System Restore Virus - boards.ie
Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
Thread Tools Search this Thread
10-10-2011, 12:29   #1
qwertplaywert
Registered User
 
Join Date: Sep 2006
Location: Dundalk
Posts: 3,376
System Restore Virus

Hi. Computer seems to be infected by a nasty virus pretending to be my system restore,and my entire c drive is not accessable but googling has only lead me to paid solutions for getting rid- anyone have any tips for getting rid?
qwertplaywert is offline  
Advertisement
10-10-2011, 14:28   #2
FSL
Registered User
 
Join Date: Feb 2006
Posts: 1,249
Create a multi bootable USB using http://www.pendrivelinux.com/yumi-mu...t-usb-creator/ add Kapersky scanner to it. Boot from the USB run the scan and see if that clears it.

You can also add a variety of other tools and linux distros to it.
FSL is offline  
10-10-2011, 18:20   #3
ASJ112
Banned
 
Join Date: Jan 2010
Posts: 1,155
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files here
ASJ112 is offline  
10-10-2011, 19:11   #4
qwertplaywert
Registered User
 
Join Date: Sep 2006
Location: Dundalk
Posts: 3,376
ran that Kapersky scan, but it completely stalled at

Scanning for pata_qdi...



the line above that read

Scanning for pata_pdc202xx_old...pata_pdc202xx_old loaded


any tips? the scan is still on the computer screen but seems to have completely stalled at the pata_qdi. tried turning the computer off and running it again but the same thing occured?


OSL:


OTL logfile created on: 10/10/2011 6:57:00 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\davidmcardle\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.14% Memory free
5.86 Gb Paging File | 4.49 Gb Available in Paging File | 76.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 12.87 Gb Free Space | 5.71% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 181.22 Gb Free Space | 80.42% Space Free | Partition Type: NTFS
Drive G: | 7.21 Gb Total Space | 4.76 Gb Free Space | 66.01% Space Free | Partition Type: FAT32

Computer Name: DAVID | User Name: davidmcardle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/10 18:53:08 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\davidmcardle\Desktop\OTL.exe
PRC - [2011/10/10 02:14:04 | 001,287,120 | -H-- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2011/10/10 01:05:12 | 000,340,992 | -H-- | M] (RapidEE.com) -- C:\ProgramData\6DSS92c31Apgjk.exe
PRC - [2011/10/10 01:01:36 | 000,449,536 | -H-- | M] (RapidEE.com) -- C:\ProgramData\YFQfMsobLp.exe
PRC - [2011/09/01 06:13:44 | 000,116,608 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/01 06:13:42 | 004,603,264 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/04/20 15:26:44 | 000,300,912 | -H-- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
PRC - [2010/03/15 12:50:36 | 001,142,224 | -H-- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 12:09:22 | 000,366,840 | -H-- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | -H-- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/04 05:11:48 | 000,835,072 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 12:53:14 | 000,091,136 | -H-- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/20 10:13:00 | 000,079,360 | -H-- | M] (DoctorSoft) -- C:\Program Files\AnyPC Client\APLanMgrC.exe
PRC - [2009/10/13 11:03:04 | 000,716,800 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 02:31:56 | 002,246,144 | -H-- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/07/14 02:14:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/07 17:33:49 | 000,052,736 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/09/01 06:21:19 | 000,117,760 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/09/01 06:21:19 | 000,063,488 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/09/01 06:21:19 | 000,052,224 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2010/04/20 15:26:44 | 000,300,912 | -H-- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
MOD - [2010/04/16 15:11:02 | 000,155,648 | -H-- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | -H-- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/01 06:13:44 | 000,116,608 | -H-- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/11 12:26:42 | 000,206,360 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/26 03:00:46 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/15 12:50:36 | 001,142,224 | -H-- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | -H-- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | -H-- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/15 13:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/10/10 18:49:45 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF945EED-74A7-4304-B747-D734A88E5512}\MpKsl89e52e7e.sys -- (MpKsl89e52e7e)
DRV - [2011/10/10 15:46:10 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF945EED-74A7-4304-B747-D734A88E5512}\MpKsle32735f0.sys -- (MpKsle32735f0)
DRV - [2011/10/10 15:44:28 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF945EED-74A7-4304-B747-D734A88E5512}\MpKsl60f44e98.sys -- (MpKsl60f44e98)
DRV - [2011/10/10 02:12:15 | 000,218,592 | -H-- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/09/01 06:13:34 | 000,067,664 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/01 06:13:34 | 000,012,880 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/06 19:52:42 | 000,041,272 | -H-- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/11/23 18:10:44 | 001,249,792 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/10/24 21:25:38 | 000,054,144 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/28 21:17:22 | 000,691,696 | -H-- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/29 00:25:02 | 000,025,112 | -H-- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/07/01 01:47:34 | 000,015,656 | -H-- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2009/09/28 10:22:00 | 000,315,392 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/10 14:44:52 | 000,122,880 | -H-- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.eircom.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:4.0
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110508
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/25 15:18:19 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/25 15:18:19 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 00:09:04 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 00:09:04 | 000,000,000 | -H-D | M]

[2010/09/24 19:15:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Extensions
[2011/10/10 01:29:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions
[2011/06/17 22:10:58 | 000,000,000 | -H-D | M] (HootBar) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010/09/25 15:43:42 | 000,000,000 | -H-D | M] (Linkification) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011/04/29 01:12:29 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/27 15:32:22 | 000,000,000 | -H-D | M] (DownThemAll!) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/05/13 03:56:58 | 000,000,000 | -H-D | M] (NASA Night Launch) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\nasanightlaunch@example.com
[2011/10/10 01:29:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/27 17:54:54 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/18 19:29:37 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/25 15:18:19 | 000,000,000 | -H-D | M] (DivX Plus Web Player HTML5 <video&gt -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/02/25 15:18:19 | 000,000,000 | -H-D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/11/12 19:53:06 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/10 13:38:34 | 000,001,538 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/03/10 13:38:34 | 000,000,947 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/03/10 13:38:34 | 000,000,769 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/03/10 13:38:35 | 000,001,135 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: DivX HiQ = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Poppit = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

Hosts file not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [YFQfMsobLp.exe] C:\ProgramData\YFQfMsobLp.exe (RapidEE.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95DE52F9-5E06-47C9-BE22-4B7FE2603F77}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC492366-9D08-4F35-AFA9-3CB961F3F0E9}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\Shell - "" = AutoRun
O33 - MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\Shell\AutoRun\command - "" = G:\IronKey.exe
O33 - MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\Shell - "" = AutoRun
O33 - MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 18:56:10 | 000,582,656 | -H-- | C] (OldTimer Tools) -- C:\Users\davidmcardle\Desktop\OTL.exe
[2011/10/10 12:36:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/10/10 11:59:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2011/10/10 11:59:52 | 000,000,000 | -H-D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/10/10 01:55:14 | 000,149,456 | -H-- | C] (PC Tools) -- C:\windows\SGDetectionTool.dll
[2011/10/10 01:55:13 | 001,652,688 | -H-- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDCore.dll
[2011/10/10 01:55:13 | 000,165,840 | -H-- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDRes.dll
[2011/10/10 01:37:51 | 000,233,136 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\pctgntdi.sys
[2011/10/10 01:37:51 | 000,100,136 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\pctwfpfilter.sys
[2011/10/10 01:37:45 | 000,218,592 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\PCTCore.sys
[2011/10/10 01:37:45 | 000,088,040 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\PCTAppEvent.sys
[2011/10/10 01:37:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011/10/10 01:37:32 | 000,063,360 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\pctplsg.sys
[2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Spyware Doctor
[2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\PC Tools
[2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\PC Tools
[2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\PC Tools
[2011/10/10 01:22:12 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2011/10/10 01:22:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2011/10/10 01:22:06 | 000,000,000 | -H-D | C] -- C:\Program Files\SpyNoMore
[2011/10/10 01:21:23 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\Desktop\Downloads
[2011/10/10 01:21:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\GetRightToGo
[2011/10/10 01:05:55 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/10/10 01:05:12 | 000,340,992 | -H-- | C] (RapidEE.com) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/10/10 01:02:10 | 000,449,536 | -H-- | C] (RapidEE.com) -- C:\ProgramData\YFQfMsobLp.exe
[2011/10/08 11:28:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/10/08 11:28:37 | 000,000,000 | RH-D | C] -- C:\Program Files\Skype
[2011/10/01 18:14:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Wyofza
[2011/10/01 18:14:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Okwoho
[2011/09/27 22:53:17 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Template
[2011/02/11 18:40:40 | 000,004,096 | -H-- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/10 19:00:15 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 19:00:15 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 18:53:08 | 000,582,656 | -H-- | M] (OldTimer Tools) -- C:\Users\davidmcardle\Desktop\OTL.exe
[2011/10/10 18:49:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/10 18:49:34 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/10 02:12:17 | 000,063,360 | -H-- | M] (PC Tools) -- C:\windows\System32\drivers\pctplsg.sys
[2011/10/10 02:12:15 | 000,218,592 | -H-- | M] (PC Tools) -- C:\windows\System32\drivers\PCTCore.sys
[2011/10/10 01:22:18 | 000,001,152 | -H-- | M] () -- C:\windows\System32\windrv.sys
[2011/10/10 01:22:13 | 000,000,945 | -H-- | M] () -- C:\Users\davidmcardle\Desktop\SpyNoMore.lnk
[2011/10/10 01:18:38 | 000,630,560 | -H-- | M] () -- C:\windows\System32\perfh009.dat
[2011/10/10 01:18:38 | 000,111,612 | -H-- | M] () -- C:\windows\System32\perfc009.dat
[2011/10/10 01:15:26 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/10 01:15:26 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/10 01:08:53 | 000,000,440 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/10 01:05:55 | 000,000,681 | -H-- | M] () -- C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/10 01:05:55 | 000,000,657 | -H-- | M] () -- C:\Users\davidmcardle\Desktop\System Restore.lnk
[2011/10/10 01:05:12 | 000,340,992 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/10/10 01:01:36 | 000,449,536 | -H-- | M] () -- C:\ProgramData\YFQfMsobLp.exe
[2011/10/01 16:59:43 | 000,000,384 | -H-- | M] () -- C:\Users\davidmcardle\AppData\Roaming\wklnhst.dat
[2011/09/25 18:14:40 | 000,001,160 | -H-- | M] () -- C:\Users\davidmcardle\Documents\Documents - Shortcut.lnk
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/10 01:55:15 | 000,767,952 | -H-- | C] () -- C:\windows\BDTSupport.dll
[2011/10/10 01:55:14 | 001,152,444 | -H-- | C] () -- C:\windows\UDB.zip
[2011/10/10 01:55:14 | 000,000,882 | -H-- | C] () -- C:\windows\RegSDImport.xml
[2011/10/10 01:55:14 | 000,000,879 | -H-- | C] () -- C:\windows\RegISSImport.xml
[2011/10/10 01:55:14 | 000,000,131 | -H-- | C] () -- C:\windows\IDB.zip
[2011/10/10 01:37:51 | 000,007,387 | -H-- | C] () -- C:\windows\System32\drivers\pctgntdi.cat
[2011/10/10 01:37:45 | 000,007,412 | -H-- | C] () -- C:\windows\System32\drivers\PCTAppEvent.cat
[2011/10/10 01:37:45 | 000,007,383 | -H-- | C] () -- C:\windows\System32\drivers\pctcore.cat
[2011/10/10 01:37:32 | 000,007,383 | -H-- | C] () -- C:\windows\System32\drivers\pctplsg.cat
[2011/10/10 01:22:18 | 000,001,152 | -H-- | C] () -- C:\windows\System32\windrv.sys
[2011/10/10 01:22:13 | 000,000,945 | -H-- | C] () -- C:\Users\davidmcardle\Desktop\SpyNoMore.lnk
[2011/10/10 01:15:26 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/10 01:15:26 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/10 01:05:55 | 000,000,681 | -H-- | C] () -- C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/10 01:05:55 | 000,000,657 | -H-- | C] () -- C:\Users\davidmcardle\Desktop\System Restore.lnk
[2011/10/10 01:05:49 | 000,000,440 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/27 22:53:14 | 000,000,384 | -H-- | C] () -- C:\Users\davidmcardle\AppData\Roaming\wklnhst.dat
[2011/09/25 18:14:40 | 000,001,160 | -H-- | C] () -- C:\Users\davidmcardle\Documents\Documents - Shortcut.lnk
[2010/10/28 21:11:51 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/10/10 15:22:26 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/25 16:22:17 | 000,085,504 | -H-- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/09/24 17:59:28 | 000,131,368 | -H-- | C] () -- C:\ProgramData\FullRemove.exe
[2010/09/24 11:13:58 | 000,000,002 | -H-- | C] () -- C:\windows\HotFixList.ini
[2010/08/25 20:30:02 | 000,439,308 | -H-- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | -H-- | C] () -- C:\windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | -H-- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | -H-- | C] () -- C:\windows\System32\GfxUI.exe.config
[2009/12/05 21:01:49 | 000,004,608 | -H-- | C] () -- C:\windows\System32\HdmiCoin.dll
[2009/12/05 21:01:47 | 000,134,592 | -H-- | C] () -- C:\windows\System32\igfcg500.bin
[2009/12/05 04:17:31 | 000,307,200 | -H-- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,350,112 | -H-- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,630,560 | -H-- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | -H-- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,111,612 | -H-- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | -H-- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | -H-- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | -H-- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== LOP Check ==========

[2011/01/18 20:19:04 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\AVG10
[2011/03/20 19:33:40 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Azureus
[2010/09/30 16:45:14 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\DAEMON Tools Lite
[2011/08/31 20:17:08 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Enose
[2011/10/10 01:22:10 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\GetRightToGo
[2011/08/31 20:16:14 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Kyna
[2011/10/07 17:28:37 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Okwoho
[2010/12/25 18:32:27 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Sports Interactive
[2011/09/27 22:53:17 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Template
[2011/10/09 23:02:02 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\uTorrent
[2011/10/04 16:56:52 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Wyofza
[2009/07/14 05:53:46 | 000,030,152 | -H-- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >




OTL Extras logfile created on: 10/10/2011 6:57:00 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\davidmcardle\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.14% Memory free
5.86 Gb Paging File | 4.49 Gb Available in Paging File | 76.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 12.87 Gb Free Space | 5.71% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 181.22 Gb Free Space | 80.42% Space Free | Partition Type: NTFS
Drive G: | 7.21 Gb Total Space | 4.76 Gb Free Space | 66.01% Space Free | Partition Type: FAT32

Computer Name: DAVID | User Name: davidmcardle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A5675A9E-F073-414A-9A04-F9BCD50459D7}" = Easy Network Manager
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F169F3EB-36AF-46A5-91E7-C9F48360CBAF}" = BitMate
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Championship Manager 01-02" = Championship Manager 01-02
"DivX Setup.divx.com" = DivX Setup
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"SpyNoMore" = SpyNoMore 2.98
"Spyware Doctor" = Spyware Doctor 7.0
"Stellar Phoenix Archive Password Recovery_is1" = Stellar Phoenix Archive Password Recovery v1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/10/2011 07:15:44 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6396

Error - 04/10/2011 07:15:45 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 04/10/2011 07:15:45 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7425

Error - 04/10/2011 07:15:45 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7425

Error - 04/10/2011 12:38:51 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 04/10/2011 12:38:51 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1077

Error - 04/10/2011 12:38:51 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1077

Error - 04/10/2011 12:38:52 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 04/10/2011 12:38:52 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2122

Error - 04/10/2011 12:38:52 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2122

[ Media Center Events ]
Error - 17/12/2010 23:03:51 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 03:03:51 - Error connecting to the internet. 03:03:51 - Unable
to contact server..

Error - 17/12/2010 23:04:21 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 03:04:20 - Error connecting to the internet. 03:04:20 - Unable
to contact server..

Error - 13/01/2011 02:18:11 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 06:18:11 - Error connecting to the internet. 06:18:11 - Unable
to contact server..

Error - 13/01/2011 02:18:25 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 06:18:16 - Error connecting to the internet. 06:18:16 - Unable
to contact server..

Error - 13/01/2011 03:18:29 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 07:18:29 - Error connecting to the internet. 07:18:29 - Unable
to contact server..

Error - 13/01/2011 03:18:35 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 07:18:35 - Error connecting to the internet. 07:18:35 - Unable
to contact server..

Error - 13/01/2011 04:18:40 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 08:18:40 - Error connecting to the internet. 08:18:40 - Unable
to contact server..

Error - 13/01/2011 04:18:46 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 08:18:45 - Error connecting to the internet. 08:18:45 - Unable
to contact server..

Error - 17/01/2011 22:59:16 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 02:59:15 - Error connecting to the internet. 02:59:15 - Unable
to contact server..

Error - 17/01/2011 22:59:36 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 02:59:21 - Error connecting to the internet. 02:59:21 - Unable
to contact server..

[ System Events ]
Error - 01/09/2011 01:09:45 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01/09/2011 01:12:02 | Computer Name = david | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 01/09/2011 01:17:37 | Computer Name = david | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 01/09/2011 01:17:38 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01/09/2011 01:17:38 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01/09/2011 01:17:38 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01/09/2011 01:19:02 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01/09/2011 01:19:11 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01/09/2011 01:19:23 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01/09/2011 01:19:34 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >
qwertplaywert is offline  
10-10-2011, 19:12   #5
qwertplaywert
Registered User
 
Join Date: Sep 2006
Location: Dundalk
Posts: 3,376
ran that Kapersky scan, but it completely stalled at

Scanning for pata_qdi...



the line above that read

Scanning for pata_pdc202xx_old...pata_pdc202xx_old loaded


any tips? the scan is still on the computer screen but seems to have completely stalled at the pata_qdi. tried turning the computer off and running it again but the same thing occured?


OSL:


OTL logfile created on: 10/10/2011 6:57:00 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\davidmcardle\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.14% Memory free
5.86 Gb Paging File | 4.49 Gb Available in Paging File | 76.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 12.87 Gb Free Space | 5.71% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 181.22 Gb Free Space | 80.42% Space Free | Partition Type: NTFS
Drive G: | 7.21 Gb Total Space | 4.76 Gb Free Space | 66.01% Space Free | Partition Type: FAT32

Computer Name: DAVID | User Name: davidmcardle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/10 18:53:08 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\davidmcardle\Desktop\OTL.exe
PRC - [2011/10/10 02:14:04 | 001,287,120 | -H-- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2011/10/10 01:05:12 | 000,340,992 | -H-- | M] (RapidEE.com) -- C:\ProgramData\6DSS92c31Apgjk.exe
PRC - [2011/10/10 01:01:36 | 000,449,536 | -H-- | M] (RapidEE.com) -- C:\ProgramData\YFQfMsobLp.exe
PRC - [2011/09/01 06:13:44 | 000,116,608 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/01 06:13:42 | 004,603,264 | -H-- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/04/20 15:26:44 | 000,300,912 | -H-- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
PRC - [2010/03/15 12:50:36 | 001,142,224 | -H-- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 12:09:22 | 000,366,840 | -H-- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | -H-- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/04 05:11:48 | 000,835,072 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/26 12:53:14 | 000,091,136 | -H-- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/10/20 10:13:00 | 000,079,360 | -H-- | M] (DoctorSoft) -- C:\Program Files\AnyPC Client\APLanMgrC.exe
PRC - [2009/10/13 11:03:04 | 000,716,800 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/10/07 02:31:56 | 002,246,144 | -H-- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/07/14 02:14:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/07 17:33:49 | 000,052,736 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/09/01 06:21:19 | 000,117,760 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/09/01 06:21:19 | 000,063,488 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/09/01 06:21:19 | 000,052,224 | -H-- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2010/04/20 15:26:44 | 000,300,912 | -H-- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
MOD - [2010/04/16 15:11:02 | 000,155,648 | -H-- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | -H-- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/01 06:13:44 | 000,116,608 | -H-- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/06 12:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/11 12:26:42 | 000,206,360 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/26 03:00:46 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/15 12:50:36 | 001,142,224 | -H-- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | -H-- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | -H-- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/15 13:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/10/10 18:49:45 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF945EED-74A7-4304-B747-D734A88E5512}\MpKsl89e52e7e.sys -- (MpKsl89e52e7e)
DRV - [2011/10/10 15:46:10 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF945EED-74A7-4304-B747-D734A88E5512}\MpKsle32735f0.sys -- (MpKsle32735f0)
DRV - [2011/10/10 15:44:28 | 000,028,752 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BF945EED-74A7-4304-B747-D734A88E5512}\MpKsl60f44e98.sys -- (MpKsl60f44e98)
DRV - [2011/10/10 02:12:15 | 000,218,592 | -H-- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/09/01 06:13:34 | 000,067,664 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/01 06:13:34 | 000,012,880 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/06 19:52:42 | 000,041,272 | -H-- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/11/23 18:10:44 | 001,249,792 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/10/24 21:25:38 | 000,054,144 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/28 21:17:22 | 000,691,696 | -H-- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/29 00:25:02 | 000,025,112 | -H-- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/07/01 01:47:34 | 000,015,656 | -H-- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2009/09/28 10:22:00 | 000,315,392 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/10 14:44:52 | 000,122,880 | -H-- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.eircom.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:4.0
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110508
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/25 15:18:19 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/25 15:18:19 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 00:09:04 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/29 00:09:04 | 000,000,000 | -H-D | M]

[2010/09/24 19:15:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Extensions
[2011/10/10 01:29:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions
[2011/06/17 22:10:58 | 000,000,000 | -H-D | M] (HootBar) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2010/09/25 15:43:42 | 000,000,000 | -H-D | M] (Linkification) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011/04/29 01:12:29 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/27 15:32:22 | 000,000,000 | -H-D | M] (DownThemAll!) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/05/13 03:56:58 | 000,000,000 | -H-D | M] (NASA Night Launch) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\sbkfncxw.default\extensions\nasanightlaunch@example.com
[2011/10/10 01:29:05 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/27 17:54:54 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/18 19:29:37 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/25 15:18:19 | 000,000,000 | -H-D | M] (DivX Plus Web Player HTML5 &lt;video&gt -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/02/25 15:18:19 | 000,000,000 | -H-D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/11/12 19:53:06 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/10 13:38:34 | 000,001,538 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/03/10 13:38:34 | 000,000,947 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/03/10 13:38:34 | 000,000,769 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/03/10 13:38:35 | 000,001,135 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: DivX HiQ = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Poppit = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

Hosts file not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [YFQfMsobLp.exe] C:\ProgramData\YFQfMsobLp.exe (RapidEE.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95DE52F9-5E06-47C9-BE22-4B7FE2603F77}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC492366-9D08-4F35-AFA9-3CB961F3F0E9}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\Shell - "" = AutoRun
O33 - MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\Shell\AutoRun\command - "" = G:\IronKey.exe
O33 - MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\Shell - "" = AutoRun
O33 - MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/10 18:56:10 | 000,582,656 | -H-- | C] (OldTimer Tools) -- C:\Users\davidmcardle\Desktop\OTL.exe
[2011/10/10 12:36:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/10/10 11:59:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2011/10/10 11:59:52 | 000,000,000 | -H-D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2011/10/10 01:55:14 | 000,149,456 | -H-- | C] (PC Tools) -- C:\windows\SGDetectionTool.dll
[2011/10/10 01:55:13 | 001,652,688 | -H-- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDCore.dll
[2011/10/10 01:55:13 | 000,165,840 | -H-- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDRes.dll
[2011/10/10 01:37:51 | 000,233,136 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\pctgntdi.sys
[2011/10/10 01:37:51 | 000,100,136 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\pctwfpfilter.sys
[2011/10/10 01:37:45 | 000,218,592 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\PCTCore.sys
[2011/10/10 01:37:45 | 000,088,040 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\PCTAppEvent.sys
[2011/10/10 01:37:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011/10/10 01:37:32 | 000,063,360 | -H-- | C] (PC Tools) -- C:\windows\System32\drivers\pctplsg.sys
[2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Spyware Doctor
[2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\PC Tools
[2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\PC Tools
[2011/10/10 01:37:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\PC Tools
[2011/10/10 01:22:12 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2011/10/10 01:22:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2011/10/10 01:22:06 | 000,000,000 | -H-D | C] -- C:\Program Files\SpyNoMore
[2011/10/10 01:21:23 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\Desktop\Downloads
[2011/10/10 01:21:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\GetRightToGo
[2011/10/10 01:05:55 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/10/10 01:05:12 | 000,340,992 | -H-- | C] (RapidEE.com) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/10/10 01:02:10 | 000,449,536 | -H-- | C] (RapidEE.com) -- C:\ProgramData\YFQfMsobLp.exe
[2011/10/08 11:28:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/10/08 11:28:37 | 000,000,000 | RH-D | C] -- C:\Program Files\Skype
[2011/10/01 18:14:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Wyofza
[2011/10/01 18:14:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Okwoho
[2011/09/27 22:53:17 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Template
[2011/02/11 18:40:40 | 000,004,096 | -H-- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/10 19:00:15 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 19:00:15 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/10 18:53:08 | 000,582,656 | -H-- | M] (OldTimer Tools) -- C:\Users\davidmcardle\Desktop\OTL.exe
[2011/10/10 18:49:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/10 18:49:34 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/10 02:12:17 | 000,063,360 | -H-- | M] (PC Tools) -- C:\windows\System32\drivers\pctplsg.sys
[2011/10/10 02:12:15 | 000,218,592 | -H-- | M] (PC Tools) -- C:\windows\System32\drivers\PCTCore.sys
[2011/10/10 01:22:18 | 000,001,152 | -H-- | M] () -- C:\windows\System32\windrv.sys
[2011/10/10 01:22:13 | 000,000,945 | -H-- | M] () -- C:\Users\davidmcardle\Desktop\SpyNoMore.lnk
[2011/10/10 01:18:38 | 000,630,560 | -H-- | M] () -- C:\windows\System32\perfh009.dat
[2011/10/10 01:18:38 | 000,111,612 | -H-- | M] () -- C:\windows\System32\perfc009.dat
[2011/10/10 01:15:26 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/10 01:15:26 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/10 01:08:53 | 000,000,440 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/10 01:05:55 | 000,000,681 | -H-- | M] () -- C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/10 01:05:55 | 000,000,657 | -H-- | M] () -- C:\Users\davidmcardle\Desktop\System Restore.lnk
[2011/10/10 01:05:12 | 000,340,992 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/10/10 01:01:36 | 000,449,536 | -H-- | M] () -- C:\ProgramData\YFQfMsobLp.exe
[2011/10/01 16:59:43 | 000,000,384 | -H-- | M] () -- C:\Users\davidmcardle\AppData\Roaming\wklnhst.dat
[2011/09/25 18:14:40 | 000,001,160 | -H-- | M] () -- C:\Users\davidmcardle\Documents\Documents - Shortcut.lnk
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/10 01:55:15 | 000,767,952 | -H-- | C] () -- C:\windows\BDTSupport.dll
[2011/10/10 01:55:14 | 001,152,444 | -H-- | C] () -- C:\windows\UDB.zip
[2011/10/10 01:55:14 | 000,000,882 | -H-- | C] () -- C:\windows\RegSDImport.xml
[2011/10/10 01:55:14 | 000,000,879 | -H-- | C] () -- C:\windows\RegISSImport.xml
[2011/10/10 01:55:14 | 000,000,131 | -H-- | C] () -- C:\windows\IDB.zip
[2011/10/10 01:37:51 | 000,007,387 | -H-- | C] () -- C:\windows\System32\drivers\pctgntdi.cat
[2011/10/10 01:37:45 | 000,007,412 | -H-- | C] () -- C:\windows\System32\drivers\PCTAppEvent.cat
[2011/10/10 01:37:45 | 000,007,383 | -H-- | C] () -- C:\windows\System32\drivers\pctcore.cat
[2011/10/10 01:37:32 | 000,007,383 | -H-- | C] () -- C:\windows\System32\drivers\pctplsg.cat
[2011/10/10 01:22:18 | 000,001,152 | -H-- | C] () -- C:\windows\System32\windrv.sys
[2011/10/10 01:22:13 | 000,000,945 | -H-- | C] () -- C:\Users\davidmcardle\Desktop\SpyNoMore.lnk
[2011/10/10 01:15:26 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/10 01:15:26 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/10 01:05:55 | 000,000,681 | -H-- | C] () -- C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/10 01:05:55 | 000,000,657 | -H-- | C] () -- C:\Users\davidmcardle\Desktop\System Restore.lnk
[2011/10/10 01:05:49 | 000,000,440 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/27 22:53:14 | 000,000,384 | -H-- | C] () -- C:\Users\davidmcardle\AppData\Roaming\wklnhst.dat
[2011/09/25 18:14:40 | 000,001,160 | -H-- | C] () -- C:\Users\davidmcardle\Documents\Documents - Shortcut.lnk
[2010/10/28 21:11:51 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/10/10 15:22:26 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/25 16:22:17 | 000,085,504 | -H-- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/09/24 17:59:28 | 000,131,368 | -H-- | C] () -- C:\ProgramData\FullRemove.exe
[2010/09/24 11:13:58 | 000,000,002 | -H-- | C] () -- C:\windows\HotFixList.ini
[2010/08/25 20:30:02 | 000,439,308 | -H-- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | -H-- | C] () -- C:\windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | -H-- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | -H-- | C] () -- C:\windows\System32\GfxUI.exe.config
[2009/12/05 21:01:49 | 000,004,608 | -H-- | C] () -- C:\windows\System32\HdmiCoin.dll
[2009/12/05 21:01:47 | 000,134,592 | -H-- | C] () -- C:\windows\System32\igfcg500.bin
[2009/12/05 04:17:31 | 000,307,200 | -H-- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,350,112 | -H-- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,630,560 | -H-- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | -H-- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,111,612 | -H-- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | -H-- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | -H-- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | -H-- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== LOP Check ==========

[2011/01/18 20:19:04 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\AVG10
[2011/03/20 19:33:40 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Azureus
[2010/09/30 16:45:14 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\DAEMON Tools Lite
[2011/08/31 20:17:08 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Enose
[2011/10/10 01:22:10 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\GetRightToGo
[2011/08/31 20:16:14 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Kyna
[2011/10/07 17:28:37 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Okwoho
[2010/12/25 18:32:27 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Sports Interactive
[2011/09/27 22:53:17 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Template
[2011/10/09 23:02:02 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\uTorrent
[2011/10/04 16:56:52 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Wyofza
[2009/07/14 05:53:46 | 000,030,152 | -H-- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >




OTL Extras logfile created on: 10/10/2011 6:57:00 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\davidmcardle\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.14% Memory free
5.86 Gb Paging File | 4.49 Gb Available in Paging File | 76.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.33 Gb Total Space | 12.87 Gb Free Space | 5.71% Space Free | Partition Type: NTFS
Drive D: | 225.33 Gb Total Space | 181.22 Gb Free Space | 80.42% Space Free | Partition Type: NTFS
Drive G: | 7.21 Gb Total Space | 4.76 Gb Free Space | 66.01% Space Free | Partition Type: FAT32

Computer Name: DAVID | User Name: davidmcardle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A5675A9E-F073-414A-9A04-F9BCD50459D7}" = Easy Network Manager
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F169F3EB-36AF-46A5-91E7-C9F48360CBAF}" = BitMate
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Championship Manager 01-02" = Championship Manager 01-02
"DivX Setup.divx.com" = DivX Setup
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"SpyNoMore" = SpyNoMore 2.98
"Spyware Doctor" = Spyware Doctor 7.0
"Stellar Phoenix Archive Password Recovery_is1" = Stellar Phoenix Archive Password Recovery v1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/10/2011 07:15:44 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6396

Error - 04/10/2011 07:15:45 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 04/10/2011 07:15:45 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7425

Error - 04/10/2011 07:15:45 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7425

Error - 04/10/2011 12:38:51 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 04/10/2011 12:38:51 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1077

Error - 04/10/2011 12:38:51 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1077

Error - 04/10/2011 12:38:52 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 04/10/2011 12:38:52 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2122

Error - 04/10/2011 12:38:52 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2122

[ Media Center Events ]
Error - 17/12/2010 23:03:51 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 03:03:51 - Error connecting to the internet. 03:03:51 - Unable
to contact server..

Error - 17/12/2010 23:04:21 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 03:04:20 - Error connecting to the internet. 03:04:20 - Unable
to contact server..

Error - 13/01/2011 02:18:11 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 06:18:11 - Error connecting to the internet. 06:18:11 - Unable
to contact server..

Error - 13/01/2011 02:18:25 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 06:18:16 - Error connecting to the internet. 06:18:16 - Unable
to contact server..

Error - 13/01/2011 03:18:29 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 07:18:29 - Error connecting to the internet. 07:18:29 - Unable
to contact server..

Error - 13/01/2011 03:18:35 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 07:18:35 - Error connecting to the internet. 07:18:35 - Unable
to contact server..

Error - 13/01/2011 04:18:40 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 08:18:40 - Error connecting to the internet. 08:18:40 - Unable
to contact server..

Error - 13/01/2011 04:18:46 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 08:18:45 - Error connecting to the internet. 08:18:45 - Unable
to contact server..

Error - 17/01/2011 22:59:16 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 02:59:15 - Error connecting to the internet. 02:59:15 - Unable
to contact server..

Error - 17/01/2011 22:59:36 | Computer Name = david | Source = MCUpdate | ID = 0
Description = 02:59:21 - Error connecting to the internet. 02:59:21 - Unable
to contact server..

[ System Events ]
Error - 01/09/2011 01:09:45 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01/09/2011 01:12:02 | Computer Name = david | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 01/09/2011 01:17:37 | Computer Name = david | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 01/09/2011 01:17:38 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01/09/2011 01:17:38 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01/09/2011 01:17:38 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01/09/2011 01:19:02 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01/09/2011 01:19:11 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01/09/2011 01:19:23 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 01/09/2011 01:19:34 | Computer Name = david | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >
qwertplaywert is offline  
Advertisement
10-10-2011, 19:26   #6
ASJ112
Banned
 
Join Date: Jan 2010
Posts: 1,155
open OTL paste this in the custom scan/fixes box


:OTL
O4 - HKCU..\Run: [YFQfMsobLp.exe] C:\ProgramData\YFQfMsobLp.exe (RapidEE.com)
O33 - MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\Shell - "" = AutoRun
O33 - MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\Shell\AutoRun\command - "" = G:\IronKey.exe
O33 - MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\Shell - "" = AutoRun
O33 - MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\Shell\AutoRun\command - "" = F:\autorun.exe
[2011/10/10 01:05:55 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/10/10 01:05:12 | 000,340,992 | -H-- | C] (RapidEE.com) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/10/10 01:02:10 | 000,449,536 | -H-- | C] (RapidEE.com) -- C:\ProgramData\YFQfMsobLp.exe
[2011/10/01 18:14:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Wyofza
[2011/10/01 18:14:21 | 000,000,000 | -H-D | C] -- C:\Users\davidmcardle\AppData\Roaming\Okwoho
[2011/10/10 01:15:26 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/10 01:15:26 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/10 01:08:53 | 000,000,440 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/10 01:05:55 | 000,000,681 | -H-- | M] () -- C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/10 01:05:55 | 000,000,657 | -H-- | M] () -- C:\Users\davidmcardle\Desktop\System Restore.lnk
[2011/10/10 01:05:12 | 000,340,992 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011/10/10 01:01:36 | 000,449,536 | -H-- | M] () -- C:\ProgramData\YFQfMsobLp.exe
[2011/10/10 01:15:26 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/10 01:15:26 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/10 01:05:55 | 000,000,681 | -H-- | C] () -- C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/10 01:05:55 | 000,000,657 | -H-- | C] () -- C:\Users\davidmcardle\Desktop\System Restore.lnk
[2011/10/10 01:05:49 | 000,000,440 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/08/31 20:16:14 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Kyna
[2011/10/07 17:28:37 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Okwoho
[2011/10/04 16:56:52 | 000,000,000 | -H-D | M] -- C:\Users\davidmcardle\AppData\Roaming\Wyofza
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]
:Files
C:\ProgramData\*.*
ipconfig /flushdns /c


click Run Fix, post the log it gives
ASJ112 is offline  
10-10-2011, 20:21   #7
qwertplaywert
Registered User
 
Join Date: Sep 2006
Location: Dundalk
Posts: 3,376
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YFQfMsobLp.exe not found.
File C:\ProgramData\YFQfMsobLp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48a2e598-7eed-11e0-a614-002454aa53da}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48a2e598-7eed-11e0-a614-002454aa53da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48a2e598-7eed-11e0-a614-002454aa53da}\ not found.
File G:\IronKey.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3ba82fb-cb3d-11df-bb8d-002454aa53da}\ not found.
File F:\autorun.exe not found.
Folder C:\Users\davidmcardle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\ not found.
File C:\ProgramData\6DSS92c31Apgjk.exe not found.
File C:\ProgramData\YFQfMsobLp.exe not found.
C:\Users\davidmcardle\AppData\Roaming\Wyofza folder moved successfully.
C:\Users\davidmcardle\AppData\Roaming\Okwoho folder moved successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk moved successfully.
C:\Users\davidmcardle\Desktop\System Restore.lnk moved successfully.
File C:\ProgramData\6DSS92c31Apgjk.exe not found.
File C:\ProgramData\YFQfMsobLp.exe not found.
File C:\ProgramData\~6DSS92c31Apgjk not found.
File C:\ProgramData\~6DSS92c31Apgjkr not found.
File C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk not found.
File C:\Users\davidmcardle\Desktop\System Restore.lnk not found.
File C:\ProgramData\6DSS92c31Apgjk not found.
C:\Users\davidmcardle\AppData\Roaming\Kyna folder moved successfully.
Folder C:\Users\davidmcardle\AppData\Roaming\Okwoho\ not found.
Folder C:\Users\davidmcardle\AppData\Roaming\Wyofza\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: davidmcardle
->Temp folder emptied: 557513228 bytes
->Temporary Internet Files folder emptied: 230775257 bytes
->Java cache emptied: 499708 bytes
->FireFox cache emptied: 100308346 bytes
->Google Chrome cache emptied: 22612938 bytes
->Flash cache emptied: 122208 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-DAVID
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 67226 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 738420 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5955741 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 876.00 mb


[EMPTYFLASH]

User: All Users

User: davidmcardle
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1-DAVID

User: Public

Total Flash Files Cleaned = 0.00 mb

HOSTS file reset successfully

========== FILES ==========
C:\ProgramData\FullRemove.exe moved successfully.
C:\ProgramData\hpzinstall.log moved successfully.
C:\ProgramData\ntuser.pol moved successfully.
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log moved successfully.
C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log moved successfully.
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log moved successfully.
C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log moved successfully.
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log moved successfully.
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\davidmcardle\Desktop\cmd.bat deleted successfully.
C:\Users\davidmcardle\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.29.1 log created on 10102011_195425

Files\Folders moved on Reboot...
File\Folder C:\Users\davidmcardle\AppData\Local\Temp\WERFE2C.tmp.resp.erc.xml not found!
File\Folder C:\Users\davidmcardle\AppData\Local\Temp\WERFE2D.tmp.resp not found!

Registry entries deleted on Reboot...
qwertplaywert is offline  
10-10-2011, 21:12   #8
ASJ112
Banned
 
Join Date: Jan 2010
Posts: 1,155
update malwarebytes, run a quick scan, post that log here
ASJ112 is offline  
10-10-2011, 21:47   #9
qwertplaywert
Registered User
 
Join Date: Sep 2006
Location: Dundalk
Posts: 3,376
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7918

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

10/10/2011 21:45:21
mbam-log-2011-10-10 (21-45-21).txt

Scan type: Quick scan
Objects scanned: 180516
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Seems to be clear now, no messages coming up anymore etc and ran a few other scans, coming up clean. only thing, my files and pathways and basically anything on the c drive still arn't visable unless i enable viewing hidden files, any idea on how to fix this?
qwertplaywert is offline  
Advertisement
10-10-2011, 22:18   #10
ASJ112
Banned
 
Join Date: Jan 2010
Posts: 1,155
run unhide.exe

http://download.bleepingcomputer.com/grinler/unhide.exe
ASJ112 is offline  
Thanks from:
22-10-2011, 21:44   #11
PCrepairman.ie
Registered User
 
Join Date: Oct 2011
Posts: 12

Quote:
Originally Posted by qwertplaywert View Post
Hi. Computer seems to be infected by a nasty virus pretending to be my system restore,and my entire c drive is not accessable but googling has only lead me to paid solutions for getting rid- anyone have any tips for getting rid?

Hi,

Can you post a bit more information about your OS and the problem.
does it boot OK, sounds like it does
When you say you cant access the C: does that mean everything?
Do you get an error message?
What changed just before this problem started?
Are you logged in as an administrator?
Are there any other symptoms?

Joe
PCrepairman.ie is offline  
25-10-2011, 13:14   #12
gerryk
Registered User
 
Join Date: Sep 2003
Posts: 1,545
Did you look here? http://www.boards.ie/vbulletin/showt...p?t=2056217854
gerryk is offline  
25-10-2011, 13:26   #13
Elmo
Registered User
 
Elmo's Avatar
 
Join Date: Mar 2002
Posts: 17,033
System Restore program remains in the all programs list. I am afraid to use its uninstall program, can I uninstall or will that just restart the process again.

All Programs > System Restore > Uninstall
Elmo is offline  
24-11-2011, 12:36   #14
Will_H
Registered User
 
Join Date: Feb 2005
Location: International Space Station
Posts: 170
System Restore is a fake computer analysis and optimization program from the FakeHDD family of rogues.

If you are infected with System Restore it is important that you do not delete any files from your Temp folder or use any temp file cleaners.

Here's how to remove it:

http://www.bleepingcomputer.com/viru...system-restore
Will_H is offline  
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet