Mini Spy

Loading...

Latest Threads

Loading...
 
  1. Before you start!
    All given instructions in this forum are customized for each help request, the tools used may cause damage if used on a computer with different infections. If you think you have similar issues, please post the appropriate logs in our Malware Removal Assistance forum and wait for help.

    Please be aware that removing Malware is a potentially hazardous undertaking. We will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for us to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and we cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
    We strongly advise you to backup any personal files and folders before you start.

Police Ransom Virus

Discussion in 'Malware Removal Assistance' started by edward1, Jan 1, 2013.

  1. edward1

    edward1 New Member

    Joined:
    Dec 31, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    15
    Sorry but I am such a computer illiterate that OTL and aswMBR mean nothing to me.
    No I didn't follow your instructions. I have only just found your site hoping that you can assist. Oh how we learn the hard way!
  2. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    7
    Trophy Points:
    105
    Hi and welcome to MalwareTips! :)

    My name is Fiery and I would gladly assist you in removing the malware on your computer.

    Before we start:
    • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
    • Malware removal can be dangerous. I cannot guarantee the safety of your system and it is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. I would advise you to backup all your important files before we start.
    • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
    • The absence of symptoms does not mean your PC is fully disinfected.
    • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
    • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

    <hr>
    Download OTL by Old Timer from here and save it to your Desktop. If you can't access the internet on your infected PC, download it on a clean PC, transfer it to your infected PC using a USB/flash drive.
    • Double click on OTL.exe to run it.
    • Click the Scan All Users checkbox.
    • Change Standard Registry to All
    • Check the boxes beside LOP Check and Purity Check
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTListIt.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Please post the contents of these 2 Notepad files in your next reply.
  3. edward1

    edward1 New Member

    Joined:
    Dec 31, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    15
    Hello Fiery How nice to hear from you so quickly. I have carried out the actions requested. I am not to sure what to do about posting the two Notepad texts. This is something I have not done before. I thought first of all that I should save them but when I try that with either I get an error mesage "Common Dialog error (Ox3002)"
    What do I do now?
  4. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    7
    Trophy Points:
    105
    Hi there,

    You can highlight the entire log, right-click > Copy and paste it directly in your next reply :)
  5. edward1

    edward1 New Member

    Joined:
    Dec 31, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    15
    I am using my laptop to communicate with you, the PC being infected and has been disconnected from the internet by the malware.
  6. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    7
    Trophy Points:
    105
    Did you try saving the notepad files directly to the USB

    If that doesn't work, do you have microsoft word on your computer or any other program that you can copy the log to? Then save it directly to your USB using that program.
  7. edward1

    edward1 New Member

    Joined:
    Dec 31, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    15
    OK. Have used "Word" and saved to USB. When I move USB to laptop how do I get contents into my reply to you?
  8. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    7
    Trophy Points:
    105
    Open each file.

    Click any text in the log, then on your keyboard, hold ctrl then a (hold ctrl while you press a). That should highlight the entire log. Right click the highlighted text and click copy. Then when you start a reply, right-click on the reply box and click paste. Your entire log should be pasted in your reply.

    Do that for both logs
  9. edward1

    edward1 New Member

    Joined:
    Dec 31, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    15
    OK.Here goes..............
    OTL Extras logfile created on: 02/01/2013 14:39:02 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1023.29 Mb Total Physical Memory | 673.79 Mb Available Physical Memory | 65.85% Memory free
    2.41 Gb Paging File | 2.11 Gb Available in Paging File | 87.72% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 158.20 Gb Free Space | 67.93% Space Free | Partition Type: NTFS
    Drive D: | 7.20 Gb Total Space | 7.11 Gb Free Space | 98.78% Space Free | Partition Type: FAT32

    Computer Name: PETERCOMPUTERNO | User Name: Jane | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\TalkTalk\agent\bin\bcont.exe" = C:\Program Files\TalkTalk\agent\bin\bcont.exe:*:Enabled:bcont.exe -- (SupportSoft, Inc.)
    "C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe" = C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe -- (SupportSoft, Inc.)
    "C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe" = C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe -- (SupportSoft, Inc.)
    "C:\Program Files\TalkTalk\bin\sprtcmd.exe" = C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe -- (SupportSoft, Inc.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Deluge\deluge.exe" = C:\Program Files\Deluge\deluge.exe:*:Disabled:deluge -- ()
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- (VideoLAN)
    "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker
    "C:\Documents and Settings\Jane\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Jane\Application Data\Spotify\spotify.exe:*:Enabled:Spotify
    "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe" = C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe:*:Enabled:Search-Results Toolbar DTX Broker -- (APN LLC)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
    "{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A88E1685-1986-4A86-8E88-5FE1E727D026}" = RealDownloader
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.70
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.70
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
    "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D084B1A9-153B-409D-AEBF-C40FCEF925EA}" = TalkTalk Assist & Go
    "{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
    "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "alotAppbar" = ALOT Appbar
    "ArcSoft Camera Suite" = ArcSoft Camera Suite
    "avast" = avast! Free Antivirus
    "CanonMyPrinter" = Canon My Printer
    "CCleaner" = CCleaner
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "GBox" = GBox Updater
    "Google Chrome" = Google Chrome
    "GridinSoft Trojan Killer" = Trojan Killer
    "HitmanPro37" = HitmanPro 3.7
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "ilividtoolbarguid" = Search-Results Toolbar
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Nokia Suite" = Nokia Suite
    "PriceGong" = PriceGong 2.5.0
    "RealPlayer 16.0" = RealPlayer
    "Recuva" = Recuva
    "SProtector" = SProtector 1.55
    "TomTom HOME" = TomTom HOME 2.8.3.2499
    "Unlocker" = Unlocker 1.9.1
    "VLC media player" = VLC media player 2.0.4
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR 4.00 (32-bit)
    "WinX DVD Author_is1" = WinX DVD Author 6.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 31/12/2012 06:32:44 | Computer Name = PETERCOMPUTERNO | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 31/12/2012 06:33:24 | Computer Name = PETERCOMPUTERNO | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 31/12/2012 06:33:27 | Computer Name = PETERCOMPUTERNO | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 31/12/2012 06:33:28 | Computer Name = PETERCOMPUTERNO | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 31/12/2012 06:33:33 | Computer Name = PETERCOMPUTERNO | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 31/12/2012 06:35:58 | Computer Name = PETERCOMPUTERNO | Source = Application Error | ID = 1000
    Description = Faulting application arthur rd.exe, version 1.70.0.9, faulting module
    oleaut32.dll, version 5.1.2600.6058, fault address 0x0001c22e.

    Error - 31/12/2012 06:37:44 | Computer Name = PETERCOMPUTERNO | Source = Application Error | ID = 1000
    Description = Faulting application arthur rd.exe, version 1.70.0.9, faulting module
    oleaut32.dll, version 5.1.2600.6058, fault address 0x0001c22e.

    Error - 31/12/2012 08:00:44 | Computer Name = PETERCOMPUTERNO | Source = Application Error | ID = 1000
    Description = Faulting application arthur rd.exe, version 1.70.0.9, faulting module
    oleaut32.dll, version 5.1.2600.6058, fault address 0x0001c22e.

    Error - 31/12/2012 13:59:54 | Computer Name = PETERCOMPUTERNO | Source = Application Hang | ID = 1002
    Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 31/12/2012 14:00:33 | Computer Name = PETERCOMPUTERNO | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    [ System Events ]
    Error - 02/01/2013 10:40:44 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:41:14 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:41:44 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:42:14 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:42:44 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:43:14 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:43:44 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:44:14 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:44:19 | Computer Name = PETERCOMPUTERNO | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 02/01/2013 10:44:44 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.


    < End of report >

    OTL Extras logfile created on: 02/01/2013 14:39:02 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1023.29 Mb Total Physical Memory | 673.79 Mb Available Physical Memory | 65.85% Memory free
    2.41 Gb Paging File | 2.11 Gb Available in Paging File | 87.72% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 158.20 Gb Free Space | 67.93% Space Free | Partition Type: NTFS
    Drive D: | 7.20 Gb Total Space | 7.11 Gb Free Space | 98.78% Space Free | Partition Type: FAT32

    Computer Name: PETERCOMPUTERNO | User Name: Jane | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\TalkTalk\agent\bin\bcont.exe" = C:\Program Files\TalkTalk\agent\bin\bcont.exe:*:Enabled:bcont.exe -- (SupportSoft, Inc.)
    "C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe" = C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe -- (SupportSoft, Inc.)
    "C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe" = C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe -- (SupportSoft, Inc.)
    "C:\Program Files\TalkTalk\bin\sprtcmd.exe" = C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe -- (SupportSoft, Inc.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Deluge\deluge.exe" = C:\Program Files\Deluge\deluge.exe:*:Disabled:deluge -- ()
    "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- (VideoLAN)
    "C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker
    "C:\Documents and Settings\Jane\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Jane\Application Data\Spotify\spotify.exe:*:Enabled:Spotify
    "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe" = C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe:*:Enabled:Search-Results Toolbar DTX Broker -- (APN LLC)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
    "{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A88E1685-1986-4A86-8E88-5FE1E727D026}" = RealDownloader
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.70
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.70
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
    "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D084B1A9-153B-409D-AEBF-C40FCEF925EA}" = TalkTalk Assist & Go
    "{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
    "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "alotAppbar" = ALOT Appbar
    "ArcSoft Camera Suite" = ArcSoft Camera Suite
    "avast" = avast! Free Antivirus
    "CanonMyPrinter" = Canon My Printer
    "CCleaner" = CCleaner
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "GBox" = GBox Updater
    "Google Chrome" = Google Chrome
    "GridinSoft Trojan Killer" = Trojan Killer
    "HitmanPro37" = HitmanPro 3.7
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "ilividtoolbarguid" = Search-Results Toolbar
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NeroMultiInstaller!UninstallKey" = Nero Suite
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Nokia Suite" = Nokia Suite
    "PriceGong" = PriceGong 2.5.0
    "RealPlayer 16.0" = RealPlayer
    "Recuva" = Recuva
    "SProtector" = SProtector 1.55
    "TomTom HOME" = TomTom HOME 2.8.3.2499
    "Unlocker" = Unlocker 1.9.1
    "VLC media player" = VLC media player 2.0.4
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR 4.00 (32-bit)
    "WinX DVD Author_is1" = WinX DVD Author 6.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 31/12/2012 06:32:44 | Computer Name = PETERCOMPUTERNO | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 31/12/2012 06:33:24 | Computer Name = PETERCOMPUTERNO | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 31/12/2012 06:33:27 | Computer Name = PETERCOMPUTERNO | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 31/12/2012 06:33:28 | Computer Name = PETERCOMPUTERNO | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 31/12/2012 06:33:33 | Computer Name = PETERCOMPUTERNO | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 31/12/2012 06:35:58 | Computer Name = PETERCOMPUTERNO | Source = Application Error | ID = 1000
    Description = Faulting application arthur rd.exe, version 1.70.0.9, faulting module
    oleaut32.dll, version 5.1.2600.6058, fault address 0x0001c22e.

    Error - 31/12/2012 06:37:44 | Computer Name = PETERCOMPUTERNO | Source = Application Error | ID = 1000
    Description = Faulting application arthur rd.exe, version 1.70.0.9, faulting module
    oleaut32.dll, version 5.1.2600.6058, fault address 0x0001c22e.

    Error - 31/12/2012 08:00:44 | Computer Name = PETERCOMPUTERNO | Source = Application Error | ID = 1000
    Description = Faulting application arthur rd.exe, version 1.70.0.9, faulting module
    oleaut32.dll, version 5.1.2600.6058, fault address 0x0001c22e.

    Error - 31/12/2012 13:59:54 | Computer Name = PETERCOMPUTERNO | Source = Application Hang | ID = 1002
    Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 31/12/2012 14:00:33 | Computer Name = PETERCOMPUTERNO | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    [ System Events ]
    Error - 02/01/2013 10:40:44 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:41:14 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:41:44 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:42:14 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:42:44 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:43:14 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:43:44 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:44:14 | Computer Name = PETERCOMPUTERNO | Source = DCOM | ID = 10010
    Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
    with DCOM within the required timeout.

    Error - 02/01/2013 10:44:19 | Computer Name = PETERCOMPUTERNO | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    OTL logfile created on: 02/01/2013 14:39:02 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1023.29 Mb Total Physical Memory | 673.79 Mb Available Physical Memory | 65.85% Memory free
    2.41 Gb Paging File | 2.11 Gb Available in Paging File | 87.72% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 158.20 Gb Free Space | 67.93% Space Free | Partition Type: NTFS
    Drive D: | 7.20 Gb Total Space | 7.11 Gb Free Space | 98.78% Space Free | Partition Type: FAT32

    Computer Name: PETERCOMPUTERNO | User Name: Jane | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/02 14:26:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
    PRC - [2012/12/31 08:52:51 | 000,105,832 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
    PRC - [2012/12/28 20:12:06 | 008,939,896 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\HitmanPro.exe
    PRC - [2012/12/18 11:43:47 | 000,500,888 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\realplay.exe
    PRC - [2012/12/18 11:43:43 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/12/03 15:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/12/03 15:40:50 | 001,031,528 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
    PRC - [2012/11/22 13:53:01 | 001,681,472 | ---- | M] (Bandoo Media Inc) -- C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe
    PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 22:50:59 | 000,247,224 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2012/06/17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    PRC - [2012/01/23 04:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    PRC - [2012/01/23 04:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
    PRC - [2010/07/26 01:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2010/07/04 19:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
    PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe
    PRC - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe
    PRC - [2004/01/26 10:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/12/29 08:34:23 | 002,041,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12122900\algo.dll
    MOD - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    MOD - [2010/07/04 21:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
    MOD - [2010/07/04 19:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Jane\wgsdgsdgdsgsd.dll -- (winmgmt)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/12/31 08:52:51 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
    SRV - [2012/12/14 10:09:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/03 15:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/12/01 19:56:57 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2012/06/17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
    SRV - [2012/01/23 04:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2012/01/04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk)
    SRV - [2007/08/02 13:42:16 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
    SRV - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/01/02 14:35:09 | 000,030,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
    DRV - [2012/12/31 12:00:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/10/30 22:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/10/30 22:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/10/30 22:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/04/30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
    DRV - [2012/01/04 14:28:36 | 000,016,128 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
    DRV - [2011/11/01 09:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2011/11/01 09:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2011/11/01 09:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2011/11/01 09:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
    DRV - [2011/11/01 09:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2011/11/01 09:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
    DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
    DRV - [2010/07/04 19:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
    DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2004/10/27 14:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
    DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
    DRV - [2003/12/08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn)
    DRV - [2003/12/08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&appid=179&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0754154125834112&q={searchTerms}
    IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=UP62
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&appid=179&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=UP62DF&PC=UP62&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0754154125834112&q={searchTerms}
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.defaultenginename,S: S", "GadgetBox"
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: "http://search.gboxapp.com/?q="
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..browser.search.order.1,S: S", "GadgetBox"
    FF - prefs.js..browser.search.selectedEngine: "Search Results"
    FF - prefs.js..browser.search.selectedEngine,S: S", "GadgetBox"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
    FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.1
    FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0
    FF - prefs.js..extensions.enabledAddons: %7B33e0daa6-3af3-d8b5-6752-10e949c61516%7D:1.1
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
    FF - prefs.js..extensions.enabledAddons: %7BB1FC07E1-E05B-4567-8891-E63FBE545BA8%7D:1.2.0
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=0754154125834112&o=APN10645&q="
    FF - prefs.js..network.proxy.type: 0
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: ""
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlug
  10. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    7
    Trophy Points:
    105
    Hi :)

    The second log got cut off. I assume it's because you reached the forum's word limit for a post. Can you post the log that starts with OTL logfile again as that one got cut off.

    If you are unsure which log to repost, just post both logs again but in separate replies so it doesn't go over the word limit

    Thanks
  11. edward1

    edward1 New Member

    Joined:
    Dec 31, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    15
    OK. Here it is!
    OTL logfile created on: 02/01/2013 14:39:02 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1023.29 Mb Total Physical Memory | 673.79 Mb Available Physical Memory | 65.85% Memory free
    2.41 Gb Paging File | 2.11 Gb Available in Paging File | 87.72% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 158.20 Gb Free Space | 67.93% Space Free | Partition Type: NTFS
    Drive D: | 7.20 Gb Total Space | 7.11 Gb Free Space | 98.78% Space Free | Partition Type: FAT32

    Computer Name: PETERCOMPUTERNO | User Name: Jane | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/02 14:26:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
    PRC - [2012/12/31 08:52:51 | 000,105,832 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
    PRC - [2012/12/28 20:12:06 | 008,939,896 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\HitmanPro.exe
    PRC - [2012/12/18 11:43:47 | 000,500,888 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\realplay.exe
    PRC - [2012/12/18 11:43:43 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/12/03 15:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/12/03 15:40:50 | 001,031,528 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
    PRC - [2012/11/22 13:53:01 | 001,681,472 | ---- | M] (Bandoo Media Inc) -- C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe
    PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 22:50:59 | 000,247,224 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2012/06/17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    PRC - [2012/01/23 04:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    PRC - [2012/01/23 04:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
    PRC - [2010/07/26 01:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2010/07/04 19:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
    PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe
    PRC - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe
    PRC - [2004/01/26 10:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/12/29 08:34:23 | 002,041,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12122900\algo.dll
    MOD - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    MOD - [2010/07/04 21:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
    MOD - [2010/07/04 19:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Jane\wgsdgsdgdsgsd.dll -- (winmgmt)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/12/31 08:52:51 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
    SRV - [2012/12/14 10:09:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/03 15:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/12/01 19:56:57 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2012/06/17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
    SRV - [2012/01/23 04:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2012/01/04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk)
    SRV - [2007/08/02 13:42:16 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
    SRV - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/01/02 14:35:09 | 000,030,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
    DRV - [2012/12/31 12:00:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/10/30 22:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/10/30 22:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/10/30 22:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/04/30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
    DRV - [2012/01/04 14:28:36 | 000,016,128 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
    DRV - [2011/11/01 09:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2011/11/01 09:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2011/11/01 09:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2011/11/01 09:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
    DRV - [2011/11/01 09:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2011/11/01 09:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
    DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
    DRV - [2010/07/04 19:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
    DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2004/10/27 14:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
    DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
    DRV - [2003/12/08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn)
    DRV - [2003/12/08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&appid=179&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0754154125834112&q={searchTerms}
    IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=UP62
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&appid=179&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=UP62DF&PC=UP62&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0754154125834112&q={searchTerms}
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.defaultenginename,S: S", "GadgetBox"
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: "http://search.gboxapp.com/?q="
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..browser.search.order.1,S: S", "GadgetBox"
    FF - prefs.js..browser.search.selectedEngine: "Search Results"
    FF - prefs.js..browser.search.selectedEngine,S: S", "GadgetBox"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
    FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.1
    FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0
    FF - prefs.js..extensions.enabledAddons: %7B33e0daa6-3af3-d8b5-6752-10e949c61516%7D:1.1
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
    FF - prefs.js..extensions.enabledAddons: %7BB1FC07E1-E05B-4567-8891-E63FBE545BA8%7D:1.2.0
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=0754154125834112&o=APN10645&q="
    FF - prefs.js..network.proxy.type: 0
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: ""
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.2.0: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.2.0: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/06/11 08:38:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/09 05:43:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B1FC07E1-E05B-4567-8891-E63FBE545BA8}: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/10/15 11:34:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/01 19:57:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/18 11:44:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/04/17 18:52:51 | 000,000,000 | ---D | M]

    [2012/11/27 14:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Extensions
    [2012/04/22 17:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Extensions\home2@tomtom.com
    [2012/11/27 14:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions
    [2012/09/03 14:30:16 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
    [2012/10/28 19:54:47 | 000,000,000 | ---D | M] (PriceGong) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
    [2012/09/02 12:50:42 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    [2012/11/27 14:22:19 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
    [2012/04/20 20:06:00 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\appbar@alot.com
    [2011/10/01 09:05:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\ffxtlbr@babylon.com
    [2012/09/03 14:30:46 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\ffxtlbr@funmoods.com
    [2011/10/01 09:06:03 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\plugin@yontoo.com
    [2011/11/08 15:29:04 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\toolbar@ask.com
    [2011/11/09 17:30:30 | 000,002,581 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\askcom.xml
    [2012/08/08 09:16:43 | 000,000,487 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\GadgetBox.xml
    [2011/10/23 13:03:29 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\SearchResults.xml
    [2012/11/27 14:22:07 | 000,002,687 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\Search_Results.xml
    [2011/12/01 20:23:35 | 000,003,488 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\talktalk-search.xml
    [2012/12/01 19:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/12/01 19:57:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2012/10/15 11:34:40 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
    [2012/11/09 05:43:30 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/11/27 14:22:28 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
    [2012/12/01 19:57:01 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
    [2012/07/27 20:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
    [2012/12/18 11:44:10 | 000,153,296 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
    [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
    [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
    [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
    [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
    [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
    [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
    [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
    [2012/12/18 11:43:51 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2012/09/06 01:26:22 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2012/09/06 01:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/09/06 01:26:22 | 000,001,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2012/09/06 01:26:22 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2011/10/23 13:03:29 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
    [2012/11/27 14:22:07 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
    [2012/10/13 12:20:07 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/09/06 01:26:22 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2012/09/06 01:26:22 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

    ========== Chrome ==========

    CHR - homepage: http://www.searchnu.com/406
    CHR - homepage: http://www.searchnu.com/406
    CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
    CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
    CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.0_0\
    CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Jane\Application Data\Complitly\Complitly.dll (SimplyGen)
    O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.0\PriceGongIE.dll (PriceGong)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (no name) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
    O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
    O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{A531D99C-5A22-449b-83DA-872725C6D0ED} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [] File not found
    O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [ISUSPM] C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1006..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1060284298-1202660629-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{903A9E6F-11D4-4546-8CD6-7BEDCE2C8D48}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)
    O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\IEBHO.dll) - C:\Program Files\Search Results Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)
    O20 - AppInit_DLLs: (c:\progra~1\sprote~1\sprote~1.dll) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/01/14 17:23:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/31 10:14:15 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/12/31 08:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\little common
    [2012/12/31 08:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
    [2012/12/31 08:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro
    [2012/12/31 08:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Application Data\Malwarebytes
    [2012/12/31 08:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    [2012/12/30 16:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\GridinSoft Trojan Killer
    [2012/12/29 12:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
    [2012/12/18 11:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2012/12/18 11:44:10 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/12/18 11:43:48 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/12/18 11:43:47 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/12/17 15:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Application Data\searchresultstb
    [2012/12/14 10:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Mouse
    [2012/12/14 10:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
    [2012/12/05 08:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Nero
    [2012/12/04 16:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
    [2012/12/04 16:52:23 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll
    [2012/12/04 16:52:23 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
    [2012/12/04 16:52:23 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
    [2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll
    [2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
    [2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
    [2012/12/04 16:52:23 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll
    [2012/12/04 16:52:23 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
    [2012/12/04 16:52:23 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
    [2012/12/04 16:52:23 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll
    [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll
    [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll
    [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll
    [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll
    [2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll
    [2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
    [2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
    [2012/12/04 16:52:23 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
    [2012/12/04 16:52:23 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
    [2012/12/04 16:52:23 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
    [2012/12/04 16:52:22 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll
    [2012/12/04 16:52:22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
    [2012/12/04 16:52:22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll
    [2012/12/04 16:52:22 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
    [2012/12/04 16:52:22 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll
    [2012/12/04 16:52:22 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
    [2012/12/04 16:52:22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll
    [2012/12/04 16:52:22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll
    [2012/12/04 16:46:50 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/02 14:35:09 | 000,030,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
    [2013/01/02 14:32:54 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2013/01/02 14:30:35 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/02 14:30:33 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/01/02 14:30:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2013/01/02 14:30:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2013/01/02 14:29:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/01/01 21:15:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/01 21:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/01/01 21:01:30 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2013/01/01 19:44:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/12/31 12:00:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/12/31 09:23:16 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk
    [2012/12/31 09:09:27 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk
    [2012/12/29 14:36:46 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/29 12:10:27 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.pad
    [2012/12/28 19:57:38 | 000,002,933 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js
    [2012/12/28 16:21:45 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/28 10:56:06 | 000,614,271 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Motorists Lord Prayer.jpg
    [2012/12/28 10:53:31 | 000,533,625 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Operas.jpg
    [2012/12/23 19:57:01 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Jane\My Documents\MOT Expiries.wps
    [2012/12/22 12:05:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/12/22 11:56:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/21 19:07:18 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/12/18 17:19:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/12/18 11:44:10 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/12/18 11:43:48 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/12/18 11:43:47 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/12/18 11:43:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2012/12/17 13:38:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
    [2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
    [2012/12/14 21:01:08 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    [2012/12/14 10:09:37 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/12/14 10:09:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/12/14 10:03:24 | 000,001,868 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Mouse.lnk
    [2012/12/12 21:48:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/12/04 16:50:02 | 001,070,792 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/12/04 16:50:02 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2012/12/04 16:49:52 | 001,070,792 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/12/03 15:40:50 | 019,460,096 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
    [2012/12/03 15:40:50 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
    [2012/12/03 15:40:50 | 007,606,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
    [2012/12/03 15:40:50 | 005,955,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
    [2012/12/03 15:40:50 | 004,153,600 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
    [2012/12/03 15:40:50 | 002,611,560 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
    [2012/12/03 15:40:50 | 002,441,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
    [2012/12/03 15:40:50 | 002,283,884 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
    [2012/12/03 15:40:50 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
    [2012/12/03 15:40:50 | 001,011,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
    [2012/12/03 15:40:50 | 000,889,192 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
    [2012/12/03 15:40:50 | 000,012,951 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/02 14:35:09 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
    [2013/01/01 21:10:27 | 000,027,902 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\$(KGrHqRHJEkFC(6JS39GBQp6jqdinQ~~60_12.JPG
    [2013/01/01 21:09:59 | 002,179,146 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 7.JPG
    [2013/01/01 21:09:49 | 001,783,120 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 6.JPG
    [2013/01/01 21:09:41 | 002,357,446 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 5.JPG
    [2013/01/01 21:09:31 | 002,769,188 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 4.JPG
    [2013/01/01 21:09:20 | 003,121,303 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 3.JPG
    [2013/01/01 21:08:52 | 001,421,478 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\Sale of land to builder of Arthur Rd. houses dated 1914.jpg
    [2013/01/01 20:53:21 | 000,054,599 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\Railton.JPG
    [2013/01/01 20:52:32 | 001,991,604 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 2.JPG
    [2013/01/01 20:51:54 | 001,965,226 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo.JPG
    [2012/12/31 08:52:51 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk
    [2012/12/29 12:14:14 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk
    [2012/12/28 18:15:45 | 000,002,933 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js
    [2012/12/28 18:15:12 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.pad
    [2012/12/28 10:55:27 | 000,614,271 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Motorists Lord Prayer.jpg
    [2012/12/28 10:52:55 | 000,533,625 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Operas.jpg
    [2012/12/22 11:56:34 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/22 11:56:33 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/14 10:03:57 | 000,000,288 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    [2012/12/14 10:03:24 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Mouse.lnk
    [2012/12/04 16:46:54 | 000,012,951 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
    [2012/09/27 10:02:43 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/09/27 10:02:43 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/09/27 10:02:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2012/09/03 14:30:00 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\Jane\Local Settings\Application Data\funmoods.crx
    [2012/07/29 17:15:26 | 000,002,298 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
    [2012/04/09 17:26:11 | 000,007,680 | ---- | C] () -- C:\WINDOWS\38535671.exe
    [2012/04/09 17:26:11 | 000,000,486 | ---- | C] () -- C:\WINDOWS\38535671.dat
    [2012/02/15 14:24:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/09 21:40:00 | 002,283,884 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2011/12/24 15:54:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2011/11/29
  12. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    7
    Trophy Points:
    105
    That is the correct log but it is long! Parts are still cut off :(

    Let's try a different method. Click "New Reply". Scroll down the page and underneath the text box, look for New Attachment. Click Choose file. A window will appear, navigate to your USB drive (usually F: or G: ) and find that log on your USB. Select it, then click Open. The window will close, then click Add Attachment. Wait for the page to reload and click post reply
  13. edward1

    edward1 New Member

    Joined:
    Dec 31, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    15
    I have an error message "The type of file you attached is not allowed. Please remove the attachment or choose a diff. type."
  14. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    7
    Trophy Points:
    105
    Can you open the log, hold ctrl then F. A search box will appear. type in Files Created - No Company Name then press enter. It will take you to a section of the log. Then using your mouse, highlight everything after ========== Files Created - No Company Name ========== by left-clicking and holding the left-click button and drag your mouse to the bottom of the screen. The log will move up and you'll highlight everything.

    Once you reach the end of the log, let go of the left-click button and copy and paste the highlighted text to your next reply

    After going through the parts of the log you posted, your computer is severely infected with malware, adware, junkware and rogue software. We will start disinfecting it as soon as you post the remaining parts.
  15. edward1

    edward1 New Member

    Joined:
    Dec 31, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    15
  16. edward1

    edward1 New Member

    Joined:
    Dec 31, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    15
    Hi. When I press enter after typing in Files etc. a message is flashed up from Microsoft Works saying "Works has reached the end of he doc.. Do you want to continue searching at the beginning?"
    Over to you.
  17. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    7
    Trophy Points:
    105
    Hi,

    Oh you are using Microsoft Works, ok lets try: http://pastebin.com/

    Open your log, use the ctrl a method to select the entire log as before, then go to that site, under New Paste box, right-click to paste. Scroll down and press the submit button

    Then copy the URL/ link and paste it in your next reply
  18. edward1

    edward1 New Member

    Joined:
    Dec 31, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    15
    Hi. Hope this is ok.
    OTL logfile created on: 02/01/2013 14:39:02 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = D:\
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1023.29 Mb Total Physical Memory | 673.79 Mb Available Physical Memory | 65.85% Memory free
    2.41 Gb Paging File | 2.11 Gb Available in Paging File | 87.72% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 158.20 Gb Free Space | 67.93% Space Free | Partition Type: NTFS
    Drive D: | 7.20 Gb Total Space | 7.11 Gb Free Space | 98.78% Space Free | Partition Type: FAT32

    Computer Name: PETERCOMPUTERNO | User Name: Jane | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/02 14:26:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
    PRC - [2012/12/31 08:52:51 | 000,105,832 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
    PRC - [2012/12/28 20:12:06 | 008,939,896 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\HitmanPro.exe
    PRC - [2012/12/18 11:43:47 | 000,500,888 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\realplay.exe
    PRC - [2012/12/18 11:43:43 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/12/03 15:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/12/03 15:40:50 | 001,031,528 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
    PRC - [2012/11/22 13:53:01 | 001,681,472 | ---- | M] (Bandoo Media Inc) -- C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe
    PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 22:50:59 | 000,247,224 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2012/06/17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    PRC - [2012/01/23 04:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    PRC - [2012/01/23 04:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
    PRC - [2010/07/26 01:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2010/07/04 19:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
    PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe
    PRC - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe
    PRC - [2004/01/26 10:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/12/29 08:34:23 | 002,041,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12122900\algo.dll
    MOD - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    MOD - [2010/07/04 21:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
    MOD - [2010/07/04 19:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\Jane\wgsdgsdgdsgsd.dll -- (winmgmt)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/12/31 08:52:51 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
    SRV - [2012/12/14 10:09:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/03 15:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/12/01 19:56:57 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/09/24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2012/08/09 12:02:26 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2012/06/17 15:44:46 | 003,069,752 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
    SRV - [2012/01/23 04:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2012/01/04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2007/10/12 08:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk)
    SRV - [2007/08/02 13:42:16 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
    SRV - [2007/08/02 13:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/01/02 14:35:09 | 000,030,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
    DRV - [2012/12/31 12:00:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/10/30 22:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/10/30 22:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/10/30 22:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/04/30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
    DRV - [2012/01/04 14:28:36 | 000,016,128 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
    DRV - [2011/11/01 09:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2011/11/01 09:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2011/11/01 09:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2011/11/01 09:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
    DRV - [2011/11/01 09:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2011/11/01 09:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
    DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
    DRV - [2010/07/04 19:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
    DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2004/10/27 14:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
    DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
    DRV - [2003/12/08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn)
    DRV - [2003/12/08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&appid=179&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0754154125834112&q={searchTerms}
    IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=UP62
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchqu.com/web?src=ieb&appid=179&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=UP62DF&PC=UP62&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0754154125834112&q={searchTerms}
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.defaultenginename,S: S", "GadgetBox"
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: "http://search.gboxapp.com/?q="
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..browser.search.order.1,S: S", "GadgetBox"
    FF - prefs.js..browser.search.selectedEngine: "Search Results"
    FF - prefs.js..browser.search.selectedEngine,S: S", "GadgetBox"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
    FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.1
    FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0
    FF - prefs.js..extensions.enabledAddons: %7B33e0daa6-3af3-d8b5-6752-10e949c61516%7D:1.1
    FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
    FF - prefs.js..extensions.enabledAddons: %7BB1FC07E1-E05B-4567-8891-E63FBE545BA8%7D:1.2.0
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=0754154125834112&o=APN10645&q="
    FF - prefs.js..network.proxy.type: 0
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: ""
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.2.0: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.2.0: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/06/11 08:38:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/09 05:43:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B1FC07E1-E05B-4567-8891-E63FBE545BA8}: C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/10/15 11:34:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/01 19:57:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/18 11:44:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/04/17 18:52:51 | 000,000,000 | ---D | M]

    [2012/11/27 14:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Extensions
    [2012/04/22 17:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Extensions\home2@tomtom.com
    [2012/11/27 14:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions
    [2012/09/03 14:30:16 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
    [2012/10/28 19:54:47 | 000,000,000 | ---D | M] (PriceGong) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
    [2012/09/02 12:50:42 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    [2012/11/27 14:22:19 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
    [2012/04/20 20:06:00 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\appbar@alot.com
    [2011/10/01 09:05:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\ffxtlbr@babylon.com
    [2012/09/03 14:30:46 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\ffxtlbr@funmoods.com
    [2011/10/01 09:06:03 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\plugin@yontoo.com
    [2011/11/08 15:29:04 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\extensions\toolbar@ask.com
    [2011/11/09 17:30:30 | 000,002,581 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\askcom.xml
    [2012/08/08 09:16:43 | 000,000,487 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\GadgetBox.xml
    [2011/10/23 13:03:29 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\SearchResults.xml
    [2012/11/27 14:22:07 | 000,002,687 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\Search_Results.xml
    [2011/12/01 20:23:35 | 000,003,488 | ---- | M] () -- C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\dxwlwziu.default\searchplugins\talktalk-search.xml
    [2012/12/01 19:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/12/01 19:57:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2012/10/15 11:34:40 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\APPLICATION DATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
    [2012/11/09 05:43:30 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012/11/27 14:22:28 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
    [2012/12/01 19:57:01 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
    [2012/07/27 20:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
    [2012/12/18 11:44:10 | 000,153,296 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
    [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
    [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
    [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
    [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
    [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
    [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
    [2012/11/13 17:22:31 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
    [2012/12/18 11:43:51 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2012/09/06 01:26:22 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
    [2012/09/06 01:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/09/06 01:26:22 | 000,001,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
    [2012/09/06 01:26:22 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2011/10/23 13:03:29 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
    [2012/11/27 14:22:07 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
    [2012/10/13 12:20:07 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/09/06 01:26:22 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2012/09/06 01:26:22 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

    ========== Chrome ==========

    CHR - homepage: http://www.searchnu.com/406
    CHR - homepage: http://www.searchnu.com/406
    CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\
    CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
    CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.0_0\
    CHR - Extension: No name found = C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\Jane\Application Data\Complitly\Complitly.dll (SimplyGen)
    O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.5.0\PriceGongIE.dll (PriceGong)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (no name) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
    O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
    O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
    O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{A531D99C-5A22-449b-83DA-872725C6D0ED} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
    O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [] File not found
    O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [ISUSPM] C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
    O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - HKU\S-1-5-21-1060284298-1202660629-725345543-1006..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1060284298-1202660629-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1060284298-1202660629-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{903A9E6F-11D4-4546-8CD6-7BEDCE2C8D48}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)
    O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\IEBHO.dll) - C:\Program Files\Search Results Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)
    O20 - AppInit_DLLs: (c:\progra~1\sprote~1\sprote~1.dll) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/01/14 17:23:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/31 10:14:15 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/12/31 08:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\little common
    [2012/12/31 08:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
    [2012/12/31 08:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro
    [2012/12/31 08:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Application Data\Malwarebytes
    [2012/12/31 08:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    [2012/12/30 16:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\GridinSoft Trojan Killer
    [2012/12/29 12:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
    [2012/12/18 11:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2012/12/18 11:44:10 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/12/18 11:43:48 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/12/18 11:43:47 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/12/17 15:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Application Data\searchresultstb
    [2012/12/14 10:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Mouse
    [2012/12/14 10:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
    [2012/12/05 08:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Nero
    [2012/12/04 16:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
    [2012/12/04 16:52:23 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll
    [2012/12/04 16:52:23 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
    [2012/12/04 16:52:23 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
    [2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll
    [2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
    [2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
    [2012/12/04 16:52:23 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll
    [2012/12/04 16:52:23 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
    [2012/12/04 16:52:23 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
    [2012/12/04 16:52:23 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll
    [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll
    [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll
    [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll
    [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll
    [2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll
    [2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
    [2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
    [2012/12/04 16:52:23 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
    [2012/12/04 16:52:23 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
    [2012/12/04 16:52:23 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
    [2012/12/04 16:52:22 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll
    [2012/12/04 16:52:22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
    [2012/12/04 16:52:22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll
    [2012/12/04 16:52:22 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
    [2012/12/04 16:52:22 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll
    [2012/12/04 16:52:22 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
    [2012/12/04 16:52:22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll
    [2012/12/04 16:52:22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll
    [2012/12/04 16:46:50 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/02 14:35:09 | 000,030,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
    [2013/01/02 14:32:54 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2013/01/02 14:30:35 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/02 14:30:33 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/01/02 14:30:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2013/01/02 14:30:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2013/01/02 14:29:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/01/01 21:15:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/01 21:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/01/01 21:01:30 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2013/01/01 19:44:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/12/31 12:00:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/12/31 09:23:16 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk
    [2012/12/31 09:09:27 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk
    [2012/12/29 14:36:46 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/29 12:10:27 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.pad
    [2012/12/28 19:57:38 | 000,002,933 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js
    [2012/12/28 16:21:45 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/28 10:56:06 | 000,614,271 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Motorists Lord Prayer.jpg
    [2012/12/28 10:53:31 | 000,533,625 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Operas.jpg
    [2012/12/23 19:57:01 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Jane\My Documents\MOT Expiries.wps
    [2012/12/22 12:05:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/12/22 11:56:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/21 19:07:18 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/12/18 17:19:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/12/18 11:44:10 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/12/18 11:43:48 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/12/18 11:43:47 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/12/18 11:43:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2012/12/17 13:38:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
    [2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
    [2012/12/14 21:01:08 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    [2012/12/14 10:09:37 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/12/14 10:09:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/12/14 10:03:24 | 000,001,868 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Mouse.lnk
    [2012/12/12 21:48:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/12/04 16:50:02 | 001,070,792 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/12/04 16:50:02 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2012/12/04 16:49:52 | 001,070,792 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/12/03 15:40:50 | 019,460,096 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
    [2012/12/03 15:40:50 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
    [2012/12/03 15:40:50 | 007,606,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
    [2012/12/03 15:40:50 | 005,955,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
    [2012/12/03 15:40:50 | 004,153,600 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
    [2012/12/03 15:40:50 | 002,611,560 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
    [2012/12/03 15:40:50 | 002,441,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
    [2012/12/03 15:40:50 | 002,283,884 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
    [2012/12/03 15:40:50 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
    [2012/12/03 15:40:50 | 001,011,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
    [2012/12/03 15:40:50 | 000,889,192 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
    [2012/12/03 15:40:50 | 000,012,951 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/02 14:35:09 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
    [2013/01/01 21:10:27 | 000,027,902 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\$(KGrHqRHJEkFC(6JS39GBQp6jqdinQ~~60_12.JPG
    [2013/01/01 21:09:59 | 002,179,146 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 7.JPG
    [2013/01/01 21:09:49 | 001,783,120 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 6.JPG
    [2013/01/01 21:09:41 | 002,357,446 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 5.JPG
    [2013/01/01 21:09:31 | 002,769,188 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 4.JPG
    [2013/01/01 21:09:20 | 003,121,303 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 3.JPG
    [2013/01/01 21:08:52 | 001,421,478 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\Sale of land to builder of Arthur Rd. houses dated 1914.jpg
    [2013/01/01 20:53:21 | 000,054,599 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\Railton.JPG
    [2013/01/01 20:52:32 | 001,991,604 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 2.JPG
    [2013/01/01 20:51:54 | 001,965,226 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo.JPG
    [2012/12/31 08:52:51 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk
    [2012/12/29 12:14:14 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk
    [2012/12/28 18:15:45 | 000,002,933 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js
    [2012/12/28 18:15:12 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.pad
    [2012/12/28 10:55:27 | 000,614,271 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Motorists Lord Prayer.jpg
    [2012/12/28 10:52:55 | 000,533,625 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Operas.jpg
    [2012/12/22 11:56:34 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/22 11:56:33 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/14 10:03:57 | 000,000,288 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    [2012/12/14 10:03:24 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Mouse.lnk
    [2012/12/04 16:46:54 | 000,012,951 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
    [2012/09/27 10:02:43 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/09/27 10:02:43 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/09/27 10:02:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2012/09/03 14:30:00 | 000,031,465 | -
  19. Fiery

    Fiery 1 of the 4 MalwareTips Founder

    Joined:
    Jan 11, 2011
    Messages:
    2,056
    Likes Received:
    7
    Trophy Points:
    105
    Hi,

    The log is still cut off. The bottom part of the log is essential to see if you have certain rootkits (malware that can conceal itself and other files) on your computer.

    Can you scroll half way down the log and only copy & paste the 2nd half in your next reply? or use the link I gave you: http://pastebin.com/

    Alternatively, you can copy the content of the log onto notepad and save it on your clean computer and upload it as an attachment. Our site don't support Microsoft Works file extensions but it does support notepad files.
  20. edward1

    edward1 New Member

    Joined:
    Dec 31, 2012
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    15
    [hr]
    Hi. Thanks for your patience.Here we go!
    Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{903A9E6F-11D4-4546-8CD6-7BEDCE2C8D48}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)
    O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\IEBHO.dll) - C:\Program Files\Search Results Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)
    O20 - AppInit_DLLs: (c:\progra~1\sprote~1\sprote~1.dll) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/01/14 17:23:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/31 10:14:15 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/12/31 08:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\little common
    [2012/12/31 08:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
    [2012/12/31 08:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro
    [2012/12/31 08:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Application Data\Malwarebytes
    [2012/12/31 08:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    [2012/12/30 16:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\GridinSoft Trojan Killer
    [2012/12/29 12:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
    [2012/12/18 11:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2012/12/18 11:44:10 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/12/18 11:43:48 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/12/18 11:43:47 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/12/17 15:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jane\Application Data\searchresultstb
    [2012/12/14 10:03:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Mouse
    [2012/12/14 10:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
    [2012/12/05 08:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Nero
    [2012/12/04 16:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
    [2012/12/04 16:52:23 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll
    [2012/12/04 16:52:23 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
    [2012/12/04 16:52:23 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
    [2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll
    [2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
    [2012/12/04 16:52:23 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
    [2012/12/04 16:52:23 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll
    [2012/12/04 16:52:23 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
    [2012/12/04 16:52:23 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
    [2012/12/04 16:52:23 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll
    [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll
    [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll
    [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll
    [2012/12/04 16:52:23 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll
    [2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll
    [2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
    [2012/12/04 16:52:23 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
    [2012/12/04 16:52:23 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
    [2012/12/04 16:52:23 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
    [2012/12/04 16:52:23 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
    [2012/12/04 16:52:22 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll
    [2012/12/04 16:52:22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
    [2012/12/04 16:52:22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll
    [2012/12/04 16:52:22 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
    [2012/12/04 16:52:22 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll
    [2012/12/04 16:52:22 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
    [2012/12/04 16:52:22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll
    [2012/12/04 16:52:22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll
    [2012/12/04 16:46:50 | 001,874,280 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/02 14:35:09 | 000,030,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
    [2013/01/02 14:32:54 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2013/01/02 14:30:35 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/02 14:30:33 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/01/02 14:30:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2013/01/02 14:30:33 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2013/01/02 14:29:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/01/01 21:15:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/01 21:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/01/01 21:01:30 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2013/01/01 19:44:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/12/31 12:00:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/12/31 09:23:16 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk
    [2012/12/31 09:09:27 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk
    [2012/12/29 14:36:46 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/29 12:10:27 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.pad
    [2012/12/28 19:57:38 | 000,002,933 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js
    [2012/12/28 16:21:45 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/28 10:56:06 | 000,614,271 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Motorists Lord Prayer.jpg
    [2012/12/28 10:53:31 | 000,533,625 | ---- | M] () -- C:\Documents and Settings\Jane\Desktop\Operas.jpg
    [2012/12/23 19:57:01 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Jane\My Documents\MOT Expiries.wps
    [2012/12/22 12:05:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/12/22 11:56:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/21 19:07:18 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/12/18 17:19:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/12/18 11:44:10 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
    [2012/12/18 11:43:48 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
    [2012/12/18 11:43:47 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
    [2012/12/18 11:43:46 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2012/12/17 13:38:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
    [2012/12/16 12:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
    [2012/12/14 21:01:08 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    [2012/12/14 10:09:37 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/12/14 10:09:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/12/14 10:03:24 | 000,001,868 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Mouse.lnk
    [2012/12/12 21:48:22 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/12/04 16:50:02 | 001,070,792 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/12/04 16:50:02 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2012/12/04 16:49:52 | 001,070,792 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/12/03 15:40:50 | 019,460,096 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
    [2012/12/03 15:40:50 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
    [2012/12/03 15:40:50 | 007,606,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
    [2012/12/03 15:40:50 | 005,955,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
    [2012/12/03 15:40:50 | 004,153,600 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
    [2012/12/03 15:40:50 | 002,611,560 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
    [2012/12/03 15:40:50 | 002,441,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
    [2012/12/03 15:40:50 | 002,283,884 | ---- | M] () -- C:\WINDOWS\System32\nvdata.data
    [2012/12/03 15:40:50 | 001,874,280 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
    [2012/12/03 15:40:50 | 001,011,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
    [2012/12/03 15:40:50 | 000,889,192 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
    [2012/12/03 15:40:50 | 000,012,951 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/02 14:35:09 | 000,030,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
    [2013/01/01 21:10:27 | 000,027,902 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\$(KGrHqRHJEkFC(6JS39GBQp6jqdinQ~~60_12.JPG
    [2013/01/01 21:09:59 | 002,179,146 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 7.JPG
    [2013/01/01 21:09:49 | 001,783,120 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 6.JPG
    [2013/01/01 21:09:41 | 002,357,446 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 5.JPG
    [2013/01/01 21:09:31 | 002,769,188 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 4.JPG
    [2013/01/01 21:09:20 | 003,121,303 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 3.JPG
    [2013/01/01 21:08:52 | 001,421,478 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\Sale of land to builder of Arthur Rd. houses dated 1914.jpg
    [2013/01/01 20:53:21 | 000,054,599 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\Railton.JPG
    [2013/01/01 20:52:32 | 001,991,604 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo 2.JPG
    [2013/01/01 20:51:54 | 001,965,226 | ---- | C] () -- C:\Documents and Settings\Jane\My Documents\photo.JPG
    [2012/12/31 08:52:51 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\HitmanPro.lnk
    [2012/12/29 12:14:14 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Trojan Killer.lnk
    [2012/12/28 18:15:45 | 000,002,933 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.js
    [2012/12/28 18:15:12 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\dsgsdgdsgdsgw.pad
    [2012/12/28 10:55:27 | 000,614,271 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Motorists Lord Prayer.jpg
    [2012/12/28 10:52:55 | 000,533,625 | ---- | C] () -- C:\Documents and Settings\Jane\Desktop\Operas.jpg
    [2012/12/22 11:56:34 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/22 11:56:33 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1202660629-725345543-1005.job
    [2012/12/14 10:03:57 | 000,000,288 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    [2012/12/14 10:03:24 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Mouse.lnk
    [2012/12/04 16:46:54 | 000,012,951 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
    [2012/09/27 10:02:43 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2012/09/27 10:02:43 | 001,070,792 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2012/09/27 10:02:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2012/09/03 14:30:00 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\Jane\Local Settings\Application Data\funmoods.crx
    [2012/07/29 17:15:26 | 000,002,298 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
    [2012/04/09 17:26:11 | 000,007,680 | ---- | C] () -- C:\WINDOWS\38535671.exe
    [2012/04/09 17:26:11 | 000,000,486 | ---- | C] () -- C:\WINDOWS\38535671.dat
    [2012/02/15 14:24:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/09 21:40:00 | 002,283,884 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2011/12/24 15:54:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2011/11/29 15:52:47 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2011/06/12 15:30:06 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Jane\.recently-used.xbel
    [2011/04/12 10:32:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/04/12 09:53:03 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Jane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/10 11:30:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/04/10 11:24:19 | 000,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
    [2011/04/10 11:09:07 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
    [2011/04/09 22:11:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/04/09 22:09:58 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/04/09 21:37:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/04/09 21:34:28 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2011/04/09 21:27:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/10/02 11:01:52 | 000,011,800 | ---- | C] () -- C:\Program Files\xx.jpg

    ========== ZeroAccess Check ==========

    [2011/04/09 21:33:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2011/12/19 08:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2010/01/17 13:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
    [2010/05/06 08:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/01/26 15:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2010/08/09 13:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
    [2010/10/13 17:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2010/05/04 16:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/01/17 13:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/09/29 14:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
    [2012/07/11 13:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
    [2011/10/01 09:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
    [2012/11/28 08:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
    [2011/04/17 17:25:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
    [2011/04/11 20:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
    [2011/04/12 10:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FileCure
    [2012/11/01 14:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GBox
    [2012/12/31 10:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro
    [2012/08/08 09:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
    [2011/10/24 20:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
    [2012/10/10 09:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IsolatedStorage
    [2012/04/17 18:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nokia
    [2012/04/17 18:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NokiaInstallerCache
    [2011/04/11 20:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nuance
    [2012/11/21 09:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
    [2012/04/17 18:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
    [2012/08/08 09:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Premium
    [2011/04/11 20:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft
    [2011/04/10 15:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SupportSoft
    [2011/10/01 09:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
    [2012/04/05 17:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}
    [2012/03/03 21:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\alotappbar
    [2011/10/01 09:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Babylon
    [2011/04/14 21:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Canon Easy-WebPrint EX
    [2012/09/03 14:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Complitly
    [2011/06/12 15:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\deluge
    [2012/09/04 19:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Digiarty
    [2012/11/21 09:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\DriverCure
    [2012/09/03 14:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\EasyBurner
    [2012/11/21 18:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\ElevatedDiagnostics
    [2012/09/02 12:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\FreeBurner
    [2011/06/12 15:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\gtk-2.0
    [2012/12/17 15:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\ilividtoolbarguid
    [2012/10/10 09:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\IsolatedStorage
    [2012/04/17 18:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Nokia
    [2011/04/11 20:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Nuance
    [2012/11/21 09:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\ParetoLogic
    [2012/04/17 20:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\PC Suite
    [2012/12/29 11:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\PriceGong
    [2011/08/31 08:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\searchquband
    [2012/09/02 12:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\searchqutoolbar
    [2012/12/17 15:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\searchresultstb
    [2012/04/25 21:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\SuperPump
    [2011/05/11 17:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Template
    [2012/04/22 17:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\TomTom
    [2011/04/11 20:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jane\Application Data\Zeon

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA

    < End of report >

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads: Police Ransom
Forum Title Date
News Archive Cryptowall Infects Police Station Computers, Holds Files Hostage for Ransom Jun 10, 2014
Malware Removal Assistance Police ransomware windows 8.1 May 20, 2014
News Archive Police Ransomware threat of huge Fine forced Family to Commit Suicide Mar 13, 2014
News Archive Police pay $750 ransom to computer hackers Nov 22, 2013
Malware Removal Assistance I have a Police Central e-crime Unit ransomware which blocks EVERYTHING :( May 26, 2013

MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.