logging in to this forum- it crashes the browser as soon as I try to login. I'm replying here using my other computer instead.

    I've tried a number of things to no avail...the browsers on the system work, but keep getting shut down or disconnected whenever I try to login to any email accounts or post the log data anywhere else it seems.
  5. Hengis

    Hengis Proud PCHF'er since 2004 Tech Member Elite Member

    Joined:
    Jan 1, 2004
    Posts:
    41,340
    Likes Received:
    5,660
    Location:
    Southern UK
    Local time:
    03:09
    My System
    Loading...

    Eeeekk...

    Ok, hold tight and wait for one of the Security Team, they may have some work-arounds for you...
  6. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    11:09
    My System
    Loading...

    That was my reaction too! Eeek! ..I've tried setting up hotmail and gmail accounts so I can send it to my other email account, but each time I try to click send it now says "the connection to the server was reset while the page was loading" ..when I know it shouldn't be.

    Ok, thanks for your attention.

    ps. I do have an external HD attached to the infected pc atm, but am not confident as to whether to try to use it to transfer the logs file between computers... if I use that, I figure it may likely transfer the trojan to my good pc too.
  7. Hengis

    Hengis Proud PCHF'er since 2004 Tech Member Elite Member

    Joined:
    Jan 1, 2004
    Posts:
    41,340
    Likes Received:
    5,660
    Location:
    Southern UK
    Local time:
    03:09
    My System
    Loading...

    NO! Don't connect that drive...wait for expert advice from the Sec Techs.
  8. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    11:09
    My System
    Loading...

    Thanks. I wont.. :)
  9. Hengis

    Hengis Proud PCHF'er since 2004 Tech Member Elite Member

    Joined:
    Jan 1, 2004
    Posts:
    41,340
    Likes Received:
    5,660
    Location:
    Southern UK
    Local time:
    03:09
    My System
    Loading...

    Our Sec Techs are based in the US, UK and Oz so someone will be with you soon...
  10. Crush

    Crush Tech Member Tech Member Elite Member mvp

    Joined:
    Sep 28, 2008
    Posts:
    42,178
    Likes Received:
    4,382
    Location:
    New Jersey
    Local time:
    22:09
    My System
    Loading...

    Hi kierenm,

    We can use that drive. We just have to outfit it with some armor first :D


    Please download Flash_Disinfector from HERE
    • First, download it to your desktop.
    • Now double click it to run it and will tell it you what to do when you open it.
    • It will temporarily kill explorer.exe and your desktop will go blank.
    • Let Flash_Disinfector do it's job and it will restart explorer.exe for you.
    • It will make a dummy autorun.inf in the root of every drive.
    • You can now delete Flash_Disinfector.exe.
    Then try following up with the Prework please
  11. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    11:09
    My System
    Loading...

    Thanks for your reply Crush.

    I have downloaded the Flash_Disinfector.exe and tried to run it but it wont seem to run. Upon double clicking the file the cursor indicates it's loading for a second and then nothing further happens.
  12. Crush

    Crush Tech Member Tech Member Elite Member mvp

    Joined:
    Sep 28, 2008
    Posts:
    42,178
    Likes Received:
    4,382
    Location:
    New Jersey
    Local time:
    22:09
    My System
    Loading...

    Is the drive plugged in to your clean machine and are you running it from that machine?
  13. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    11:09
    My System
    Loading...

    No, unfortunately it's plugged in on the infected machine...

    I have found a way around the issue of posting the Logs to the forum...I have finished collecting these in a txt doc on my good machine now and will post them shortly.

    (ps. To send the logs I ended up having to post small parts of them to the comments section of a Wordpress blog I have, and then went to my good machine and copied these snippets from my wordpress comment emails into a txt editor. Had to do small "comments" of the logs each time as large comments were getting the browser shut down also.)

    ...
  14. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    11:09
    My System
    Loading...

    ===================================
    OTL.txt
    ===================================

    OTL logfile created on: 2/21/2011 6:28:37 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\TomJ\Downloads\programs
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.79 Gb Total Space | 66.05 Gb Free Space | 59.09% Space Free | Partition Type: NTFS
    Drive D: | 232.88 Gb Total Space | 214.92 Gb Free Space | 92.29% Space Free | Partition Type: NTFS
    Drive F: | 232.83 Gb Total Space | 67.96 Gb Free Space | 29.19% Space Free | Partition Type: FAT32

    Computer Name: HOTCOREDUO | User Name: TomJ | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/21 18:20:08 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\TomJ\Downloads\programs\OTL.exe
    PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
    PRC - [2010/12/04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/03/22 09:17:22 | 000,191,080 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    PRC - [2010/03/22 09:17:20 | 000,133,736 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
    PRC - [2009/12/24 05:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    PRC - [2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 09:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
    PRC - [2009/07/14 09:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009/06/15 12:28:45 | 006,959,104 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
    PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2008/11/11 16:25:56 | 001,799,456 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
    PRC - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/02/21 18:20:08 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\TomJ\Downloads\programs\OTL.exe
    MOD - [2009/07/14 09:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/14 09:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/14 09:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/14 09:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/14 09:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/14 09:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/14 09:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
    MOD - [2009/07/14 09:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (WinHttpAutoProxySvc)
    SRV - File not found [Auto | Stopped] -- -- (NIHardwareService)
    SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
    SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
    SRV - [2010/09/28 18:23:31 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
    SRV - [2010/06/14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/05/01 01:54:55 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/22 09:17:22 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
    SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
    SRV - [2009/12/24 05:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2009/11/06 13:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
    SRV - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
    SRV - [2009/07/14 09:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/14 09:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/14 09:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/14 09:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/14 09:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/14 09:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 09:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/14 09:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/14 09:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/14 09:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/14 09:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/14 09:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/14 09:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/14 09:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/14 09:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/14 09:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/14 09:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/14 09:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/12/21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
    DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2010/12/21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
    DRV - [2010/12/21 13:47:38 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
    DRV - [2010/12/21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
    DRV - [2010/07/22 12:45:37 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/07/06 18:30:24 | 003,132,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2010/06/08 07:57:00 | 010,888,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/02/24 07:06:30 | 000,562,464 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
    DRV - [2009/12/15 14:41:30 | 000,268,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
    DRV - [2009/12/11 15:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/10/09 14:00:44 | 000,003,328 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rminiv3.sys -- (mirrorv3)
    DRV - [2009/09/15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)
    DRV - [2009/08/23 05:06:38 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
    DRV - [2009/08/23 02:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
    DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
    DRV - [2009/07/14 09:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/14 09:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/14 09:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/14 09:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/14 09:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/14 09:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/14 09:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/14 09:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/14 09:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/14 09:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/14 09:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/14 09:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/14 09:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/14 09:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/14 09:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/14 09:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/14 09:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/14 09:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/14 09:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/14 09:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/14 09:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/14 09:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/14 09:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/14 09:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/14 09:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/14 09:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/14 09:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/14 09:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/14 09:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/14 09:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/14 09:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/14 09:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/14 09:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/14 09:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/14 09:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/14 09:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/14 08:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/14 08:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/14 08:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/14 07:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/14 07:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/14 07:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 07:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
    DRV - [2009/07/14 07:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/14 07:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/14 07:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/14 07:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/14 07:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/14 07:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/14 07:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/14 07:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/14 07:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/14 07:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/14 07:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/14 06:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/14 06:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/14 06:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/14 06:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/14 06:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/14 06:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/14 06:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2009/07/14 06:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/14 06:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/14 06:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009/06/02 17:35:08 | 000,368,128 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rt61.sys -- (RT61)
    DRV - [2009/05/12 06:47:54 | 000,154,664 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\mv61xx.sys -- (mv61xx)
    DRV - [2009/05/06 02:35:16 | 000,413,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\t3.sys -- (t3)
    DRV - [2009/03/15 18:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2008/11/25 17:18:24 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
    DRV - [2008/11/25 17:18:24 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "*****Removed for privacy*****"
    FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
    FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.72.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/21 11:36:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/21 11:36:05 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/02/21 14:41:53 | 000,000,000 | ---D | M]

    [2011/02/21 11:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomJ\AppData\Roaming\mozilla\Extensions
    [2011/02/21 12:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TomJ\AppData\Roaming\mozilla\Firefox\Profiles\qs3aadfz.default\extensions
    [2011/02/21 12:36:55 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\TomJ\AppData\Roaming\mozilla\Firefox\Profiles\qs3aadfz.default\extensions\support@lastpass.com
    [2011/02/21 11:36:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/25 18:46:30 | 000,000,000 | ---D | M] (Download Accelerator Plus Integration) -- C:\PROGRAM FILES\DAP\DAPFIREFOX

    O1 HOSTS File: ([2010/07/26 16:20:34 | 000,000,940 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
    O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.exe (SpeedBit Ltd.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: CLTQMXS = C:\Windows\system32\gpscriptj.exe
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
    O8 - Extra context menu item: &amp:Download with &amp:DAP - C:\Program Files\DAP\dapextie.htm ()
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
    O13 - gopher Prefix: missing
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O27 - HKLM IFEO\NIHardwareService.exe: Debugger - rundll32.exe File not found
    O27 - HKLM IFEO\UpdateCenterService.exe: Debugger - rundll32.exe File not found
    O29 - HKLM SecurityProviders - (credssp.dll) - File not found
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/11/17 15:06:10 | 000,000,069 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{04a9eea4-d7ac-11df-a26a-00221583aaa0}\Shell - "" = AutoRun
    O33 - MountPoints2\{04a9eea4-d7ac-11df-a26a-00221583aaa0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{084f5fea-d4d8-11df-a35d-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{084f5fea-d4d8-11df-a35d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{084f601e-d4d8-11df-a35d-00c0ca19db56}\Shell - "" = AutoRun
    O33 - MountPoints2\{084f601e-d4d8-11df-a35d-00c0ca19db56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{1782dd69-d4d9-11df-a041-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{1782dd69-d4d9-11df-a041-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{1da7c495-d669-11df-91e7-00221583aaa0}\Shell - "" = AutoRun
    O33 - MountPoints2\{1da7c495-d669-11df-91e7-00221583aaa0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{1da7c4e8-d669-11df-91e7-00221583aaa0}\Shell - "" = AutoRun
    O33 - MountPoints2\{1da7c4e8-d669-11df-91e7-00221583aaa0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{1da7c4eb-d669-11df-91e7-00221583aaa0}\Shell - "" = AutoRun
    O33 - MountPoints2\{1da7c4eb-d669-11df-91e7-00221583aaa0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{3411110b-cf32-11df-8788-00c0ca19db56}\Shell - "" = AutoRun
    O33 - MountPoints2\{3411110b-cf32-11df-8788-00c0ca19db56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{34111110-cf32-11df-8788-00c0ca19db56}\Shell - "" = AutoRun
    O33 - MountPoints2\{34111110-cf32-11df-8788-00c0ca19db56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{50cb658a-d139-11df-8f30-00221583aaa0}\Shell - "" = AutoRun
    O33 - MountPoints2\{50cb658a-d139-11df-8f30-00221583aaa0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{b725878b-d53c-11df-96cc-00c0ca19db56}\Shell - "" = AutoRun
    O33 - MountPoints2\{b725878b-d53c-11df-96cc-00c0ca19db56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{b725879a-d53c-11df-96cc-00c0ca19db56}\Shell - "" = AutoRun
    O33 - MountPoints2\{b725879a-d53c-11df-96cc-00c0ca19db56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{e157920a-d26e-11df-a95d-00c0ca19db56}\Shell - "" = AutoRun
    O33 - MountPoints2\{e157920a-d26e-11df-a95d-00c0ca19db56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{e157920e-d26e-11df-a95d-00c0ca19db56}\Shell - "" = AutoRun
    O33 - MountPoints2\{e157920e-d26e-11df-a95d-00c0ca19db56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

    MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    MsConfig - StartUpReg: RGSC - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
    MsConfig - StartUpReg: SPIRunE - hkey= - key= - File not found
    MsConfig - StartUpReg: SSDMonitor - hkey= - key= - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    MsConfig - State: "startup" - 2

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: NTDS - File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vmms - Service
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {28F482CA-BADB-4145-2848-0721F8A40676} - Browser Customizations
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: aux - wdmaud.drv File not found
    Drivers32: aux1 - wdmaud.drv File not found
    Drivers32: midi - wdmaud.drv File not found
    Drivers32: midi1 - wdmaud.drv File not found
    Drivers32: midimapper - midimap.dll File not found
    Drivers32: mixer - wdmaud.drv File not found
    Drivers32: mixer1 - wdmaud.drv File not found
    Drivers32: msacm.imaadpcm - imaadp32.acm File not found
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - msadp32.acm File not found
    Drivers32: msacm.msg711 - msg711.acm File not found
    Drivers32: msacm.msgsm610 - msgsm32.acm File not found
    Drivers32: msacm.siren - sirenacm.dll File not found
    Drivers32: msacm.vorbis - vorbis.acm File not found
    Drivers32: vidc.cvid - iccvid.dll File not found
    Drivers32: VIDC.FPS1 - frapsvid.dll File not found
    Drivers32: vidc.i420 - iyuv_32.dll File not found
    Drivers32: vidc.iyuv - iyuv_32.dll File not found
    Drivers32: vidc.mrle - msrle32.dll File not found
    Drivers32: vidc.msvc - msvidc32.dll File not found
    Drivers32: vidc.uyvy - msyuv.dll File not found
    Drivers32: vidc.yuy2 - msyuv.dll File not found
    Drivers32: vidc.yvu9 - tsbyuv.dll File not found
    Drivers32: vidc.yvyu - msyuv.dll File not found
    Drivers32: wave - wdmaud.drv File not found
    Drivers32: wave1 - wdmaud.drv File not found
    Drivers32: wavemapper - msacm32.drv File not found


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/21 14:42:55 | 000,000,000 | ---D | C] -- C:\Users\TomJ\AppData\Roaming\ESET
    [2011/02/21 14:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    [2011/02/21 14:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/02/21 13:07:42 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z......Z...Z
    [2011/02/21 12:36:53 | 000,000,000 | ---D | C] -- C:\Users\TomJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
    [2011/02/21 12:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
    [2011/02/21 12:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\LastPass
    [2011/02/21 12:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZipGenius 6
    [2011/02/21 12:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\ZipGenius 6
    [2011/02/21 11:59:58 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06Z...Z.ZZZ....ZZZ
    [2011/02/21 11:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/02/21 11:55:29 | 000,000,000 | R--D | C] -- C:\Users\TomJ\Favorites
    [2011/02/21 11:36:31 | 000,000,000 | ---D | C] -- C:\Users\TomJ\AppData\Roaming\Mozilla
    [2011/02/21 11:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
    [2011/02/21 11:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2011/02/04 12:59:37 | 000,000,000 | ---D | C] -- C:\Users\TomJ\AppData\Roaming\WinBatch
    [2010/09/27 17:03:52 | 000,047,360 | R--- | C] (VSO Software) -- C:\Users\TomJ\AppData\Roaming\pcouffin.sys
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/02/21 18:15:55 | 000,022,400 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/02/21 18:15:55 | 000,022,400 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/02/21 14:45:52 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2011/02/21 14:45:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/02/21 14:45:38 | 2415,173,632 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/21 12:36:56 | 000,001,168 | ---- | M] () -- C:\Users\TomJ\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
    [2011/02/21 12:36:53 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk
    [2011/02/21 11:55:42 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/02/21 11:40:33 | 000,001,049 | ---- | M] () -- C:\Users\TomJ\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/21 11:36:07 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/02/21 10:57:46 | 000,666,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/02/21 10:57:46 | 000,125,222 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/02/20 15:56:11 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
    [2011/02/20 15:56:10 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
    [2011/02/12 23:00:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\At1.job
    [2011/02/10 15:38:38 | 000,315,686 | RHS- | M] () -- C:\LRMOQ
    [2011/02/10 15:38:38 | 000,000,020 | RHS- | M] () -- C:\win7.ld
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/02/21 14:42:51 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
    [2011/02/21 12:36:55 | 000,001,168 | ---- | C] () -- C:\Users\TomJ\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
    [2011/02/21 12:36:53 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk
    [2011/02/21 11:55:42 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/02/21 11:40:33 | 000,001,049 | ---- | C] () -- C:\Users\TomJ\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/21 11:36:07 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/02/21 11:07:53 | 000,368,901 | ---- | C] () -- C:\Users\TomJ\Desktop\PC Secret Formula.PDF
    [2011/02/10 15:38:38 | 000,315,686 | RHS- | C] () -- C:\LRMOQ
    [2011/02/10 15:38:38 | 000,000,020 | RHS- | C] () -- C:\win7.ld
    [2010/09/27 17:04:49 | 000,001,041 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\vso_ts_preview.xml
    [2010/09/27 17:04:31 | 000,000,034 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\pcouffin.log
    [2010/09/27 17:03:52 | 000,087,608 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\inst.exe
    [2010/09/27 17:03:52 | 000,007,887 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\pcouffin.cat
    [2010/09/27 17:03:52 | 000,001,144 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\pcouffin.inf
    [2010/07/10 19:03:52 | 000,010,609 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\PStrip.bk!
    [2010/07/09 18:43:13 | 000,010,432 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\PStrip.bko
    [2010/05/24 19:17:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010/05/23 07:57:40 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
    [2010/05/23 07:57:40 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
    [2010/05/23 07:57:39 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
    [2010/05/23 07:57:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
    [2010/05/11 16:49:26 | 000,000,011 | ---- | C] () -- C:\Windows\EuBcd.ini
    [2010/05/11 16:47:07 | 000,472,064 | ---- | C] () -- C:\Windows\System32\NTFSFormat.dll
    [2010/05/11 16:47:07 | 000,180,736 | ---- | C] () -- C:\Windows\System32\DeviceManager.dll
    [2010/05/11 16:47:07 | 000,139,776 | ---- | C] () -- C:\Windows\System32\NTFSCopy.dll
    [2010/05/11 16:47:07 | 000,093,184 | ---- | C] () -- C:\Windows\System32\Partition.dll
    [2010/05/11 16:47:07 | 000,086,528 | ---- | C] () -- C:\Windows\System32\NTFSLib.dll
    [2010/05/11 16:47:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\ResizeNTFS.dll
    [2010/05/11 16:47:07 | 000,068,096 | ---- | C] () -- C:\Windows\System32\Device.dll
    [2010/05/11 16:47:07 | 000,065,536 | ---- | C] () -- C:\Windows\System32\FatCopy.dll
    [2010/05/11 16:47:07 | 000,061,952 | ---- | C] () -- C:\Windows\System32\FatResizeMove.dll
    [2010/05/11 16:47:07 | 000,045,568 | ---- | C] () -- C:\Windows\System32\FileSystemCheck.dll
    [2010/05/11 16:47:07 | 000,031,744 | ---- | C] () -- C:\Windows\System32\FatLib.dll
    [2010/05/11 16:47:07 | 000,025,088 | ---- | C] () -- C:\Windows\System32\FATFileSystemAnalyser.dll
    [2010/05/11 16:47:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\NTFSFileSystemAnalyser.dll
    [2010/05/11 16:47:07 | 000,022,016 | ---- | C] () -- C:\Windows\System32\FatFormat.dll
    [2010/05/11 16:47:07 | 000,021,504 | ---- | C] () -- C:\Windows\System32\Fixup.dll
    [2010/05/11 16:47:07 | 000,017,920 | ---- | C] () -- C:\Windows\System32\SectorCopy.dll
    [2010/05/11 16:47:07 | 000,014,848 | ---- | C] () -- C:\Windows\System32\FileSystemAnalyser.dll
    [2010/05/11 16:47:07 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
    [2010/05/11 16:47:07 | 000,010,752 | ---- | C] () -- C:\Windows\System32\DeviceAdapter.dll
    [2010/05/11 16:47:07 | 000,006,656 | ---- | C] () -- C:\Windows\System32\CallbackOperator.dll
    [2010/05/11 16:47:05 | 000,003,072 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
    [2010/05/11 16:47:04 | 000,009,728 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
    [2010/04/27 00:13:27 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2010/04/27 00:13:26 | 000,022,328 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\PnkBstrK.sys
    [2010/04/25 19:18:48 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
    [2010/04/25 18:51:18 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2010/04/25 12:19:17 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
    [2010/04/25 12:19:17 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
    [2010/04/25 12:19:14 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
    [2010/04/25 12:19:14 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
    [2010/04/25 12:19:14 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
    [2010/04/25 12:19:14 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
    [2010/04/25 12:19:14 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
    [2010/04/25 12:19:14 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
    [2010/04/25 12:19:14 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
    [2010/04/25 12:19:14 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
    [2010/04/25 12:19:14 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
    [2010/04/25 12:19:14 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
    [2010/04/25 12:19:14 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
    [2010/04/25 12:19:14 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
    [2010/04/25 12:19:14 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
    [2010/04/25 12:19:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
    [2010/04/25 12:19:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
    [2010/04/25 12:19:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
    [2010/04/25 12:19:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
    [2010/04/25 12:19:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
    [2010/04/25 12:19:14 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
    [2010/04/25 12:19:14 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
    [2010/04/25 12:13:20 | 000,000,481 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2010/04/25 12:13:20 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
    [2010/04/25 06:40:58 | 000,010,586 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\PStrip.ini
    [2010/04/25 06:40:58 | 000,010,586 | R--- | C] () -- C:\Users\TomJ\AppData\Roaming\PStrip.bak
    [2009/12/15 14:41:30 | 000,268,912 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
    [2009/08/26 05:29:28 | 000,150,016 | ---- | C] () -- C:\Windows\System32\OemSpiE.dll
    [2009/07/15 08:22:48 | 000,032,914 | ---- | C] () -- C:\Windows\System32\t3.ini
    [2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2008/10/07 07:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2008/10/07 07:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
    [2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
    [2001/08/29 14:11:40 | 000,398,848 | R--- | C] () -- C:\Windows\System32\DK2WIN32.DLL
    [1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

    ========== LOP Check ==========

    [2010/07/26 04:10:25 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\AstoundStereoExpander
    [2010/07/26 05:06:29 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Command & Conquer 3 Tiberium Wars Demo
    [2010/04/25 19:24:21 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\DAEMON Tools Lite
    [2010/05/23 07:57:07 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\DataCast
    [2010/09/28 14:28:41 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\DC++
    [2011/02/21 14:42:55 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\ESET
    [2010/07/26 17:55:02 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\GetRightToGo
    [2010/04/25 07:44:30 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\IObit
    [2010/10/09 12:41:13 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Nokia
    [2010/10/09 11:49:44 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\PC Suite
    [2010/05/16 21:32:35 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Publish Providers
    [2010/07/26 13:26:23 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Red Alert 3 Demo
    [2010/04/25 08:37:58 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Registry Mechanic
    [2010/05/16 21:32:37 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Sony
    [2010/04/25 06:51:36 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Trillian
    [2010/09/28 17:35:17 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\Vso
    [2011/02/04 12:59:37 | 000,000,000 | ---D | M] -- C:\Users\TomJ\AppData\Roaming\WinBatch
    [2011/02/12 23:00:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\At1.job
    [2011/02/20 15:18:08 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    ========== Custom Scans ==========


    < %systemroot%\Fonts\*.com >
    [2009/07/14 12:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 12:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 12:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 12:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/11 05:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/14 09:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2009/07/14 09:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 12:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/04/25 06:03:56 | 000,000,221 | -HS- | M] () -- C:\Users\TomJ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/11 05:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/07/26 19:43:04 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/07/26 19:43:04 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/07/18 22:50:19 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/07/18 22:50:19 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/07/26 19:43:04 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\*.exe >
    [2010/12/04 03:35:07 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
    [2010/12/04 03:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    [2010/12/04 03:35:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    [2010/12/04 03:35:08 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/02/21 11:55:29 | 000,000,402 | -HS- | M] () -- C:\Users\TomJ\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2009/07/14 09:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll
    [2009/07/14 09:16:19 | 000,507,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\wmdrmdev.dll

    < %systemroot%\system32\*.exe /lockedfiles >
    [2010/02/27 20:07:48 | 003,954,568 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntkrnlpa.exe

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >
    [2010/07/22 12:45:37 | 000,697,328 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

    < %systemroot%\System32\config\*.sav >

    < %systemroot%\system32\*.sys >
    [2009/07/14 05:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
    [2009/07/14 09:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
    [2009/07/14 05:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
    [2008/11/25 17:18:24 | 000,009,728 | ---- | M] () -- C:\Windows\System32\epmntdrv.sys
    [2008/11/25 17:18:24 | 000,003,072 | ---- | M] () -- C:\Windows\System32\EuGdiDrv.sys
    [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () -- C:\Windows\System32\giveio.sys
    [2009/07/14 05:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
    [2009/07/14 05:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
    [2009/07/14 05:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
    [2009/07/14 05:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
    [2009/07/14 05:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
    [2009/07/14 05:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
    [2009/07/14 05:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
    [2009/07/14 05:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
    [2009/07/14 05:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
    [2009/07/14 05:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
    [2009/07/14 05:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
    [2009/07/14 05:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
    [2009/07/14 05:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
    [2005/08/03 16:05:02 | 000,035,892 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\SER9PL.sys
    [2006/09/24 21:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\speedfan.sys
    [2009/07/14 07:26:52 | 002,326,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

    < %systemroot%\system32\drivers\*.dll >

    < %systemroot%\system32\drivers\*.ini >

    < %systemroot%\system32\drivers\*.exe >

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2009/07/14 09:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2009/07/14 09:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %SYSTEMDRIVE%\*.* >
    [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/07/14 09:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/04/25 19:56:26 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/10/09 08:01:00 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
    [2010/07/03 16:36:16 | 000,000,049 | ---- | M] () -- C:\calc.bat
    [2009/06/11 05:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/07/02 18:37:26 | 000,000,256 | ---- | M] () -- C:\dk2.mem
    [2010/04/13 18:34:11 | 000,000,119 | ---- | M] () -- C:\download.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2010/10/09 08:00:58 | 000,383,592 | RHS- | M] () -- C:\gdrop
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/02/21 14:45:38 | 2415,173,632 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2010/04/25 18:43:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/01/13 03:32:32 | 000,901,137 | ---- | M] () -- C:\libcurl-4.dll
    [2011/02/10 15:38:38 | 000,315,686 | RHS- | M] () -- C:\LRMOQ
    [2010/05/23 11:23:20 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2010/04/25 18:43:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/02/21 14:45:40 | 3220,234,240 | -HS- | M] () -- C:\pagefile.sys
    [2010/04/21 00:48:24 | 000,000,306 | ---- | M] () -- C:\Radi-radi.wsf
    [2010/07/03 16:36:16 | 000,000,000 | ---- | M] () -- C:\return
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2011/02/10 15:38:38 | 000,000,020 | RHS- | M] () -- C:\win7.ld
    [2008/09/25 00:12:22 | 000,075,264 | ---- | M] (Zlib) -- C:\zlib1.dll

    < %PROGRAMFILES%\*. >
    [2011/02/21 09:33:26 | 000,000,000 | ---D | M] -- C:\Program Files\3 Mobile Broadband
    [2010/07/26 16:12:53 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
    [2010/04/25 11:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2010/07/22 17:39:23 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
    [2010/07/22 12:56:15 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
    [2010/07/21 13:35:46 | 000,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
    [2011/02/21 09:23:50 | 000,000,000 | ---D | M] -- C:\Program Files\Battlefield Bad Company 2
    [2011/02/21 11:55:42 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
    [2010/05/01 23:23:47 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
    [2011/02/21 09:50:54 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2010/09/27 17:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\ConvertX
    [2010/04/25 18:51:20 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
    [2010/04/25 18:49:11 | 000,000,000 | ---D | M] -- C:\Program Files\DAP
    [2010/04/25 05:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\DC++
    [2010/10/09 11:17:22 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
    [2009/07/14 15:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
    [2010/04/25 06:02:40 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
    [2010/05/11 16:47:04 | 000,000,000 | ---D | M] -- C:\Program Files\EASEUS Partition Manager 3.0 Home Edition
    [2010/07/26 16:28:05 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
    [2010/05/09 17:21:03 | 000,000,000 | ---D | M] -- C:\Program Files\Emule XDP
    [2011/02/21 14:41:52 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
    [2011/02/12 14:43:00 | 000,000,000 | ---D | M] -- C:\Program Files\Fallout 3
    [2010/05/29 18:41:55 | 000,000,000 | ---D | M] -- C:\Program Files\File Scavenger 3.2
    [2010/04/25 19:03:50 | 000,000,000 | ---D | M] -- C:\Program Files\FlashFXP
    [2011/02/21 10:08:43 | 000,000,000 | ---D | M] -- C:\Program Files\Fraps
    [2011/02/21 10:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\Image-Line
    [2011/02/21 09:28:48 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2010/07/18 23:21:11 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
    [2010/07/22 20:28:43 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2010/07/12 13:55:45 | 000,000,000 | ---D | M] -- C:\Program Files\Just Cause 2
    [2011/02/21 12:36:55 | 000,000,000 | ---D | M] -- C:\Program Files\LastPass
    [2010/04/25 06:03:30 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
    [2011/02/21 11:27:39 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/05/23 07:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\MarkAny
    [2010/07/18 22:47:51 | 000,000,000 | ---D | M] -- C:\Program Files\Marvell
    [2010/04/30 08:11:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
    [2009/07/14 15:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
    [2011/02/21 10:12:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
    [2010/05/31 19:05:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2010/04/30 13:06:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
    [2010/05/24 14:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2010/04/26 20:37:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
    [2010/07/02 14:25:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
    [2010/07/22 20:17:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
    [2010/07/25 23:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\Modern Warfare 2
    [2011/02/21 11:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2010/05/24 14:48:46 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2011/02/21 09:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\Native Instruments
    [2010/04/25 19:17:06 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
    [2010/07/25 19:32:20 | 000,000,000 | ---D | M] -- C:\Program Files\nLite
    [2011/02/21 14:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\NOD32 Antivirus
    [2011/02/21 09:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
    [2011/02/11 08:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
    [2010/07/26 17:59:08 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA nTune Performance Application
    [2010/09/27 15:30:37 | 000,000,000 | ---D | M] -- C:\Program Files\OJOsoft
    [2010/07/21 13:29:35 | 000,000,000 | ---D | M] -- C:\Program Files\Outsim
    [2010/10/09 11:17:19 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
    [2010/10/09 10:18:02 | 000,000,000 | ---D | M] -- C:\Program Files\Perfect Uninstaller
    [2010/04/25 18:42:42 | 000,000,000 | ---D | M] -- C:\Program Files\PowerISO
    [2010/04/25 06:46:12 | 000,000,000 | ---D | M] -- C:\Program Files\Ralink
    [2010/07/26 04:58:04 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
    [2009/07/14 12:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2010/07/01 12:39:41 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
    [2010/07/10 21:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    [2010/06/02 21:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\Rockstar Games
    [2010/04/28 06:57:11 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
    [2010/05/23 07:57:07 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
    [2011/02/21 09:29:41 | 000,000,000 | ---D | M] -- C:\Program Files\seba14mods
    [2010/04/25 19:11:51 | 000,000,000 | ---D | M] -- C:\Program Files\SoulseekNS
    [2011/02/21 09:25:08 | 000,000,000 | ---D | M] -- C:\Program Files\Sound Forge Pro 10.0
    [2010/04/25 06:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search &amp; Destroy
    [2010/09/27 15:30:42 | 000,000,000 | ---D | M] -- C:\Program Files\Total Video Converter
    [2010/12/11 13:03:27 | 000,000,000 | ---D | M] -- C:\Program Files\Trillian
    [2010/07/23 14:40:01 | 000,000,000 | ---D | M] -- C:\Program Files\Valve
    [2010/08/03 18:09:55 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
    [2010/10/04 17:17:58 | 000,000,000 | ---D | M] -- C:\Program Files\VIRGIN BROADBAND
    [2010/04/25 06:03:10 | 000,000,000 | ---D | M] -- C:\Program Files\VLC
    [2010/09/27 17:03:35 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
    [2011/02/21 10:05:39 | 000,000,000 | ---D | M] -- C:\Program Files\VstPlugins
    [2010/07/26 20:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows 7 Manager
    [2009/07/14 12:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
    [2009/07/14 15:50:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
    [2011/02/21 10:10:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
    [2010/05/23 07:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
    [2010/02/10 13:48:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2009/07/14 12:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2009/07/14 12:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
    [2009/07/14 12:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
    [2009/07/14 12:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
    [2010/07/26 20:37:33 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
    [2011/02/21 12:17:11 | 000,000,000 | ---D | M] -- C:\Program Files\ZipGenius 6

    < %appdata%\*.* >
    [2010/09/27 17:03:52 | 000,087,608 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\inst.exe
    [2010/09/27 17:03:52 | 000,007,887 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\pcouffin.cat
    [2010/09/27 17:03:52 | 000,001,144 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\pcouffin.inf
    [2010/09/27 17:04:31 | 000,000,034 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\pcouffin.log
    [2010/09/27 17:03:52 | 000,047,360 | R--- | M] (VSO Software) -- C:\Users\TomJ\AppData\Roaming\pcouffin.sys
    [2010/04/30 15:01:52 | 000,022,328 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\PnkBstrK.sys
    [2010/07/25 19:33:00 | 000,010,586 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\PStrip.bak
    [2010/07/22 19:11:06 | 000,010,609 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\PStrip.bk!
    [2010/07/10 19:24:43 | 000,010,432 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\PStrip.bko
    [2010/07/25 19:33:00 | 000,010,586 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\PStrip.ini
    [2010/09/28 17:35:16 | 000,001,041 | R--- | M] () -- C:\Users\TomJ\AppData\Roaming\vso_ts_preview.xml


    < MD5 for: AGP440.SYS >
    [2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
    [2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
    [2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
    [2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
    [2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
    [2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

    < MD5 for: DISK.SYS >
    [2009/07/14 09:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
    [2009/07/14 09:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
    [2009/07/14 09:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

    < MD5 for: IASTORV.SYS >
    [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
    [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
    [2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

    < MD5 for: MV61XX.SYS >
    [2009/05/12 06:47:54 | 000,154,664 | ---- | M] (Marvell Semiconductor, Inc.) MD5=AA8CB9E508E9F193177D977859CC735C -- C:\Program Files\Marvell\61xx\driver\mv61xx.sys
    [2009/05/12 06:47:54 | 000,154,664 | ---- | M] (Marvell Semiconductor, Inc.) MD5=AA8CB9E508E9F193177D977859CC735C -- C:\Windows\System32\drivers\mv61xx.sys
    [2009/05/12 06:47:54 | 000,154,664 | ---- | M] (Marvell Semiconductor, Inc.) MD5=AA8CB9E508E9F193177D977859CC735C -- C:\Windows\System32\DriverStore\FileRepository\mv61xx.inf_x86_neutral_ec11ce6291065a36\mv61xx.sys

    < MD5 for: NETLOGON.DLL >
    [2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
    [2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
    [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
    [2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
    [2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

    < MD5 for: USBSTOR.SYS >
    [2009/07/14 07:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 — C:\Windows\System32\drivers\USBSTOR.SYS
    [2009/07/14 07:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 — C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_83027f5d5b2468d3\USBSTOR.SYS
    [2009/07/14 07:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 — C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_485ca4d9f926b0b4\USBSTOR.SYS

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-09 02:58:36

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 448 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.Z......Z...Z:1
    @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A9662AE0
    @Alternate Data Stream - 1068 bytes -> C:\ProgramData\TEMP:CFAFAA98

    < End of report >
  15. kierenm

    kierenm New Member PCHF $Donator Bronze Member

    Joined:
    Feb 21, 2011
    Posts:
    27
    Likes Received:
    0
    Local time:
    11:09
    My System
    Loading...

    ====================================
    Extras.txt
    ====================================


    OTL Extras logfile created on: 2/21/2011 6:28:37 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\TomJ\Downloads\programs
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.79 Gb Total Space | 66.05 Gb Free Space | 59.09% Space Free | Partition Type: NTFS
    Drive D: | 232.88 Gb Total Space | 214.92 Gb Free Space | 92.29% Space Free | Partition Type: NTFS
    Drive F: | 232.83 Gb Total Space | 67.96 Gb Free Space | 29.19% Space Free | Partition Type: FAT32

    Computer Name: HOTCOREDUO | User Name: TomJ | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .reg [@ = regfile] -- regedit.exe "%1"

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [open] -- regedit.exe "%1"
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V"
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
    "{13DE3939-422A-44D5-BD52-B85EF48DBDAB}" = Windows 7 Manager
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
    "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
    "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
    "{38D80A4C-D893-4985-BA3F-0B1D9E848CED}" = ESET Smart Security
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
    "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
    "{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8dc091d9-d759-45f9-bfc4-574633b784ad}" = Nero 9 Trial
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
    "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
    "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
    "{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = Samsung Media Studio 5
    "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
    "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
    "{D0A858BE-A665-4C0D-BC5F-C37E534B7669}" = PC Connectivity Solution
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
    "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
    "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink RT7x Wireless LAN Card
    "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6.3
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop CS4_is1" = Adobe Photoshop CS4
    "ASIO4ALL" = ASIO4ALL
    "CCleaner" = CCleaner
    "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
    "EASEUS Partition Manager Home Edition_is1" = EASEUS Partition Manager 3.0 Home Edition
    "InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "mv61xxDriver" = marvell 61xx
    "NoteTab Light 6_is1" = NoteTab Light 6 (Remove only)
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "OJOsoft Total Video Converter2.5.1.1121" = OJOsoft Total Video Converter
    "Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8
    "PowerISO" = PowerISO
    "Registry Mechanic_is1" = Registry Mechanic 9.0
    "RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    "Soulseek2" = SoulSeek 157 NS 13e
    "V3.2_is1" = File Scavenger 3.2
    "Video Player1.0" = Video Player
    "VIRGIN BROADBAND" = VIRGIN BROADBAND
    "VLC media player" = VLC media player 0.9.9
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "LastPass" = LastPass (uninstall only)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/11/2011 12:15:47 AM | Computer Name = HotcoreDuo | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
    stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
    id: 0x40c Faulting application start time: 0x01cbc8f5d9a3ebd5 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 99a82305-3595-11e0-9a15-00221583aaa0

    Error - 2/11/2011 1:21:47 AM | Computer Name = HotcoreDuo | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
    stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
    id: 0x174c Faulting application start time: 0x01cbc9a26dc4b607 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: d1f4f7b9-359e-11e0-9a15-00221583aaa0

    Error - 2/11/2011 12:30:57 PM | Computer Name = HotcoreDuo | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
    PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/11/2011 12:32:01 PM | Computer Name = HotcoreDuo | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files\microsoft\search
    enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
    file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
    on line 2. Invalid Xml syntax.

    Error - 2/12/2011 12:30:57 PM | Computer Name = HotcoreDuo | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
    PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/12/2011 12:31:59 PM | Computer Name = HotcoreDuo | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files\microsoft\search
    enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
    file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
    on line 2. Invalid Xml syntax.

    Error - 2/18/2011 3:51:07 AM | Computer Name = HotcoreDuo | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
    PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 2/18/2011 3:52:06 AM | Computer Name = HotcoreDuo | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files\microsoft\search
    enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
    file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
    on line 2. Invalid Xml syntax.

    Error - 2/20/2011 3:05:14 AM | Computer Name = HotcoreDuo | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
    stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
    id: 0x410 Faulting application start time: 0x01cbd0ca7245e079 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: c388af7e-3cbf-11e0-9807-00221583aaa0

    Error - 2/20/2011 3:18:08 AM | Computer Name = HotcoreDuo | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
    stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
    id: 0xef0 Faulting application start time: 0x01cbd0cca9e1b783 Faulting application
    path: C:\Windows\System32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 90b42874-3cc1-11e0-9807-00221583aaa0

    [ Media Center Events ]
    Error - 8/2/2010 1:38:17 PM | Computer Name = HotcoreDuo | Source = MCUpdate | ID = 0
    Description = 1:36:42 AM - Failed to retrieve MCEClientUX (Error: The underlying
    connection was closed: An unexpected error occurred on a receive.)

    Error - 9/27/2010 12:26:36 AM | Computer Name = HotcoreDuo | Source = MCUpdate | ID = 0
    Description = 12:26:30 PM - Error connecting to the internet. 12:26:30 PM - Unable
    to contact server..

    [ System Events ]
    Error - 1/27/2011 2:44:09 AM | Computer Name = HotcoreDuo | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%-2140993535

    Error - 1/29/2011 1:29:48 AM | Computer Name = HotcoreDuo | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the NIHardwareService
    service to connect.

    Error - 1/29/2011 1:29:48 AM | Computer Name = HotcoreDuo | Source = Service Control Manager | ID = 7000
    Description = The NIHardwareService service failed to start due to the following
    error: %%1053

    Error - 1/29/2011 1:29:52 AM | Computer Name = HotcoreDuo | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Update
    Center Service service to connect.

    Error - 1/29/2011 1:30:17 AM | Computer Name = HotcoreDuo | Source = PNRPSvc | ID = 102
    Description =

    Error - 1/29/2011 1:30:17 AM | Computer Name = HotcoreDuo | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Name Resolution
    Protocol service which failed to start because of the following error: %%-2140993535

    Error - 1/29/2011 1:30:17 AM | Computer Name = HotcoreDuo | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%-2140993535

    Error - 1/29/2011 1:30:27 AM | Computer Name = HotcoreDuo | Source = PNRPSvc | ID = 102
    Description =

    Error - 1/29/2011 1:30:27 AM | Computer Name = HotcoreDuo | Source = PNRPSvc | ID = 102
    Description =

    Error - 1/29/2011 1:30:27 AM | Computer Name = HotcoreDuo | Source = Service Control Manager | ID = 7023
    Description = The Peer Name Resolution Protocol service terminated with the following
    error: %%-2140993535


    < End of report >
Similar Threads
Forum Title Date
System Security "Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean" Nov 4, 2012
System Security Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean Aug 3, 2012
System Security System is infected with Win32/olmarik.tdl4 Trojan Aug 2, 2012
System Security Win32/Olmarik.TDL4 Trojan. Help plz D: Jul 24, 2012

Thread Status:
Not open for further replies.