Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

System Restore Virus

  • 10-10-2011 11:29am
    #1
    Registered Users Posts: 3,404 ✭✭✭


    Hi. Computer seems to be infected by a nasty virus pretending to be my system restore,and my entire c drive is not accessable but googling has only lead me to paid solutions for getting rid- anyone have any tips for getting rid?


Comments

  • Registered Users Posts: 1,456 ✭✭✭FSL


    Create a multi bootable USB using http://www.pendrivelinux.com/yumi-multiboot-usb-creator/ add Kapersky scanner to it. Boot from the USB run the scan and see if that clears it.

    You can also add a variety of other tools and linux distros to it.


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • Registered Users Posts: 3,404 ✭✭✭qwertplaywert


    ran that Kapersky scan, but it completely stalled at

    Scanning for pata_qdi...



    the line above that read

    Scanning for pata_pdc202xx_old...pata_pdc202xx_old loaded


    any tips? the scan is still on the computer screen but seems to have completely stalled at the pata_qdi. tried turning the computer off and running it again but the same thing occured?


    OSL:


    OTL logfile created on: 10/10/2011 6:57:00 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\davidmcardle\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.14% Memory free
    5.86 Gb Paging File | 4.49 Gb Available in Paging File | 76.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 225.33 Gb Total Space | 12.87 Gb Free Space | 5.71% Space Free | Partition Type: NTFS
    Drive D: | 225.33 Gb Total Space | 181.22 Gb Free Space | 80.42% Space Free | Partition Type: NTFS
    Drive G: | 7.21 Gb Total Space | 4.76 Gb Free Space | 66.01% Space Free | Partition Type: FAT32

    Computer Name: DAVID | User Name: davidmcardle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/10 18:53:08 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\davidmcardle\Desktop\OTL.exe
    PRC - [2011/10/10 02:14:04 | 001,287,120 | -H-- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
    PRC - [2011/10/10 01:05:12 | 000,340,992 | -H-- | M] (RapidEE.com) -- C:\ProgramData\6DSS92c31Apgjk.exe
    PRC - [2011/10/10 01:01:36 | 000,449,536 | -H-- | M] (RapidEE.com) -- C:\ProgramData\YFQfMsobLp.exe
    PRC - [2011/09/01 06:13:44 | 000,116,608 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    PRC - [2011/09/01 06:13:42 | 004,603,264 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/30 13:20:36 | 000,997,408 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2010/11/11 12:26:42 | 000,206,360 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    PRC - [2010/11/11 12:26:40 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/04/20 15:26:44 | 000,300,912 | -H-- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
    PRC - [2010/03/15 12:50:36 | 001,142,224 | -H-- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
    PRC - [2010/03/11 12:09:22 | 000,366,840 | -H-- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
    PRC - [2010/01/22 09:56:24 | 000,112,592 | -H-- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    PRC - [2009/11/04 05:11:48 | 000,835,072 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    PRC - [2009/10/26 12:53:14 | 000,091,136 | -H-- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    PRC - [2009/10/20 10:13:00 | 000,079,360 | -H-- | M] (DoctorSoft) -- C:\Program Files\AnyPC Client\APLanMgrC.exe
    PRC - [2009/10/13 11:03:04 | 000,716,800 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
    PRC - [2009/10/07 02:31:56 | 002,246,144 | -H-- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    PRC - [2009/07/14 02:14:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/07 17:33:49 | 000,052,736 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
    MOD - [2011/09/01 06:21:19 | 000,117,760 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    MOD - [2011/09/01 06:21:19 | 000,063,488 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    MOD - [2011/09/01 06:21:19 | 000,052,224 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2010/04/20 15:26:44 | 000,300,912 | -H-- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
    MOD - [2010/04/16 15:11:02 | 000,155,648 | -H-- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
    MOD - [2010/03/15 11:28:22 | 000,141,824 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2006/08/12 04:48:40 | 000,049,152 | -H-- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/09/01 06:13:44 | 000,116,608 | -H-- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/11/11 12:26:42 | 000,206,360 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2010/11/11 12:26:40 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/09/26 03:00:46 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/15 12:50:36 | 001,142,224 | -H-- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
    SRV - [2010/03/11 12:09:22 | 000,366,840 | -H-- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2010/01/22 09:56:24 | 000,112,592 | -H-- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2010/01/15 13:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/10/10 18:49:45 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF945EED-74A7-4304-B747-D734A88E5512}\MpKsl89e52e7e.sys -- (MpKsl89e52e7e)
    DRV - [2011/10/10 15:46:10 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF945EED-74A7-4304-B747-D734A88E5512}\MpKsle32735f0.sys -- (MpKsle32735f0)
    DRV - [2011/10/10 15:44:28 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF945EED-74A7-4304-B747-D734A88E5512}\MpKsl60f44e98.sys -- (MpKsl60f44e98)
    DRV - [2011/10/10 02:12:15 | 000,218,592 | -H-- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2011/09/01 06:13:34 | 000,067,664 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/09/01 06:13:34 | 000,012,880 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2011/07/06 19:52:42 | 000,041,272 | -H-- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2010/11/23 18:10:44 | 001,249,792 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/10/24 21:25:38 | 000,054,144 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2010/10/24 21:25:38 | 000,043,392 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2010/09/28 21:17:22 | 000,691,696 | -H-- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/07/29 00:25:02 | 000,025,112 | -H-- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
    DRV - [2010/07/01 01:47:34 | 000,015,656 | -H-- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
    DRV - [2009/09/28 10:22:00 | 000,315,392 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/07/10 14:44:52 | 000,122,880 | -H-- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.eircom.net/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Secure Search"
    FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
    FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:4.0
    FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110508
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/25 15:18:19 | 000,000,000 | -H-D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/25 15:18:19 | 000,000,000 | -H-D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 00:09:04 | 000,000,000 | -H-D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 00:09:04 | 000,000,000 | -H-D | M]

    [2010/09/24 19:15:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Extensions
    [2011/10/10 01:29:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions
    [2011/06/17 22:10:58 | 000,000,000 | -H-D | M] (HootBar) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
    [2010/09/25 15:43:42 | 000,000,000 | -H-D | M] (Linkification) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    [2011/04/29 01:12:29 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/02/27 15:32:22 | 000,000,000 | -H-D | M] (DownThemAll!) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2011/05/13 03:56:58 | 000,000,000 | -H-D | M] (NASA Night Launch) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\nasanightlaunch@example.com
    [2011/10/10 01:29:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/09/27 17:54:54 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011/01/18 19:29:37 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/25 15:18:19 | 000,000,000 | -H-D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
    [2011/02/25 15:18:19 | 000,000,000 | -H-D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
    [2010/11/12 19:53:06 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/03/10 13:38:34 | 000,001,538 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2011/03/10 13:38:34 | 000,000,947 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2011/03/10 13:38:34 | 000,000,769 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2011/03/10 13:38:35 | 000,001,135 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\pdf.dll
    CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gears.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Entanglement = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
    CHR - Extension: DivX HiQ = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: Poppit = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

    Hosts file not found
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe ()
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [YFQfMsobLp.exe] C:\ProgramData\YFQfMsobLp.exe (RapidEE.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95DE52F9-5E06-47C9-BE22-4B7FE2603F77}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC492366-9D08-4F35-AFA9-3CB961F3F0E9}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\Shell - "" = AutoRun
    O33 - MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\Shell\AutoRun\command - "" = G:\IronKey.exe
    O33 - MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\Shell - "" = AutoRun
    O33 - MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\Shell\AutoRun\command - "" = F:\autorun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/10 18:56:10 | 000,582,656 | -H-- | C] (OldTimer Tools) -- C:\Users\davidmcardle\Desktop\OTL.exe
    [2011/10/10 12:36:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2011/10/10 11:59:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
    [2011/10/10 11:59:52 | 000,000,000 | -H-D | C] -- C:\Program Files\GridinSoft Trojan Killer
    [2011/10/10 01:55:14 | 000,149,456 | -H-- | C] (PC Tools) -- C:\windows\SGDetectionTool.dll
    [2011/10/10 01:55:13 | 001,652,688 | -H-- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDCore.dll
    [2011/10/10 01:55:13 | 000,165,840 | -H-- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDRes.dll
    [2011/10/10 01:37:51 | 000,233,136 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\pctgntdi.sys
    [2011/10/10 01:37:51 | 000,100,136 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\pctwfpfilter.sys
    [2011/10/10 01:37:45 | 000,218,592 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\PCTCore.sys
    [2011/10/10 01:37:45 | 000,088,040 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\PCTAppEvent.sys
    [2011/10/10 01:37:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
    [2011/10/10 01:37:32 | 000,063,360 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\pctplsg.sys
    [2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Spyware Doctor
    [2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\PC Tools
    [2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\PC Tools
    [2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\PC Tools
    [2011/10/10 01:22:12 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyNoMore
    [2011/10/10 01:22:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore
    [2011/10/10 01:22:06 | 000,000,000 | -H-D | C] -- C:\Program Files\SpyNoMore
    [2011/10/10 01:21:23 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\Desktop\Downloads
    [2011/10/10 01:21:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\GetRightToGo
    [2011/10/10 01:05:55 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
    [2011/10/10 01:05:12 | 000,340,992 | -H-- | C] (RapidEE.com) -- C:\ProgramData\6DSS92c31Apgjk.exe
    [2011/10/10 01:02:10 | 000,449,536 | -H-- | C] (RapidEE.com) -- C:\ProgramData\YFQfMsobLp.exe
    [2011/10/08 11:28:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/10/08 11:28:37 | 000,000,000 | RH-D | C] -- C:\Program Files\Skype
    [2011/10/01 18:14:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Wyofza
    [2011/10/01 18:14:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Okwoho
    [2011/09/27 22:53:17 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Template
    [2011/02/11 18:40:40 | 000,004,096 | -H-- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
    [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/10/10 19:00:15 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/10/10 19:00:15 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/10/10 18:53:08 | 000,582,656 | -H-- | M] (OldTimer Tools) -- C:\Users\davidmcardle\Desktop\OTL.exe
    [2011/10/10 18:49:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2011/10/10 18:49:34 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
    [2011/10/10 02:12:17 | 000,063,360 | -H-- | M] (PC Tools) -- C:\windows\System32\drivers\pctplsg.sys
    [2011/10/10 02:12:15 | 000,218,592 | -H-- | M] (PC Tools) -- C:\windows\System32\drivers\PCTCore.sys
    [2011/10/10 01:22:18 | 000,001,152 | -H-- | M] () -- C:\windows\System32\windrv.sys
    [2011/10/10 01:22:13 | 000,000,945 | -H-- | M] () -- C:\Users\davidmcardle\Desktop\SpyNoMore.lnk
    [2011/10/10 01:18:38 | 000,630,560 | -H-- | M] () -- C:\windows\System32\perfh009.dat
    [2011/10/10 01:18:38 | 000,111,612 | -H-- | M] () -- C:\windows\System32\perfc009.dat
    [2011/10/10 01:15:26 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/10 01:15:26 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/10/10 01:08:53 | 000,000,440 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/10/10 01:05:55 | 000,000,681 | -H-- | M] () -- C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2011/10/10 01:05:55 | 000,000,657 | -H-- | M] () -- C:\Users\davidmcardle\Desktop\System Restore.lnk
    [2011/10/10 01:05:12 | 000,340,992 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk.exe
    [2011/10/10 01:01:36 | 000,449,536 | -H-- | M] () -- C:\ProgramData\YFQfMsobLp.exe
    [2011/10/01 16:59:43 | 000,000,384 | -H-- | M] () -- C:\Users\davidmcardle\AppData\Roaming\wklnhst.dat
    [2011/09/25 18:14:40 | 000,001,160 | -H-- | M] () -- C:\Users\davidmcardle\Documents\Documents - Shortcut.lnk
    [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/10/10 01:55:15 | 000,767,952 | -H-- | C] () -- C:\windows\BDTSupport.dll
    [2011/10/10 01:55:14 | 001,152,444 | -H-- | C] () -- C:\windows\UDB.zip
    [2011/10/10 01:55:14 | 000,000,882 | -H-- | C] () -- C:\windows\RegSDImport.xml
    [2011/10/10 01:55:14 | 000,000,879 | -H-- | C] () -- C:\windows\RegISSImport.xml
    [2011/10/10 01:55:14 | 000,000,131 | -H-- | C] () -- C:\windows\IDB.zip
    [2011/10/10 01:37:51 | 000,007,387 | -H-- | C] () -- C:\windows\System32\drivers\pctgntdi.cat
    [2011/10/10 01:37:45 | 000,007,412 | -H-- | C] () -- C:\windows\System32\drivers\PCTAppEvent.cat
    [2011/10/10 01:37:45 | 000,007,383 | -H-- | C] () -- C:\windows\System32\drivers\pctcore.cat
    [2011/10/10 01:37:32 | 000,007,383 | -H-- | C] () -- C:\windows\System32\drivers\pctplsg.cat
    [2011/10/10 01:22:18 | 000,001,152 | -H-- | C] () -- C:\windows\System32\windrv.sys
    [2011/10/10 01:22:13 | 000,000,945 | -H-- | C] () -- C:\Users\davidmcardle\Desktop\SpyNoMore.lnk
    [2011/10/10 01:15:26 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/10 01:15:26 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/10/10 01:05:55 | 000,000,681 | -H-- | C] () -- C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2011/10/10 01:05:55 | 000,000,657 | -H-- | C] () -- C:\Users\davidmcardle\Desktop\System Restore.lnk
    [2011/10/10 01:05:49 | 000,000,440 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/09/27 22:53:14 | 000,000,384 | -H-- | C] () -- C:\Users\davidmcardle\AppData\Roaming\wklnhst.dat
    [2011/09/25 18:14:40 | 000,001,160 | -H-- | C] () -- C:\Users\davidmcardle\Documents\Documents - Shortcut.lnk
    [2010/10/28 21:11:51 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
    [2010/10/10 15:22:26 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/09/25 16:22:17 | 000,085,504 | -H-- | C] () -- C:\windows\System32\ff_vfw.dll
    [2010/09/24 17:59:28 | 000,131,368 | -H-- | C] () -- C:\ProgramData\FullRemove.exe
    [2010/09/24 11:13:58 | 000,000,002 | -H-- | C] () -- C:\windows\HotFixList.ini
    [2010/08/25 20:30:02 | 000,439,308 | -H-- | C] () -- C:\windows\System32\igcompkrng500.bin
    [2010/08/25 20:30:00 | 000,982,240 | -H-- | C] () -- C:\windows\System32\igkrng500.bin
    [2010/08/25 20:30:00 | 000,092,356 | -H-- | C] () -- C:\windows\System32\igfcg500m.bin
    [2010/08/25 19:57:00 | 000,000,151 | -H-- | C] () -- C:\windows\System32\GfxUI.exe.config
    [2009/12/05 21:01:49 | 000,004,608 | -H-- | C] () -- C:\windows\System32\HdmiCoin.dll
    [2009/12/05 21:01:47 | 000,134,592 | -H-- | C] () -- C:\windows\System32\igfcg500.bin
    [2009/12/05 04:17:31 | 000,307,200 | -H-- | C] () -- C:\windows\SetDisplayResolution.exe
    [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
    [2009/07/14 05:33:53 | 000,350,112 | -H-- | C] () -- C:\windows\System32\FNTCACHE.DAT
    [2009/07/14 03:05:48 | 000,630,560 | -H-- | C] () -- C:\windows\System32\perfh009.dat
    [2009/07/14 03:05:48 | 000,291,294 | -H-- | C] () -- C:\windows\System32\perfi009.dat
    [2009/07/14 03:05:48 | 000,111,612 | -H-- | C] () -- C:\windows\System32\perfc009.dat
    [2009/07/14 03:05:48 | 000,031,548 | -H-- | C] () -- C:\windows\System32\perfd009.dat
    [2009/07/14 03:05:05 | 000,000,741 | -H-- | C] () -- C:\windows\System32\NOISE.DAT
    [2009/07/14 03:04:11 | 000,215,943 | -H-- | C] () -- C:\windows\System32\dssec.dat
    [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
    [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
    [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
    [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

    ========== LOP Check ==========

    [2011/01/18 20:19:04 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\AVG10
    [2011/03/20 19:33:40 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Azureus
    [2010/09/30 16:45:14 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\DAEMON Tools Lite
    [2011/08/31 20:17:08 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Enose
    [2011/10/10 01:22:10 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\GetRightToGo
    [2011/08/31 20:16:14 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Kyna
    [2011/10/07 17:28:37 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Okwoho
    [2010/12/25 18:32:27 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Sports Interactive
    [2011/09/27 22:53:17 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Template
    [2011/10/09 23:02:02 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\uTorrent
    [2011/10/04 16:56:52 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Wyofza
    [2009/07/14 05:53:46 | 000,030,152 | -H-- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4CF61E54
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

    < End of report >




    OTL Extras logfile created on: 10/10/2011 6:57:00 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\davidmcardle\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.14% Memory free
    5.86 Gb Paging File | 4.49 Gb Available in Paging File | 76.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 225.33 Gb Total Space | 12.87 Gb Free Space | 5.71% Space Free | Partition Type: NTFS
    Drive D: | 225.33 Gb Total Space | 181.22 Gb Free Space | 80.42% Space Free | Partition Type: NTFS
    Drive G: | 7.21 Gb Total Space | 4.76 Gb Free Space | 66.01% Space Free | Partition Type: FAT32

    Computer Name: DAVID | User Name: davidmcardle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
    "{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
    "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
    "{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A5675A9E-F073-414A-9A04-F9BCD50459D7}" = Easy Network Manager
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
    "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
    "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F169F3EB-36AF-46A5-91E7-C9F48360CBAF}" = BitMate
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Browser Defender_is1" = Browser Defender 2.0.6.15
    "Championship Manager 01-02" = Championship Manager 01-02
    "DivX Setup.divx.com" = DivX Setup
    "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "LastFM_is1" = Last.fm 1.5.4.27091
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
    "SpyNoMore" = SpyNoMore 2.98
    "Spyware Doctor" = Spyware Doctor 7.0
    "Stellar Phoenix Archive Password Recovery_is1" = Stellar Phoenix Archive Password Recovery v1.0
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.4
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 04/10/2011 07:15:44 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 6396

    Error - 04/10/2011 07:15:45 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 04/10/2011 07:15:45 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7425

    Error - 04/10/2011 07:15:45 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7425

    Error - 04/10/2011 12:38:51 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 04/10/2011 12:38:51 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1077

    Error - 04/10/2011 12:38:51 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1077

    Error - 04/10/2011 12:38:52 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 04/10/2011 12:38:52 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2122

    Error - 04/10/2011 12:38:52 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2122

    [ Media Center Events ]
    Error - 17/12/2010 23:03:51 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 03:03:51 - Error connecting to the internet. 03:03:51 - Unable
    to contact server..

    Error - 17/12/2010 23:04:21 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 03:04:20 - Error connecting to the internet. 03:04:20 - Unable
    to contact server..

    Error - 13/01/2011 02:18:11 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 06:18:11 - Error connecting to the internet. 06:18:11 - Unable
    to contact server..

    Error - 13/01/2011 02:18:25 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 06:18:16 - Error connecting to the internet. 06:18:16 - Unable
    to contact server..

    Error - 13/01/2011 03:18:29 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 07:18:29 - Error connecting to the internet. 07:18:29 - Unable
    to contact server..

    Error - 13/01/2011 03:18:35 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 07:18:35 - Error connecting to the internet. 07:18:35 - Unable
    to contact server..

    Error - 13/01/2011 04:18:40 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 08:18:40 - Error connecting to the internet. 08:18:40 - Unable
    to contact server..

    Error - 13/01/2011 04:18:46 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 08:18:45 - Error connecting to the internet. 08:18:45 - Unable
    to contact server..

    Error - 17/01/2011 22:59:16 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 02:59:15 - Error connecting to the internet. 02:59:15 - Unable
    to contact server..

    Error - 17/01/2011 22:59:36 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 02:59:21 - Error connecting to the internet. 02:59:21 - Unable
    to contact server..

    [ System Events ]
    Error - 01/09/2011 01:09:45 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 01/09/2011 01:12:02 | Computer Name = david | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 01/09/2011 01:17:37 | Computer Name = david | Source = Service Control Manager | ID = 7043
    Description = The Windows Update service did not shut down properly after receiving
    a preshutdown control.

    Error - 01/09/2011 01:17:38 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 01/09/2011 01:17:38 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 01/09/2011 01:17:38 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 01/09/2011 01:19:02 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 01/09/2011 01:19:11 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 01/09/2011 01:19:23 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 01/09/2011 01:19:34 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.


    < End of report >


  • Registered Users Posts: 3,404 ✭✭✭qwertplaywert


    ran that Kapersky scan, but it completely stalled at

    Scanning for pata_qdi...



    the line above that read

    Scanning for pata_pdc202xx_old...pata_pdc202xx_old loaded


    any tips? the scan is still on the computer screen but seems to have completely stalled at the pata_qdi. tried turning the computer off and running it again but the same thing occured?


    OSL:


    OTL logfile created on: 10/10/2011 6:57:00 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\davidmcardle\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.14% Memory free
    5.86 Gb Paging File | 4.49 Gb Available in Paging File | 76.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 225.33 Gb Total Space | 12.87 Gb Free Space | 5.71% Space Free | Partition Type: NTFS
    Drive D: | 225.33 Gb Total Space | 181.22 Gb Free Space | 80.42% Space Free | Partition Type: NTFS
    Drive G: | 7.21 Gb Total Space | 4.76 Gb Free Space | 66.01% Space Free | Partition Type: FAT32

    Computer Name: DAVID | User Name: davidmcardle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/10 18:53:08 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\davidmcardle\Desktop\OTL.exe
    PRC - [2011/10/10 02:14:04 | 001,287,120 | -H-- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
    PRC - [2011/10/10 01:05:12 | 000,340,992 | -H-- | M] (RapidEE.com) -- C:\ProgramData\6DSS92c31Apgjk.exe
    PRC - [2011/10/10 01:01:36 | 000,449,536 | -H-- | M] (RapidEE.com) -- C:\ProgramData\YFQfMsobLp.exe
    PRC - [2011/09/01 06:13:44 | 000,116,608 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    PRC - [2011/09/01 06:13:42 | 004,603,264 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/30 13:20:36 | 000,997,408 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2010/11/11 12:26:42 | 000,206,360 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    PRC - [2010/11/11 12:26:40 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/04/20 15:26:44 | 000,300,912 | -H-- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
    PRC - [2010/03/15 12:50:36 | 001,142,224 | -H-- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
    PRC - [2010/03/11 12:09:22 | 000,366,840 | -H-- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
    PRC - [2010/01/22 09:56:24 | 000,112,592 | -H-- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    PRC - [2009/11/04 05:11:48 | 000,835,072 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    PRC - [2009/10/26 12:53:14 | 000,091,136 | -H-- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    PRC - [2009/10/20 10:13:00 | 000,079,360 | -H-- | M] (DoctorSoft) -- C:\Program Files\AnyPC Client\APLanMgrC.exe
    PRC - [2009/10/13 11:03:04 | 000,716,800 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
    PRC - [2009/10/07 02:31:56 | 002,246,144 | -H-- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    PRC - [2009/07/14 02:14:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/07 17:33:49 | 000,052,736 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
    MOD - [2011/09/01 06:21:19 | 000,117,760 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    MOD - [2011/09/01 06:21:19 | 000,063,488 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    MOD - [2011/09/01 06:21:19 | 000,052,224 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2010/04/20 15:26:44 | 000,300,912 | -H-- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
    MOD - [2010/04/16 15:11:02 | 000,155,648 | -H-- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
    MOD - [2010/03/15 11:28:22 | 000,141,824 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2006/08/12 04:48:40 | 000,049,152 | -H-- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/09/01 06:13:44 | 000,116,608 | -H-- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/11/11 12:26:42 | 000,206,360 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2010/11/11 12:26:40 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/09/26 03:00:46 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/15 12:50:36 | 001,142,224 | -H-- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
    SRV - [2010/03/11 12:09:22 | 000,366,840 | -H-- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2010/01/22 09:56:24 | 000,112,592 | -H-- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2010/01/15 13:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/10/10 18:49:45 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF945EED-74A7-4304-B747-D734A88E5512}\MpKsl89e52e7e.sys -- (MpKsl89e52e7e)
    DRV - [2011/10/10 15:46:10 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF945EED-74A7-4304-B747-D734A88E5512}\MpKsle32735f0.sys -- (MpKsle32735f0)
    DRV - [2011/10/10 15:44:28 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF945EED-74A7-4304-B747-D734A88E5512}\MpKsl60f44e98.sys -- (MpKsl60f44e98)
    DRV - [2011/10/10 02:12:15 | 000,218,592 | -H-- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2011/09/01 06:13:34 | 000,067,664 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/09/01 06:13:34 | 000,012,880 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2011/07/06 19:52:42 | 000,041,272 | -H-- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2010/11/23 18:10:44 | 001,249,792 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/10/24 21:25:38 | 000,054,144 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2010/10/24 21:25:38 | 000,043,392 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2010/09/28 21:17:22 | 000,691,696 | -H-- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/07/29 00:25:02 | 000,025,112 | -H-- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
    DRV - [2010/07/01 01:47:34 | 000,015,656 | -H-- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
    DRV - [2009/09/28 10:22:00 | 000,315,392 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/07/10 14:44:52 | 000,122,880 | -H-- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.eircom.net/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Secure Search"
    FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
    FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:4.0
    FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110508
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p=&quot;


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/25 15:18:19 | 000,000,000 | -H-D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/25 15:18:19 | 000,000,000 | -H-D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 00:09:04 | 000,000,000 | -H-D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 00:09:04 | 000,000,000 | -H-D | M]

    [2010/09/24 19:15:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Extensions
    [2011/10/10 01:29:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions
    [2011/06/17 22:10:58 | 000,000,000 | -H-D | M] (HootBar) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
    [2010/09/25 15:43:42 | 000,000,000 | -H-D | M] (Linkification) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    [2011/04/29 01:12:29 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/02/27 15:32:22 | 000,000,000 | -H-D | M] (DownThemAll!) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2011/05/13 03:56:58 | 000,000,000 | -H-D | M] (NASA Night Launch) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\nasanightlaunch@example.com
    [2011/10/10 01:29:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/09/27 17:54:54 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011/01/18 19:29:37 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/25 15:18:19 | 000,000,000 | -H-D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
    [2011/02/25 15:18:19 | 000,000,000 | -H-D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
    [2010/11/12 19:53:06 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/03/10 13:38:34 | 000,001,538 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2011/03/10 13:38:34 | 000,000,947 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2011/03/10 13:38:34 | 000,000,769 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2011/03/10 13:38:35 | 000,001,135 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\pdf.dll
    CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gears.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Entanglement = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
    CHR - Extension: DivX HiQ = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
    CHR - Extension: Poppit = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

    Hosts file not found
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe ()
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [YFQfMsobLp.exe] C:\ProgramData\YFQfMsobLp.exe (RapidEE.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95DE52F9-5E06-47C9-BE22-4B7FE2603F77}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC492366-9D08-4F35-AFA9-3CB961F3F0E9}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\Shell - "" = AutoRun
    O33 - MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\Shell\AutoRun\command - "" = G:\IronKey.exe
    O33 - MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\Shell - "" = AutoRun
    O33 - MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\Shell\AutoRun\command - "" = F:\autorun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/10 18:56:10 | 000,582,656 | -H-- | C] (OldTimer Tools) -- C:\Users\davidmcardle\Desktop\OTL.exe
    [2011/10/10 12:36:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2011/10/10 11:59:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
    [2011/10/10 11:59:52 | 000,000,000 | -H-D | C] -- C:\Program Files\GridinSoft Trojan Killer
    [2011/10/10 01:55:14 | 000,149,456 | -H-- | C] (PC Tools) -- C:\windows\SGDetectionTool.dll
    [2011/10/10 01:55:13 | 001,652,688 | -H-- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDCore.dll
    [2011/10/10 01:55:13 | 000,165,840 | -H-- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDRes.dll
    [2011/10/10 01:37:51 | 000,233,136 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\pctgntdi.sys
    [2011/10/10 01:37:51 | 000,100,136 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\pctwfpfilter.sys
    [2011/10/10 01:37:45 | 000,218,592 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\PCTCore.sys
    [2011/10/10 01:37:45 | 000,088,040 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\PCTAppEvent.sys
    [2011/10/10 01:37:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
    [2011/10/10 01:37:32 | 000,063,360 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\pctplsg.sys
    [2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Spyware Doctor
    [2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\PC Tools
    [2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\PC Tools
    [2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\PC Tools
    [2011/10/10 01:22:12 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyNoMore
    [2011/10/10 01:22:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore
    [2011/10/10 01:22:06 | 000,000,000 | -H-D | C] -- C:\Program Files\SpyNoMore
    [2011/10/10 01:21:23 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\Desktop\Downloads
    [2011/10/10 01:21:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\GetRightToGo
    [2011/10/10 01:05:55 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
    [2011/10/10 01:05:12 | 000,340,992 | -H-- | C] (RapidEE.com) -- C:\ProgramData\6DSS92c31Apgjk.exe
    [2011/10/10 01:02:10 | 000,449,536 | -H-- | C] (RapidEE.com) -- C:\ProgramData\YFQfMsobLp.exe
    [2011/10/08 11:28:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/10/08 11:28:37 | 000,000,000 | RH-D | C] -- C:\Program Files\Skype
    [2011/10/01 18:14:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Wyofza
    [2011/10/01 18:14:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Okwoho
    [2011/09/27 22:53:17 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Template
    [2011/02/11 18:40:40 | 000,004,096 | -H-- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
    [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/10/10 19:00:15 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/10/10 19:00:15 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/10/10 18:53:08 | 000,582,656 | -H-- | M] (OldTimer Tools) -- C:\Users\davidmcardle\Desktop\OTL.exe
    [2011/10/10 18:49:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2011/10/10 18:49:34 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
    [2011/10/10 02:12:17 | 000,063,360 | -H-- | M] (PC Tools) -- C:\windows\System32\drivers\pctplsg.sys
    [2011/10/10 02:12:15 | 000,218,592 | -H-- | M] (PC Tools) -- C:\windows\System32\drivers\PCTCore.sys
    [2011/10/10 01:22:18 | 000,001,152 | -H-- | M] () -- C:\windows\System32\windrv.sys
    [2011/10/10 01:22:13 | 000,000,945 | -H-- | M] () -- C:\Users\davidmcardle\Desktop\SpyNoMore.lnk
    [2011/10/10 01:18:38 | 000,630,560 | -H-- | M] () -- C:\windows\System32\perfh009.dat
    [2011/10/10 01:18:38 | 000,111,612 | -H-- | M] () -- C:\windows\System32\perfc009.dat
    [2011/10/10 01:15:26 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/10 01:15:26 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/10/10 01:08:53 | 000,000,440 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/10/10 01:05:55 | 000,000,681 | -H-- | M] () -- C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2011/10/10 01:05:55 | 000,000,657 | -H-- | M] () -- C:\Users\davidmcardle\Desktop\System Restore.lnk
    [2011/10/10 01:05:12 | 000,340,992 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk.exe
    [2011/10/10 01:01:36 | 000,449,536 | -H-- | M] () -- C:\ProgramData\YFQfMsobLp.exe
    [2011/10/01 16:59:43 | 000,000,384 | -H-- | M] () -- C:\Users\davidmcardle\AppData\Roaming\wklnhst.dat
    [2011/09/25 18:14:40 | 000,001,160 | -H-- | M] () -- C:\Users\davidmcardle\Documents\Documents - Shortcut.lnk
    [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/10/10 01:55:15 | 000,767,952 | -H-- | C] () -- C:\windows\BDTSupport.dll
    [2011/10/10 01:55:14 | 001,152,444 | -H-- | C] () -- C:\windows\UDB.zip
    [2011/10/10 01:55:14 | 000,000,882 | -H-- | C] () -- C:\windows\RegSDImport.xml
    [2011/10/10 01:55:14 | 000,000,879 | -H-- | C] () -- C:\windows\RegISSImport.xml
    [2011/10/10 01:55:14 | 000,000,131 | -H-- | C] () -- C:\windows\IDB.zip
    [2011/10/10 01:37:51 | 000,007,387 | -H-- | C] () -- C:\windows\System32\drivers\pctgntdi.cat
    [2011/10/10 01:37:45 | 000,007,412 | -H-- | C] () -- C:\windows\System32\drivers\PCTAppEvent.cat
    [2011/10/10 01:37:45 | 000,007,383 | -H-- | C] () -- C:\windows\System32\drivers\pctcore.cat
    [2011/10/10 01:37:32 | 000,007,383 | -H-- | C] () -- C:\windows\System32\drivers\pctplsg.cat
    [2011/10/10 01:22:18 | 000,001,152 | -H-- | C] () -- C:\windows\System32\windrv.sys
    [2011/10/10 01:22:13 | 000,000,945 | -H-- | C] () -- C:\Users\davidmcardle\Desktop\SpyNoMore.lnk
    [2011/10/10 01:15:26 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/10 01:15:26 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/10/10 01:05:55 | 000,000,681 | -H-- | C] () -- C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2011/10/10 01:05:55 | 000,000,657 | -H-- | C] () -- C:\Users\davidmcardle\Desktop\System Restore.lnk
    [2011/10/10 01:05:49 | 000,000,440 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/09/27 22:53:14 | 000,000,384 | -H-- | C] () -- C:\Users\davidmcardle\AppData\Roaming\wklnhst.dat
    [2011/09/25 18:14:40 | 000,001,160 | -H-- | C] () -- C:\Users\davidmcardle\Documents\Documents - Shortcut.lnk
    [2010/10/28 21:11:51 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
    [2010/10/10 15:22:26 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/09/25 16:22:17 | 000,085,504 | -H-- | C] () -- C:\windows\System32\ff_vfw.dll
    [2010/09/24 17:59:28 | 000,131,368 | -H-- | C] () -- C:\ProgramData\FullRemove.exe
    [2010/09/24 11:13:58 | 000,000,002 | -H-- | C] () -- C:\windows\HotFixList.ini
    [2010/08/25 20:30:02 | 000,439,308 | -H-- | C] () -- C:\windows\System32\igcompkrng500.bin
    [2010/08/25 20:30:00 | 000,982,240 | -H-- | C] () -- C:\windows\System32\igkrng500.bin
    [2010/08/25 20:30:00 | 000,092,356 | -H-- | C] () -- C:\windows\System32\igfcg500m.bin
    [2010/08/25 19:57:00 | 000,000,151 | -H-- | C] () -- C:\windows\System32\GfxUI.exe.config
    [2009/12/05 21:01:49 | 000,004,608 | -H-- | C] () -- C:\windows\System32\HdmiCoin.dll
    [2009/12/05 21:01:47 | 000,134,592 | -H-- | C] () -- C:\windows\System32\igfcg500.bin
    [2009/12/05 04:17:31 | 000,307,200 | -H-- | C] () -- C:\windows\SetDisplayResolution.exe
    [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
    [2009/07/14 05:33:53 | 000,350,112 | -H-- | C] () -- C:\windows\System32\FNTCACHE.DAT
    [2009/07/14 03:05:48 | 000,630,560 | -H-- | C] () -- C:\windows\System32\perfh009.dat
    [2009/07/14 03:05:48 | 000,291,294 | -H-- | C] () -- C:\windows\System32\perfi009.dat
    [2009/07/14 03:05:48 | 000,111,612 | -H-- | C] () -- C:\windows\System32\perfc009.dat
    [2009/07/14 03:05:48 | 000,031,548 | -H-- | C] () -- C:\windows\System32\perfd009.dat
    [2009/07/14 03:05:05 | 000,000,741 | -H-- | C] () -- C:\windows\System32\NOISE.DAT
    [2009/07/14 03:04:11 | 000,215,943 | -H-- | C] () -- C:\windows\System32\dssec.dat
    [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
    [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
    [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
    [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

    ========== LOP Check ==========

    [2011/01/18 20:19:04 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\AVG10
    [2011/03/20 19:33:40 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Azureus
    [2010/09/30 16:45:14 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\DAEMON Tools Lite
    [2011/08/31 20:17:08 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Enose
    [2011/10/10 01:22:10 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\GetRightToGo
    [2011/08/31 20:16:14 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Kyna
    [2011/10/07 17:28:37 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Okwoho
    [2010/12/25 18:32:27 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Sports Interactive
    [2011/09/27 22:53:17 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Template
    [2011/10/09 23:02:02 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\uTorrent
    [2011/10/04 16:56:52 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Wyofza
    [2009/07/14 05:53:46 | 000,030,152 | -H-- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4CF61E54
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

    < End of report >




    OTL Extras logfile created on: 10/10/2011 6:57:00 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\davidmcardle\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.14% Memory free
    5.86 Gb Paging File | 4.49 Gb Available in Paging File | 76.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 225.33 Gb Total Space | 12.87 Gb Free Space | 5.71% Space Free | Partition Type: NTFS
    Drive D: | 225.33 Gb Total Space | 181.22 Gb Free Space | 80.42% Space Free | Partition Type: NTFS
    Drive G: | 7.21 Gb Total Space | 4.76 Gb Free Space | 66.01% Space Free | Partition Type: FAT32

    Computer Name: DAVID | User Name: davidmcardle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
    "{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
    "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
    "{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A5675A9E-F073-414A-9A04-F9BCD50459D7}" = Easy Network Manager
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
    "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
    "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F169F3EB-36AF-46A5-91E7-C9F48360CBAF}" = BitMate
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Browser Defender_is1" = Browser Defender 2.0.6.15
    "Championship Manager 01-02" = Championship Manager 01-02
    "DivX Setup.divx.com" = DivX Setup
    "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "LastFM_is1" = Last.fm 1.5.4.27091
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
    "SpyNoMore" = SpyNoMore 2.98
    "Spyware Doctor" = Spyware Doctor 7.0
    "Stellar Phoenix Archive Password Recovery_is1" = Stellar Phoenix Archive Password Recovery v1.0
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.4
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 04/10/2011 07:15:44 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 6396

    Error - 04/10/2011 07:15:45 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 04/10/2011 07:15:45 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7425

    Error - 04/10/2011 07:15:45 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7425

    Error - 04/10/2011 12:38:51 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 04/10/2011 12:38:51 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1077

    Error - 04/10/2011 12:38:51 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1077

    Error - 04/10/2011 12:38:52 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 04/10/2011 12:38:52 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2122

    Error - 04/10/2011 12:38:52 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2122

    [ Media Center Events ]
    Error - 17/12/2010 23:03:51 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 03:03:51 - Error connecting to the internet. 03:03:51 - Unable
    to contact server..

    Error - 17/12/2010 23:04:21 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 03:04:20 - Error connecting to the internet. 03:04:20 - Unable
    to contact server..

    Error - 13/01/2011 02:18:11 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 06:18:11 - Error connecting to the internet. 06:18:11 - Unable
    to contact server..

    Error - 13/01/2011 02:18:25 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 06:18:16 - Error connecting to the internet. 06:18:16 - Unable
    to contact server..

    Error - 13/01/2011 03:18:29 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 07:18:29 - Error connecting to the internet. 07:18:29 - Unable
    to contact server..

    Error - 13/01/2011 03:18:35 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 07:18:35 - Error connecting to the internet. 07:18:35 - Unable
    to contact server..

    Error - 13/01/2011 04:18:40 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 08:18:40 - Error connecting to the internet. 08:18:40 - Unable
    to contact server..

    Error - 13/01/2011 04:18:46 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 08:18:45 - Error connecting to the internet. 08:18:45 - Unable
    to contact server..

    Error - 17/01/2011 22:59:16 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 02:59:15 - Error connecting to the internet. 02:59:15 - Unable
    to contact server..

    Error - 17/01/2011 22:59:36 | Computer Name = david | Source = MCUpdate | ID = 0
    Description = 02:59:21 - Error connecting to the internet. 02:59:21 - Unable
    to contact server..

    [ System Events ]
    Error - 01/09/2011 01:09:45 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 01/09/2011 01:12:02 | Computer Name = david | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 01/09/2011 01:17:37 | Computer Name = david | Source = Service Control Manager | ID = 7043
    Description = The Windows Update service did not shut down properly after receiving
    a preshutdown control.

    Error - 01/09/2011 01:17:38 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 01/09/2011 01:17:38 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 01/09/2011 01:17:38 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 01/09/2011 01:19:02 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 01/09/2011 01:19:11 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 01/09/2011 01:19:23 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 01/09/2011 01:19:34 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.


    < End of report >


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    open OTL paste this in the custom scan/fixes box


    :OTL
    O4 - HKCU..\Run: [YFQfMsobLp.exe] C:\ProgramData\YFQfMsobLp.exe (RapidEE.com)
    O33 - MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\Shell - "" = AutoRun
    O33 - MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\Shell\AutoRun\command - "" = G:\IronKey.exe
    O33 - MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\Shell - "" = AutoRun
    O33 - MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\Shell\AutoRun\command - "" = F:\autorun.exe
    [2011/10/10 01:05:55 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
    [2011/10/10 01:05:12 | 000,340,992 | -H-- | C] (RapidEE.com) -- C:\ProgramData\6DSS92c31Apgjk.exe
    [2011/10/10 01:02:10 | 000,449,536 | -H-- | C] (RapidEE.com) -- C:\ProgramData\YFQfMsobLp.exe
    [2011/10/01 18:14:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Wyofza
    [2011/10/01 18:14:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Okwoho
    [2011/10/10 01:15:26 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/10 01:15:26 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/10/10 01:08:53 | 000,000,440 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/10/10 01:05:55 | 000,000,681 | -H-- | M] () -- C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2011/10/10 01:05:55 | 000,000,657 | -H-- | M] () -- C:\Users\davidmcardle\Desktop\System Restore.lnk
    [2011/10/10 01:05:12 | 000,340,992 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk.exe
    [2011/10/10 01:01:36 | 000,449,536 | -H-- | M] () -- C:\ProgramData\YFQfMsobLp.exe
    [2011/10/10 01:15:26 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/10 01:15:26 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/10/10 01:05:55 | 000,000,681 | -H-- | C] () -- C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2011/10/10 01:05:55 | 000,000,657 | -H-- | C] () -- C:\Users\davidmcardle\Desktop\System Restore.lnk
    [2011/10/10 01:05:49 | 000,000,440 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/08/31 20:16:14 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Kyna
    [2011/10/07 17:28:37 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Okwoho
    [2011/10/04 16:56:52 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Wyofza
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [CREATERESTOREPOINT]
    [Reboot]
    :Files
    C:\ProgramData\*.*
    ipconfig /flushdns /c


    click Run Fix, post the log it gives


  • Advertisement
  • Registered Users Posts: 3,404 ✭✭✭qwertplaywert


    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YFQfMsobLp.exe not found.
    File C:\ProgramData\YFQfMsobLp.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48a2e598-7eed-11e0-a614-002454aa53da}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48a2e598-7eed-11e0-a614-002454aa53da}\ not found.
    File G:\IronKey.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\ not found.
    File F:\autorun.exe not found.
    Folder C:\Users\davidmcardle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\ not found.
    File C:\ProgramData\6DSS92c31Apgjk.exe not found.
    File C:\ProgramData\YFQfMsobLp.exe not found.
    C:\Users\davidmcardle\AppData\Roaming\Wyofza folder moved successfully.
    C:\Users\davidmcardle\AppData\Roaming\Okwoho folder moved successfully.
    C:\ProgramData\~6DSS92c31Apgjk moved successfully.
    C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
    C:\ProgramData\6DSS92c31Apgjk moved successfully.
    C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk moved successfully.
    C:\Users\davidmcardle\Desktop\System Restore.lnk moved successfully.
    File C:\ProgramData\6DSS92c31Apgjk.exe not found.
    File C:\ProgramData\YFQfMsobLp.exe not found.
    File C:\ProgramData\~6DSS92c31Apgjk not found.
    File C:\ProgramData\~6DSS92c31Apgjkr not found.
    File C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk not found.
    File C:\Users\davidmcardle\Desktop\System Restore.lnk not found.
    File C:\ProgramData\6DSS92c31Apgjk not found.
    C:\Users\davidmcardle\AppData\Roaming\Kyna folder moved successfully.
    Folder C:\Users\davidmcardle\AppData\Roaming\Okwoho\ not found.
    Folder C:\Users\davidmcardle\AppData\Roaming\Wyofza\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: davidmcardle
    ->Temp folder emptied: 557513228 bytes
    ->Temporary Internet Files folder emptied: 230775257 bytes
    ->Java cache emptied: 499708 bytes
    ->FireFox cache emptied: 100308346 bytes
    ->Google Chrome cache emptied: 22612938 bytes
    ->Flash cache emptied: 122208 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mcx1-DAVID
    ->Temp folder emptied: 516 bytes
    ->Temporary Internet Files folder emptied: 67226 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 738420 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5955741 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 876.00 mb


    [EMPTYFLASH]

    User: All Users

    User: davidmcardle
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Mcx1-DAVID

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    HOSTS file reset successfully

    ========== FILES ==========
    C:\ProgramData\FullRemove.exe moved successfully.
    C:\ProgramData\hpzinstall.log moved successfully.
    C:\ProgramData\ntuser.pol moved successfully.
    C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log moved successfully.
    C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log moved successfully.
    C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log moved successfully.
    C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log moved successfully.
    C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log moved successfully.
    C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\davidmcardle\Desktop\cmd.bat deleted successfully.
    C:\Users\davidmcardle\Desktop\cmd.txt deleted successfully.

    OTL by OldTimer - Version 3.2.29.1 log created on 10102011_195425

    Files\Folders moved on Reboot...
    File\Folder C:\Users\davidmcardle\AppData\Local\Temp\WERFE2C.tmp.resp.erc.xml not found!
    File\Folder C:\Users\davidmcardle\AppData\Local\Temp\WERFE2D.tmp.resp not found!

    Registry entries deleted on Reboot...


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    update malwarebytes, run a quick scan, post that log here


  • Registered Users Posts: 3,404 ✭✭✭qwertplaywert


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7918

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    10/10/2011 21:45:21
    mbam-log-2011-10-10 (21-45-21).txt

    Scan type: Quick scan
    Objects scanned: 180516
    Time elapsed: 4 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)




    Seems to be clear now, no messages coming up anymore etc and ran a few other scans, coming up clean. only thing, my files and pathways and basically anything on the c drive still arn't visable unless i enable viewing hidden files, any idea on how to fix this?


  • Site Banned Posts: 1,167 ✭✭✭ASJ112




  • Registered Users Posts: 12 PCrepairman.ie


    Hi. Computer seems to be infected by a nasty virus pretending to be my system restore,and my entire c drive is not accessable but googling has only lead me to paid solutions for getting rid- anyone have any tips for getting rid?


    Hi,

    Can you post a bit more information about your OS and the problem.
    does it boot OK, sounds like it does
    When you say you cant access the C: does that mean everything?
    Do you get an error message?
    What changed just before this problem started?
    Are you logged in as an administrator?
    Are there any other symptoms?

    Joe


  • Advertisement
  • Registered Users Posts: 1,726 ✭✭✭gerryk




  • Registered Users Posts: 23,641 ✭✭✭✭Elmo


    System Restore program remains in the all programs list. I am afraid to use its uninstall program, can I uninstall or will that just restart the process again.

    All Programs > System Restore > Uninstall


  • Closed Accounts Posts: 171 ✭✭Will_H


    System Restore is a fake computer analysis and optimization program from the FakeHDD family of rogues.

    If you are infected with System Restore it is important that you do not delete any files from your Temp folder or use any temp file cleaners.

    Here's how to remove it:

    http://www.bleepingcomputer.com/virus-removal/remove-system-restore


Advertisement