Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I keep getting this error at startup please help

Started by JoeBenyon , Oct 21 2011 12:43 PM

  • This topic is locked This topic is locked

#1
JoeBenyon
Posted 21 October 2011 - 12:43 PM

JoeBenyon

    Member

  • Member
  • PipPipPip
  • 153 posts
Hello, everytime I start up my laptop and logon I get this error message

"Error loading C:\Users\Joey\AppData\Local\(some strange dll name).dll
The specified module could not be found"

Please help me fix this.
Thanks, Joe.
  • 0

Advertisements

#2
Essexboy
Posted 21 October 2011 - 01:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there that is an infection

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
JoeBenyon
Posted 21 October 2011 - 02:22 PM

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
This is the OTL.txt


OTL logfile created on: 21/10/2011 20:54:32 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joey\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 65.62% Memory free
5.70 Gb Paging File | 4.22 Gb Available in Paging File | 74.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.88 Gb Total Space | 39.07 Gb Free Space | 17.53% Space Free | Partition Type: NTFS
Drive D: | 9.00 Gb Total Space | 1.22 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
Drive F: | 1021.00 Mb Total Space | 1016.93 Mb Free Space | 99.60% Space Free | Partition Type: FAT32

Computer Name: VERA-PC | User Name: Joey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/21 20:53:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Downloads\OTL.exe
PRC - [2011/09/27 21:34:02 | 000,894,304 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/09/27 20:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/09/20 12:39:48 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/09/08 13:41:20 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/08/25 15:02:06 | 000,476,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
PRC - [2011/08/25 14:58:30 | 000,291,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2011/08/15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/08/03 16:55:42 | 000,160,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/08/03 16:54:52 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
PRC - [2011/08/03 16:54:28 | 000,166,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/07/19 09:57:00 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/05/12 11:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 18:57:40 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2008/06/02 18:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008/05/30 17:36:20 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/05/21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008/05/14 18:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2008/05/14 18:54:36 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2008/05/13 12:47:28 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/05/13 12:47:28 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/05/12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/03/31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/10/12 10:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe
PRC - [2007/10/12 10:33:16 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtcmd.exe
PRC - [2007/08/02 15:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe
PRC - [2007/05/16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 17:54:58 | 011,804,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/13 17:54:44 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 17:53:49 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 17:53:40 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011/10/13 17:28:53 | 005,450,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 17:27:59 | 012,430,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 17:27:46 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 17:27:20 | 002,295,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll
MOD - [2011/10/13 17:27:13 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 17:27:11 | 014,328,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011/10/13 17:26:48 | 012,216,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011/10/13 17:26:31 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/13 17:26:26 | 007,950,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 17:26:04 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/30 16:12:40 | 000,412,728 | ---- | M] () -- C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll
MOD - [2011/09/30 16:12:39 | 003,696,184 | ---- | M] () -- C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 16:11:13 | 000,142,568 | ---- | M] () -- C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 16:11:12 | 000,253,320 | ---- | M] () -- C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 16:11:10 | 002,403,240 | ---- | M] () -- C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/09/29 21:06:57 | 008,587,936 | ---- | M] () -- C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
MOD - [2011/09/08 13:41:26 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011/08/28 22:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/05/13 12:40:50 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/08/14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/27 20:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/09/08 13:41:20 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/08/25 14:58:30 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (RumorServer)
SRV - [2011/08/25 14:58:30 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)
SRV - [2011/08/15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/08/03 16:55:42 | 000,160,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/08/03 16:54:28 | 000,166,024 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2011/07/19 09:57:00 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/05/12 11:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/06/02 18:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/05/30 17:36:20 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/05/21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/05/21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008/05/14 18:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008/05/12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/10/12 10:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk)
SRV - [2007/08/02 15:42:16 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/08/02 15:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk)
SRV - [2007/05/16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/07/19 09:57:00 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/07/19 09:57:00 | 000,338,040 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/07/19 09:57:00 | 000,180,008 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2011/07/19 09:57:00 | 000,164,776 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/07/19 09:57:00 | 000,119,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/07/19 09:57:00 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/07/19 09:57:00 | 000,064,712 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/07/19 09:57:00 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2011/07/03 14:23:37 | 000,022,528 | --S- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PsSdk30.drv -- (PsSdk30)
DRV - [2011/06/15 09:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/12/15 15:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/05/30 17:37:06 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/05/30 17:37:02 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/05/30 17:37:00 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/05/30 17:36:58 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/05/21 11:35:06 | 003,552,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/04/14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/10 18:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/04/07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/04/07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/02/29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/21 03:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...&bd=all&pf=cmnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - No CLSID value found
IE - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Joey\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Joey\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Joey\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2011/08/31 19:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/09/17 19:45:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C00439FC-907D-4B3F-8367-ED427CB3A5DC}: C:\Users\Joey\AppData\Local\{C00439FC-907D-4B3F-8367-ED427CB3A5DC} [2011/02/04 18:40:52 | 000,000,000 | ---D | M]

[2011/01/09 20:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Extensions
[2011/01/09 20:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://uk.search.yah...p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Joey\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Joey\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Chelsea FC = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\eanaknlfmaafbcpmaoencjmlmfaflkck\1.4_0\

O1 HOSTS File: ([2011/07/01 11:45:51 | 000,000,888 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 209.172.52.74 search.yahoo.com
O1 - Hosts: 209.172.52.74 www.bing.com
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110917133556.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\..\Toolbar\WebBrowser: (no name) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TalkTalk] C:\Program Files\TalkTalk\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006..\Run: [Speech Recognition] C:\windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006..\Run: [Xzebimezoc] rundll32.exe "C:\Users\Joey\AppData\Local\dpskbsc.dll",Startup File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1979 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1979 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\..Trusted Ranges: Range1979 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AD2F94C-3743-4A52-B03A-974EE6D2C0CD}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDCFC6B0-6F11-4654-B0F2-9AB6BAAADAB0}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (APSHook.dll) -C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Joey\Pictures\solo-sea-570.jpg
O24 - Desktop BackupWallPaper: C:\Users\Joey\Pictures\solo-sea-570.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\OblivionLauncher.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\steambackup2.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/21 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\Callum
[2011/10/21 19:26:54 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/21 19:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/20 18:18:03 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\as2rpg
[2011/10/20 17:41:43 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\rpg game
[2011/10/19 20:12:51 | 000,000,000 | ---D | C] -- C:\Users\Joey\.soulsplit
[2011/10/19 15:57:27 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\20051104-server
[2011/10/15 21:25:39 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\Meh
[2011/10/14 18:21:25 | 000,000,000 | ---D | C] -- C:\Users\Joey\Documents\.settings
[2011/10/13 20:44:13 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/13 19:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/10/13 19:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/10/13 18:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\AdobeFlashProCS5.5
[2011/10/10 15:48:45 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\LogMeIn Hamachi
[2011/10/10 15:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/10/10 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/10/10 07:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/10/10 07:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/10/10 07:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/10/10 07:41:37 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\Game
[2011/10/08 21:01:27 | 000,399,736 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Joey\uTorrent.exe
[2011/10/08 15:58:48 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{B28AC5BF-5B63-4DFB-9DB9-27414EA531DE}
[2011/10/08 15:58:36 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{18E447B2-4192-493A-901A-A1D665356B86}
[2011/10/07 19:06:42 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\.minecraft
[2011/10/07 18:28:10 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\gctmp
[2011/10/07 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Game Cam V2
[2011/10/07 17:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Minecraft
[2011/10/07 17:03:17 | 000,000,000 | ---D | C] -- C:\Users\Joey\Documents\My WeGame Videos
[2011/10/07 17:03:17 | 000,000,000 | ---D | C] -- C:\Users\Joey\Documents\My WeGame Screenshots
[2011/10/07 16:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\WeGame
[2011/10/07 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\WeGame
[2011/10/07 16:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\WeGame
[2011/10/07 15:41:45 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{1CD2FE77-7DF1-4B35-9D13-CE2EB8522C00}
[2011/10/07 15:41:33 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{D59E2715-52B3-4E72-BBAA-53D64AF8F14F}
[2011/10/06 19:31:31 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\AMD
[2011/10/06 19:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/10/06 19:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/10/06 19:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/10/06 19:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/10/06 19:16:27 | 000,000,000 | ---D | C] -- C:\ATI
[2011/10/06 18:18:20 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{1628AC15-B031-428E-A2BD-78E316DB750F}
[2011/10/06 18:18:07 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{899E40C3-2A37-4202-BD1F-5400B7D2DD1C}
[2011/10/04 19:38:59 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{C07242AF-F3BD-4E97-9439-33FE8C6974F7}
[2011/10/04 19:38:47 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{BF5CDC11-FDEA-483E-854C-186AFF7600F5}
[2011/10/03 17:06:16 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{358EB5A6-9C01-4919-BA16-A532139125A8}
[2011/10/03 17:06:03 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{C4136C83-491E-4BF6-8DFE-A2109A38DE75}
[2011/10/02 17:38:54 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{834130C8-50F6-4F44-AE45-274C6D74E8DB}
[2011/10/02 17:38:42 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{59806853-90DB-4F36-9A1D-3910DB2F2BC2}
[2011/10/01 14:38:32 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{9826CC3B-48F3-43FB-9814-692DFCC3B483}
[2011/10/01 14:38:20 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{39304BBF-A373-4EEB-A3D8-1ECB0CA7FBCA}
[2011/09/30 17:58:16 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{C6A99372-B53A-453F-B0C3-C0CA60C1952E}
[2011/09/30 15:34:01 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{D05BB804-C465-4873-BD8B-B626D3096280}
[2011/09/28 20:41:03 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{0327A231-7457-46BF-AD7A-BD91C0FA0EDF}
[2011/09/28 20:40:51 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{13A88C11-21B9-4AA2-B0EE-2B78E6358DD4}
[2011/09/27 17:15:50 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{7DDD476F-CFA0-407C-9C3E-13EE4071A2AD}
[2011/09/27 17:15:38 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{2D4B71CC-6DCA-4170-B9C9-60B6795EE87F}
[2011/09/26 20:26:12 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\TP
[2011/09/26 16:45:10 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{93FC7C1B-94D2-4CDF-8D20-05BA18769E7B}
[2011/09/26 16:44:58 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{7A97A2B6-DFF4-4C2B-8E0C-254AE7ED10BB}
[2011/09/25 20:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011/09/25 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\Paint.NET
[2011/09/25 15:32:13 | 000,000,000 | ---D | C] -- C:\Users\Joey\Minecraft
[2011/09/23 15:33:42 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{9C85AC37-1004-4ABB-BCEC-DAF82BCD6900}
[2011/09/23 15:33:28 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{394F08D7-89C9-4050-AD79-B90C8D0EB4DF}
[2011/09/22 19:08:10 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{E179A1E3-02B3-4F9D-8B3A-FFD51EFC29F7}
[2011/09/22 19:07:55 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{335CC9C4-2CC6-476D-BE77-F460438D9B33}
[2009/01/30 22:31:59 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009/01/30 22:31:58 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/21 19:28:09 | 000,002,521 | ---- | M] () -- C:\Users\Joey\Desktop\HiJackThis.lnk
[2011/10/21 19:20:45 | 000,694,754 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/10/21 19:20:45 | 000,142,954 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/10/21 19:13:43 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 19:13:43 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 19:13:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/21 19:13:32 | 2949,505,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/20 22:10:56 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2011/10/20 21:26:55 | 000,000,035 | ---- | M] () -- C:\Users\Joey\jagex_runescape_preferences.dat
[2011/10/20 21:25:59 | 000,000,129 | ---- | M] () -- C:\Users\Joey\jagex_runescape_preferences2.dat
[2011/10/20 18:07:49 | 000,009,755 | ---- | M] () -- C:\Users\Joey\Documents\platformgame2.fla
[2011/10/20 18:07:06 | 000,001,391 | ---- | M] () -- C:\Users\Joey\Documents\platformgame2.swf
[2011/10/20 18:04:42 | 000,001,299 | ---- | M] () -- C:\Users\Joey\Documents\platformgame1.swf
[2011/10/19 15:55:21 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3688371679-3231779085-4022764246-1006Core1cc8e6f1fefa1c7.job
[2011/10/18 18:59:45 | 000,002,771 | ---- | M] () -- C:\Users\Joey\Documents\anim1wave.swf
[2011/10/18 18:59:35 | 000,377,863 | ---- | M] () -- C:\Users\Joey\Documents\pointandclickadventure1.fla
[2011/10/18 18:55:05 | 000,082,719 | ---- | M] () -- C:\Users\Joey\Documents\pointandclickadventure1.swf
[2011/10/18 18:01:21 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cc8db78f8afcf3.job
[2011/10/16 20:41:28 | 000,014,916 | ---- | M] () -- C:\Users\Joey\Documents\escapechapter1.fla
[2011/10/16 20:25:23 | 000,002,043 | ---- | M] () -- C:\Users\Joey\Documents\escapechapter1.swf
[2011/10/16 17:50:01 | 000,017,590 | ---- | M] () -- C:\Users\Joey\Documents\anim1wave.fla
[2011/10/16 17:01:48 | 000,004,394 | ---- | M] () -- C:\Users\Joey\Documents\testanim.swf
[2011/10/16 16:46:09 | 000,022,851 | ---- | M] () -- C:\Users\Joey\Documents\testanim.fla
[2011/10/16 14:25:00 | 000,000,829 | ---- | M] () -- C:\Users\Joey\Documents\.actionScriptProperties
[2011/10/16 14:25:00 | 000,000,474 | ---- | M] () -- C:\Users\Joey\Documents\.project
[2011/10/15 21:47:13 | 000,092,672 | ---- | M] () -- C:\Users\Joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 21:28:11 | 000,009,917 | ---- | M] () -- C:\Users\Joey\Documents\platformgame1.fla
[2011/10/15 20:07:59 | 000,000,600 | ---- | M] () -- C:\Users\Joey\AppData\Local\PUTTY.RND
[2011/10/14 22:10:22 | 000,133,177 | ---- | M] () -- C:\Users\Joey\Documents\dressupnearlydone.fla
[2011/10/14 22:09:35 | 000,133,136 | ---- | M] () -- C:\Users\Joey\Documents\dressup3.fla
[2011/10/14 22:08:04 | 000,021,886 | ---- | M] () -- C:\Users\Joey\Documents\dressup3.swf
[2011/10/14 18:25:06 | 000,002,080 | ---- | M] () -- C:\Users\Joey\Documents\dressup3.html
[2011/10/14 18:21:23 | 000,004,365 | ---- | M] () -- C:\Users\Joey\Documents\AuthortimeSharedAssets.fla
[2011/10/14 18:20:32 | 000,129,311 | ---- | M] () -- C:\Users\Joey\Documents\dressup1.fla
[2011/10/14 17:20:22 | 000,085,271 | ---- | M] () -- C:\Users\Joey\Documents\dressup2.fla
[2011/10/14 17:13:42 | 000,018,615 | ---- | M] () -- C:\Users\Joey\Documents\dressup1.swf
[2011/10/13 21:12:40 | 000,020,050 | ---- | M] () -- C:\Users\Joey\Documents\Untitled-3.fla
[2011/10/13 20:07:18 | 000,000,352 | ---- | M] () -- C:\windows\tasks\AdobeAAMUpdater-1.0-vera-PC-Joey.job
[2011/10/13 20:06:59 | 000,007,263 | ---- | M] () -- C:\Users\Joey\Documents\Untitled-2.fla
[2011/10/13 17:22:53 | 000,453,920 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/10/07 18:39:26 | 000,001,523 | ---- | M] () -- C:\Users\Joey\Application Data\Microsoft\Internet Explorer\Quick Launch\MinecraftSP - Shortcut.lnk
[2011/10/07 18:25:06 | 000,001,523 | ---- | M] () -- C:\Users\Joey\Desktop\MinecraftSP - Shortcut.lnk
[2011/10/05 16:02:34 | 000,001,999 | ---- | M] () -- C:\Users\Joey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/05 16:02:33 | 000,002,037 | ---- | M] () -- C:\Users\Joey\Desktop\Google Chrome.lnk
[2011/09/30 20:38:35 | 000,000,938 | ---- | M] () -- C:\Users\Joey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/09/25 20:11:35 | 000,002,722 | ---- | M] () -- C:\Users\Joey\.recently-used.xbel
[2011/09/25 20:03:50 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/09/25 17:41:23 | 000,003,741 | ---- | M] () -- C:\Users\Joey\pack.png
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/21 19:26:54 | 000,002,521 | ---- | C] () -- C:\Users\Joey\Desktop\HiJackThis.lnk
[2011/10/20 18:06:01 | 000,001,391 | ---- | C] () -- C:\Users\Joey\Documents\platformgame2.swf
[2011/10/20 18:05:41 | 000,009,755 | ---- | C] () -- C:\Users\Joey\Documents\platformgame2.fla
[2011/10/19 15:55:21 | 000,000,852 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3688371679-3231779085-4022764246-1006Core1cc8e6f1fefa1c7.job
[2011/10/18 18:59:44 | 000,002,771 | ---- | C] () -- C:\Users\Joey\Documents\anim1wave.swf
[2011/10/18 18:01:21 | 000,000,882 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cc8db78f8afcf3.job
[2011/10/17 21:46:19 | 000,082,719 | ---- | C] () -- C:\Users\Joey\Documents\pointandclickadventure1.swf
[2011/10/16 21:01:05 | 000,377,863 | ---- | C] () -- C:\Users\Joey\Documents\pointandclickadventure1.fla
[2011/10/16 19:47:46 | 000,002,043 | ---- | C] () -- C:\Users\Joey\Documents\escapechapter1.swf
[2011/10/16 19:04:03 | 000,014,916 | ---- | C] () -- C:\Users\Joey\Documents\escapechapter1.fla
[2011/10/16 17:50:00 | 000,017,590 | ---- | C] () -- C:\Users\Joey\Documents\anim1wave.fla
[2011/10/16 17:01:48 | 000,004,394 | ---- | C] () -- C:\Users\Joey\Documents\testanim.swf
[2011/10/16 16:46:08 | 000,022,851 | ---- | C] () -- C:\Users\Joey\Documents\testanim.fla
[2011/10/15 21:26:35 | 000,001,299 | ---- | C] () -- C:\Users\Joey\Documents\platformgame1.swf
[2011/10/15 21:17:20 | 000,009,917 | ---- | C] () -- C:\Users\Joey\Documents\platformgame1.fla
[2011/10/14 22:10:21 | 000,133,177 | ---- | C] () -- C:\Users\Joey\Documents\dressupnearlydone.fla
[2011/10/14 18:25:06 | 000,002,080 | ---- | C] () -- C:\Users\Joey\Documents\dressup3.html
[2011/10/14 18:25:05 | 000,021,886 | ---- | C] () -- C:\Users\Joey\Documents\dressup3.swf
[2011/10/14 18:21:25 | 000,000,829 | ---- | C] () -- C:\Users\Joey\Documents\.actionScriptProperties
[2011/10/14 18:21:25 | 000,000,474 | ---- | C] () -- C:\Users\Joey\Documents\.project
[2011/10/14 18:21:23 | 000,004,365 | ---- | C] () -- C:\Users\Joey\Documents\AuthortimeSharedAssets.fla
[2011/10/14 18:21:15 | 000,133,136 | ---- | C] () -- C:\Users\Joey\Documents\dressup3.fla
[2011/10/14 17:20:22 | 000,085,271 | ---- | C] () -- C:\Users\Joey\Documents\dressup2.fla
[2011/10/14 17:00:12 | 000,018,615 | ---- | C] () -- C:\Users\Joey\Documents\dressup1.swf
[2011/10/14 16:43:18 | 000,129,311 | ---- | C] () -- C:\Users\Joey\Documents\dressup1.fla
[2011/10/13 21:12:40 | 000,020,050 | ---- | C] () -- C:\Users\Joey\Documents\Untitled-3.fla
[2011/10/13 20:07:18 | 000,000,352 | ---- | C] () -- C:\windows\tasks\AdobeAAMUpdater-1.0-vera-PC-Joey.job
[2011/10/13 20:06:58 | 000,007,263 | ---- | C] () -- C:\Users\Joey\Documents\Untitled-2.fla
[2011/10/13 19:18:13 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/10/10 21:54:51 | 000,000,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
[2011/10/09 16:03:07 | 000,000,600 | ---- | C] () -- C:\Users\Joey\AppData\Local\PUTTY.RND
[2011/10/07 18:39:26 | 000,001,523 | ---- | C] () -- C:\Users\Joey\Application Data\Microsoft\Internet Explorer\Quick Launch\MinecraftSP - Shortcut.lnk
[2011/09/25 20:11:35 | 000,002,722 | ---- | C] () -- C:\Users\Joey\.recently-used.xbel
[2011/09/25 20:03:50 | 000,000,946 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/09/25 20:03:50 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/09/25 17:41:23 | 000,003,741 | ---- | C] () -- C:\Users\Joey\pack.png
[2011/09/23 15:54:07 | 000,001,523 | ---- | C] () -- C:\Users\Joey\Desktop\MinecraftSP - Shortcut.lnk
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\windows\System32\OVDecode.dll
[2011/08/11 12:47:43 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2011/07/03 21:57:02 | 000,000,680 | ---- | C] () -- C:\Users\Joey\AppData\Local\d3d9caps.dat
[2011/07/03 14:23:37 | 000,022,528 | --S- | C] () -- C:\windows\System32\drivers\PsSdk30.drv
[2011/06/25 21:38:01 | 000,001,676 | -H-- | C] () -- C:\Users\Joey\AppData\Local\GDIPFONT298ROMV32.DAT
[2011/06/07 17:49:17 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll
[2011/06/07 17:49:15 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2011/06/07 17:49:01 | 002,712,064 | ---- | C] () -- C:\windows\System32\x264vfw.dll
[2011/06/07 17:49:01 | 000,631,808 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2011/06/07 17:49:01 | 000,243,200 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2011/06/07 17:49:00 | 000,080,896 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2011/02/04 23:22:25 | 000,006,551 | ---- | C] () -- C:\Users\Joey\AppData\Roaming\UserTile.png
[2011/02/04 18:40:53 | 000,000,120 | ---- | C] () -- C:\Users\Joey\AppData\Local\Flizehez.dat
[2011/02/04 18:40:53 | 000,000,000 | ---- | C] () -- C:\Users\Joey\AppData\Local\Mqogijefedawevev.bin
[2011/01/30 01:18:10 | 000,000,752 | ---- | C] () -- C:\windows\AnimatorDV.INI
[2011/01/04 22:44:16 | 000,092,672 | ---- | C] () -- C:\Users\Joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/02 08:33:54 | 000,015,360 | ---- | C] () -- C:\windows\System32\bdmjpeg.dll
[2010/09/02 08:32:52 | 000,058,368 | ---- | C] () -- C:\windows\System32\bdmpegv.dll
[2009/09/11 22:17:15 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2009/09/11 22:17:15 | 000,107,612 | ---- | C] () -- C:\windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/02/21 20:44:23 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/02/21 18:51:34 | 000,000,750 | ---- | C] () -- C:\windows\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2009/01/31 05:09:05 | 000,000,012 | ---- | C] () -- C:\windows\bthservsdp.dat
[2009/01/30 23:55:34 | 000,018,904 | ---- | C] () -- C:\windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/30 22:31:59 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009/01/30 22:31:59 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009/01/30 22:31:59 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2008/11/06 15:23:12 | 000,003,584 | ---- | C] () -- C:\windows\System32\wceprv.dll
[2008/10/22 05:29:06 | 000,173,550 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2008/06/26 07:56:29 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008/06/26 07:56:29 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008/06/26 07:56:29 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008/06/26 07:56:29 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008/06/26 07:56:29 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008/06/26 07:56:29 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008/06/26 07:25:27 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008/06/26 06:39:46 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2008/05/30 17:36:58 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008/05/21 10:38:12 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2008/05/21 10:09:24 | 003,107,788 | ---- | C] () -- C:\windows\System32\atiumdva.dat
[2008/03/06 11:40:54 | 000,168,883 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2008/03/04 20:02:00 | 000,090,112 | ---- | C] () -- C:\windows\System32\atibrtmon.exe
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2006/11/02 13:47:37 | 000,453,920 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,694,754 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,142,954 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005/04/03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[1998/05/07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll

========== LOP Check ==========

[2011/10/16 16:16:08 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\.minecraft
[2011/07/25 14:53:50 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\BANDISOFT
[2011/02/12 21:41:17 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Blender Foundation
[2011/10/13 20:44:13 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/24 19:44:38 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Daynmo
[2011/09/05 16:05:03 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\DriverCure
[2011/04/25 19:40:29 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Electronic Arts
[2011/10/19 16:37:04 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\FileZilla
[2011/02/18 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\GameTuts
[2011/09/25 20:11:35 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\gtk-2.0
[2011/01/24 23:03:46 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\LEGO Company
[2011/09/29 19:56:24 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\MAGIX
[2011/07/06 17:23:30 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Obzyt
[2011/07/03 23:35:12 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Opguse
[2011/02/04 23:22:25 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\PeerNetworking
[2011/08/29 17:22:24 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\PFStaticIP
[2011/03/10 21:13:13 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Publish Providers
[2011/02/28 17:32:26 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Qyhy
[2011/06/23 19:03:03 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Registry Mechanic
[2011/03/10 21:13:04 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Sony
[2011/09/05 16:05:02 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\SpeedMaxPc
[2011/10/09 17:32:23 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\SystemRequirementsLab
[2011/08/24 14:17:36 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\TeamViewer
[2011/09/03 15:55:18 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Tunngle
[2011/05/15 14:07:49 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Unity
[2011/07/03 23:24:09 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Urqy
[2011/10/16 21:04:50 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\uTorrent
[2011/01/09 20:34:59 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Vivox
[2011/03/19 23:40:13 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\WhiteSmoke
[2011/07/11 17:18:51 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Ylnuy
[2011/08/11 20:30:58 | 000,000,000 | ---D | M] -- C:\Users\vera\AppData\Roaming\IMVU
[2011/07/18 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\vera\AppData\Roaming\IMVUClient
[2009/03/22 20:56:26 | 000,000,000 | ---D | M] -- C:\Users\vera\AppData\Roaming\InterVideo
[2011/09/05 16:32:07 | 000,000,370 | ---- | M] () -- C:\windows\Tasks\RegAce Scheduled Scan - Joey.job
[2011/08/31 14:03:43 | 000,032,622 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2011/08/31 13:14:07 | 000,000,282 | -H-- | M] () -- C:\windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/08/31 13:39:04 | 000,000,244 | -H-- | M] () -- C:\windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/08/31 13:10:04 | 000,000,282 | -H-- | M] () -- C:\windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/10/07 18:29:24 | 000,004,608 | ---- | M] () MD5=5D5682BC4894D7EA6B5B6466B2D5F60C -- C:\Users\Joey\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v049D98E1\Native\STUBEXE\@WINDIR@\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Joey\Documents\Test.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Joey\Documents\clip0006.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Joey\Documents\clip0005.avi:TOC.WMV
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#4
JoeBenyon
Posted 21 October 2011 - 02:23 PM

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
This is the Extras.txt

OTL Extras logfile created on: 21/10/2011 20:54:32 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joey\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 65.62% Memory free
5.70 Gb Paging File | 4.22 Gb Available in Paging File | 74.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.88 Gb Total Space | 39.07 Gb Free Space | 17.53% Space Free | Partition Type: NTFS
Drive D: | 9.00 Gb Total Space | 1.22 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
Drive F: | 1021.00 Mb Total Space | 1016.93 Mb Free Space | 99.60% Space Free | Partition Type: FAT32

Computer Name: VERA-PC | User Name: Joey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{075EA5B6-2379-460C-AF5C-DC251B89530B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A6EF50B-743F-44DF-BE14-5075997865FC}" = lport=25567 | protocol=6 | dir=in | name=minecraft1 |
"{0BCFAE93-02E2-47AB-883A-D456F58AF3EC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F6E494C-F967-42D5-825B-DE1D92FC90DA}" = lport=3390 | protocol=6 | dir=in | app=system |
"{10806C69-08A7-428D-9A8C-FD9013B9A016}" = lport=3390 | protocol=6 | dir=in | app=system |
"{181A8040-3F8D-4D8C-9EDB-F5AC7DBED419}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C0E0F98-137C-4572-9CBE-FE9048F0BCD6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1DB35E6E-BB7C-49EB-9BC2-1D0E9C440C5F}" = lport=25565 | protocol=6 | dir=in | name=minecraft |
"{1E4C1E24-1E20-4F8E-96DC-E944C702F886}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1EAE635D-1E7B-4528-9564-97C274025F9B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{26C9A14A-73B3-4970-85AD-AE877DC65D6D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39F0811B-8DFE-4CB0-92FE-3888DCF1836B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{3B1B2B49-AAF7-467E-BE30-00AC78317B01}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C2EF8D8-62EA-44E6-9DCF-1C7B5BB09EF1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{3DB9E3F9-529E-4780-A4FA-B93D0193E2E6}" = lport=445 | protocol=6 | dir=in | app=system |
"{4CE49257-364B-496C-A19D-8CA3FD2E023C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{50CFD20D-268F-439F-89D3-355D631753E3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{58C5BE86-7BD7-453A-80C4-5E1F05804AD4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{61D8725E-BED9-4D11-BE2A-6B9F0DB2673F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{6593821D-AA84-47B7-8B7E-F2BAA01EE019}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6B0B4DF7-7529-4171-94C7-2AD6F9E29890}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{70BDC880-3329-4EDB-9209-AEA257775F2D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E5C7266-5934-46A2-ADFE-43E26BC6841F}" = lport=80 | protocol=6 | dir=in | [email protected],-50 |
"{80DDC22F-8D31-4243-96D6-ACFC86A3AB52}" = lport=25566 | protocol=6 | dir=in | name=minecraft2 |
"{84E6EB78-5FEC-418C-98A1-34E3885134C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{881D8C96-7588-4F7E-AB52-FBA5474AC95B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8A07CAB1-7006-4B39-9F66-786174C60920}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A1A59CF-E5ED-4B4E-9741-1070C7D792C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8EC6DF19-542D-405C-9E2E-9BB19FFF443F}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{90EA089E-B600-4AF4-8824-0F9CF69247F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{98521F77-0F97-4169-9625-E38B147AB1FB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0DDDCF9-79A1-4C34-ADAC-DD8B54C0B7FB}" = rport=10244 | protocol=6 | dir=out | app=system |
"{A2DF3009-3FF6-4424-B9AC-F24FE131F71D}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A7CAB76B-1DF1-452A-B8BE-A27ADC3E1591}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABB5E8D1-84A1-4CAE-A791-A951141491B3}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B7ACDDF9-3914-40E5-A0F2-5F91CF0541DA}" = lport=5985 | protocol=6 | dir=in | app=system |
"{C3B4824A-BB85-4609-A979-7F6619F841C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9F8F10C-DA93-4FFE-9A1D-1EF8389DCC10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE4E0221-DC5F-4452-B79F-8295AE89AF6A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E5207F80-2EB8-4C44-A396-ADAB1B22DC74}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9CECCA9-1263-44E3-AE55-0A2118244117}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{EA8C1FE3-2C75-441B-9449-35C33F1547B3}" = lport=10244 | protocol=6 | dir=in | app=system |
"{FB8D82A1-BAA5-4A2C-B1EF-893E6F481015}" = lport=7777 | protocol=17 | dir=in | name=samp-server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0779DDC6-5762-4074-B826-505829A41592}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{08342447-A05E-4E90-9F9D-631503BD6936}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{0CC529F3-64BD-4A1D-86DF-0F149319E407}" = protocol=6 | dir=in | app=c:\program files\talktalk\agent\bin\bcont_nm.exe |
"{0F023CBE-E33D-4101-B890-A2451511EBE1}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{11796110-491E-4A8D-8922-E5457E0F414C}" = protocol=17 | dir=in | app=c:\program files\common files\supportsoft\bin\tgsrvc.exe |
"{11D24DC8-D5FE-42AA-BAE5-7555BCDEFE4F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{15E4473F-6261-44B1-98E5-2EEEA648A880}" = protocol=6 | dir=in | app=c:\program files\common files\supportsoft\bin\tgsrvc.exe |
"{1B107231-17D6-409F-BE70-73E0035F5701}" = protocol=6 | dir=in | app=c:\users\joey\desktop\minecraft\minecraftsp.exe |
"{1C1CB89B-B719-4BB3-9697-135F9896BAAE}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{1F51D9B0-49FC-47B8-A000-3B49797F8DB0}" = protocol=17 | dir=in | app=c:\program files\talktalk\agent\bin\bcont_nm.exe |
"{25ED31DD-A1F5-43BE-86DB-9C1B94736E65}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{32C46BB3-7D21-4EF4-8CF3-DE8A1DF10233}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{3D4DB8F8-7712-408C-A1F6-D0AE055157B2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{48FC97EF-90A7-4FAC-9DE8-3D197DF6132A}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{5C1777F0-F3E9-4CF0-BC97-3AA6D16F5F48}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{72617C41-6597-411A-A11B-F3B3D5DEDEA9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7ED38ABB-F0F7-4AC3-B8C4-71659947AF1A}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{815E650F-7D43-470C-8AF0-4F1E83C41A78}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87269A58-5C2E-40D5-A776-EB4C630D1D13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{884E73BC-5C06-4ACA-82BB-AFE1138D305D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{8BAAAC0E-C6F0-4E89-A2B6-88F75BD8C917}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{8C2138E3-E130-4B77-9215-B333EE473749}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{950DC623-4A7D-4F91-8459-0069252DAA59}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{9C0F28F5-4E69-43A2-8D7D-4CB3F000AE58}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{9EA2114C-31FF-4809-9226-8F6CCA8270D5}" = protocol=17 | dir=in | app=c:\users\joey\desktop\minecraft\minecraftsp.exe |
"{A246E0D3-E435-486E-B7B2-73CF3B143DFE}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{AF96C67C-7E36-482D-A1A1-60E3C53AFDFF}" = protocol=6 | dir=in | app=c:\program files\talktalk\agent\bin\bcont.exe |
"{B26CF163-D604-4557-BBFD-30624A086F80}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D09C2BB0-C5D9-49B2-B6E6-7B9CA4CC712A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D10C7A03-A968-4F9A-8674-75EE582B3556}" = protocol=17 | dir=in | app=c:\program files\talktalk\agent\bin\bcont.exe |
"{DB67C323-3C4C-4CC7-9D3B-8D92F7D8937F}" = protocol=6 | dir=in | app=c:\program files\talktalk\bin\sprtcmd.exe |
"{E08AFF97-85F0-4FA0-AF41-3DBF6A3C6A60}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{EA48E217-20AE-4F04-934A-3444F3E22308}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F9045836-8284-45B9-B9C1-9658D251A30A}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{FAEC5F7F-EAC9-4BC0-A094-C9C868409614}" = protocol=17 | dir=in | app=c:\program files\talktalk\bin\sprtcmd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6202
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{12D61C9C-5E84-47F0-BD81-A48DF61A86D7}" = Vista Default Settings
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{23E445D5-FD83-4C50-A211-EB26A2975317}" = Adobe Flash Professional CS5.5
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2ACA66D0-7C67-4235-90B5-7AB382FF8633}" = HP 3D DriveGuard
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (RADIONOMY536765)
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DACC3F4-2007-A5EE-5FFF-129338EC89E6}" = CCC Help English
"{3E88F774-1C97-445D-873F-988C0D704B61}" = MAGIX Screenshare
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4850B023-A9C0-4D15-8DE6-326028CAB499}" = Visual C++ 8.0 x86 Runtime Setup Package
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6603BC18-EEF7-7936-77BF-76861115E674}" = Catalyst Control Center Graphics Previews Common
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6900A138-9017-4F61-AA98-F69AC31DC419}" = MAGIX Speed 2 (MSI)
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{7A61142C-CA19-4F3C-BA66-FF8F131501F9}" = Paint.NET v3.5.9
"{7B093237-EDA8-4CF9-90A4-2E9DA6150423}" = IObit Toolbar v4.7
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{840D2B01-6A05-1D0D-DCD2-59567DE0E0BC}" = AMD Fuel
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96963F83-7F17-4941-B16C-1E790455E93A}" = McAfee SiteAdvisor Enterprise Plus
"{992AC5B1-52BC-4CD8-9419-70B51D11F01B}" = MAGIX Speed burnR (MSI)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C542173-96F0-435D-A95C-468CAAC75EA0}" = Adobe Flash Player 10 Plugin
"{9CDB5063-D699-42BA-9135-7B8C4ECAC856}" = BIOS Configuration for HP ProtectTools
"{9CE4B7FA-8626-316B-B483-FCEF49E27430}" = AMD Catalyst Install Manager
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B69ACD10-CFD2-49D0-A883-9226F6DC37CD}" = Messenger Plus! Chrome Community Smartbar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBC24502-5EB5-45B6-9E56-E6A2F6AFA367}" = HP JavaCard for HP ProtectTools
"{CC5FA098-131A-5648-31D5-825692C72B2C}" = AMD VISION Engine Control Center
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D084B1A9-153B-409D-AEBF-C40FCEF925EA}" = TalkTalk Assist & Go
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D405A9E1-5D02-46FB-A2B3-796F1F218B32}" = HP ProtectTools Security Manager
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F44F0A3A-2110-4705-B5EC-D5B6371F53C1}" = Visual C++ 8.0 x86 Runtime Setup Package
"{F657EF23-08BB-4C8D-B688-78C20FA657EA}" = Drive Encryption for HP ProtectTools
"{F940D29F-DDAB-390B-1307-B132C693DD39}" = Catalyst Control Center InstallProxy
"{F99F26DF-CCDE-F5F6-02AD-ABA8AAB51ADE}" = ccc-utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.2
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Blender" = Blender
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Fraps" = Fraps (remove only)
"FXhome EffectsLab Pro" = FXhome EffectsLab Pro (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"McAfeeBrowserProtection" = McAfee Browser Protection Service
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MVS" = McAfee Virus and Spyware Protection Service
"NSS" = Norton Security Scan
"PDF Complete" = PDF Complete
"PowerISO" = PowerISO
"Prism" = Prism Video File Converter
"SAM3" = SAM Broadcaster v4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnityWebPlayer" = Unity Web Player (All users)
"VideoPad" = VideoPad Video Editor
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3688371679-3231779085-4022764246-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.1.0
"FileZilla Client" = FileZilla Client 3.5.1
"Google Chrome" = Google Chrome
"Mixxx (1.9.0)" = Mixxx 1.9.0

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#5
JoeBenyon
Posted 21 October 2011 - 02:26 PM

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
This is the aswMBR.txt


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-21 21:24:21
-----------------------------
21:24:21.231 OS Version: Windows 6.0.6002 Service Pack 2
21:24:21.231 Number of processors: 2 586 0x301
21:24:21.233 ComputerName: VERA-PC UserName: Joey
21:24:23.131 Initialze error 0
21:24:51.405 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:24:51.416 Disk 0 Vendor: TOSHIBA_MK2552GSX LV011C Size: 238475MB BusType: 3
21:24:53.504 Disk 0 MBR read successfully
21:24:53.517 Disk 0 MBR scan
21:24:53.529 Disk 0 Windows VISTA default MBR code
21:24:53.574 Disk 0 scanning sectors +488397168
21:24:53.733 Disk 0 scanning C:\windows\system32\drivers
21:24:53.747 Service scanning
21:24:56.890 Modules scanning
21:24:57.886 Disk 0 trace - called modules:
21:24:57.927 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys ataport.SYS PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
21:24:57.934 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e06030]
21:24:57.939 3 CLASSPNP.SYS[807cf8b3] -> nt!IofCallDriver -> [0x85e9cb70]
21:24:57.945 5 hpdskflt.sys[8adbf065] -> nt!IofCallDriver -> [0x853bb8d0]
21:24:58.312 7 acpi.sys[806106bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85e928d8]
21:24:58.325 Scan finished successfully
21:25:14.660 Disk 0 MBR has been saved successfully to "C:\Users\Joey\Downloads\MBR.dat"
21:25:14.743 The log file has been saved successfully to "C:\Users\Joey\Downloads\aswMBR.txt"
  • 0

#6
Essexboy
Posted 21 October 2011 - 02:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you also having problems with google search ?


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - No CLSID value found
    O3 - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006\..\Toolbar\WebBrowser: (no name) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-3688371679-3231779085-4022764246-1006..\Run: [Xzebimezoc] rundll32.exe "C:\Users\Joey\AppData\Local\dpskbsc.dll",Startup File not found
    [2011/02/04 18:40:53 | 000,000,120 | ---- | C] () -- C:\Users\Joey\AppData\Local\Flizehez.dat
    [2011/02/04 18:40:53 | 000,000,000 | ---- | C] () -- C:\Users\Joey\AppData\Local\Mqogijefedawevev.bin
    [2011/07/06 17:23:30 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Obzyt
    [2011/07/03 23:35:12 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Opguse
    [2011/03/19 23:40:13 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\WhiteSmoke
    [2011/07/11 17:18:51 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Ylnuy
    [2011/08/31 13:14:07 | 000,000,282 | -H-- | M] () -- C:\windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2011/08/31 13:39:04 | 000,000,244 | -H-- | M] () -- C:\windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
    [2011/08/31 13:10:04 | 000,000,282 | -H-- | M] () -- C:\windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
JoeBenyon
Posted 21 October 2011 - 02:31 PM

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
I used to have problems with google where it would take me to a weird website but it stopped happening.
  • 0

#8
Essexboy
Posted 21 October 2011 - 02:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The malware for that was still on your system - until now :)
  • 0

#9
JoeBenyon
Posted 21 October 2011 - 03:13 PM

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
This is the final log -


OTL logfile created on: 21/10/2011 22:00:19 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Joey\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 54.46% Memory free
5.70 Gb Paging File | 4.24 Gb Available in Paging File | 74.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.88 Gb Total Space | 41.48 Gb Free Space | 18.61% Space Free | Partition Type: NTFS
Drive D: | 9.00 Gb Total Space | 1.22 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
Drive F: | 1021.00 Mb Total Space | 1016.93 Mb Free Space | 99.60% Space Free | Partition Type: FAT32

Computer Name: VERA-PC | User Name: Joey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/21 20:53:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Downloads\OTL.exe
PRC - [2011/09/27 21:34:02 | 000,894,304 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/09/27 20:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/09/20 12:39:48 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011/09/08 13:41:20 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/08/25 15:02:06 | 000,476,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
PRC - [2011/08/25 14:58:30 | 000,291,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2011/08/15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/08/03 16:55:42 | 000,160,344 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/08/03 16:54:52 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
PRC - [2011/08/03 16:54:28 | 000,166,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/07/19 09:57:00 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2011/05/12 11:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2011/03/02 21:35:24 | 012,008,296 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/04/11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/02 18:57:40 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2008/06/02 18:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008/05/30 17:36:20 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/05/21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008/05/14 18:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2008/05/14 18:54:36 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2008/05/13 12:47:28 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/05/13 12:47:28 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/05/12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/03/31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2008/01/21 03:24:21 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
PRC - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/10/12 10:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe
PRC - [2007/10/12 10:33:16 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtcmd.exe
PRC - [2007/08/02 15:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe
PRC - [2007/05/16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 17:54:58 | 011,804,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/13 17:54:44 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 17:28:53 | 005,450,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 17:27:59 | 012,430,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 17:27:46 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 17:26:26 | 007,950,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 17:26:04 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/30 16:12:40 | 000,412,728 | ---- | M] () -- C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll
MOD - [2011/09/30 16:12:39 | 003,696,184 | ---- | M] () -- C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 16:11:13 | 000,142,568 | ---- | M] () -- C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 16:11:12 | 000,253,320 | ---- | M] () -- C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 16:11:10 | 002,403,240 | ---- | M] () -- C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/08/28 22:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/03/02 21:34:56 | 002,748,416 | ---- | M] () -- C:\Program Files\Adobe\Adobe Bridge CS5.1\libmysqld.dll
MOD - [2011/03/02 21:34:56 | 000,073,728 | ---- | M] () -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Symlib.dll
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/05/21 10:38:12 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/05/13 12:40:50 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/08/14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/27 20:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/09/08 13:41:20 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/08/25 14:58:30 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (RumorServer)
SRV - [2011/08/25 14:58:30 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)
SRV - [2011/08/15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/08/03 16:55:42 | 000,160,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/08/03 16:54:28 | 000,166,024 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV - [2011/07/19 09:57:00 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2011/05/12 11:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/08/24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/06/02 18:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/05/30 17:36:20 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/05/21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/05/21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008/05/14 18:55:14 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008/05/12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/10/19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/10/12 10:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk)
SRV - [2007/08/02 15:42:16 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/08/02 15:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk)
SRV - [2007/05/16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/07/19 09:57:00 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/07/19 09:57:00 | 000,338,040 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/07/19 09:57:00 | 000,180,008 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2011/07/19 09:57:00 | 000,164,776 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/07/19 09:57:00 | 000,119,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/07/19 09:57:00 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/07/19 09:57:00 | 000,064,712 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/07/19 09:57:00 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2011/07/03 14:23:37 | 000,022,528 | --S- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PsSdk30.drv -- (PsSdk30)
DRV - [2011/06/15 09:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/12/15 15:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/05/30 17:37:06 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/05/30 17:37:02 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/05/30 17:37:00 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/05/30 17:36:58 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/05/21 11:35:06 | 003,552,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 10:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/04/14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/10 18:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/04/07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/04/07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/02/29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/21 03:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...&bd=all&pf=cmnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Joey\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Joey\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Joey\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor Enterprise\ [2011/08/31 19:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2011/09/17 19:45:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C00439FC-907D-4B3F-8367-ED427CB3A5DC}: C:\Users\Joey\AppData\Local\{C00439FC-907D-4B3F-8367-ED427CB3A5DC} [2011/02/04 18:40:52 | 000,000,000 | ---D | M]

[2011/01/09 20:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Extensions
[2011/01/09 20:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://uk.search.yah...p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joey\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Joey\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Joey\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Chelsea FC = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\eanaknlfmaafbcpmaoencjmlmfaflkck\1.4_0\

O1 HOSTS File: ([2011/10/21 21:35:38 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110917133556.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.7\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TalkTalk] C:\Program Files\TalkTalk\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe (Adobe Systems, Inc.)
O4 - HKCU..\Run: [Speech Recognition] C:\windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AD2F94C-3743-4A52-B03A-974EE6D2C0CD}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDCFC6B0-6F11-4654-B0F2-9AB6BAAADAB0}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) -APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Joey\Pictures\solo-sea-570.jpg
O24 - Desktop BackupWallPaper: C:\Users\Joey\Pictures\solo-sea-570.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\OblivionLauncher.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\steambackup2.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/21 21:35:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/21 20:45:57 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\Callum
[2011/10/21 19:26:54 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/21 19:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/20 18:18:03 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\as2rpg
[2011/10/20 17:41:43 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\rpg game
[2011/10/19 20:12:51 | 000,000,000 | ---D | C] -- C:\Users\Joey\.soulsplit
[2011/10/19 15:57:27 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\20051104-server
[2011/10/15 21:25:39 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\Meh
[2011/10/14 18:21:25 | 000,000,000 | ---D | C] -- C:\Users\Joey\Documents\.settings
[2011/10/13 20:44:13 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/13 19:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/10/13 19:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/10/13 18:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\AdobeFlashProCS5.5
[2011/10/10 15:48:45 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\LogMeIn Hamachi
[2011/10/10 15:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/10/10 15:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/10/10 07:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/10/10 07:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/10/10 07:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar
[2011/10/10 07:41:37 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\Game
[2011/10/08 21:01:27 | 000,399,736 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Joey\uTorrent.exe
[2011/10/08 15:58:48 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{B28AC5BF-5B63-4DFB-9DB9-27414EA531DE}
[2011/10/08 15:58:36 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{18E447B2-4192-493A-901A-A1D665356B86}
[2011/10/07 19:06:42 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\.minecraft
[2011/10/07 18:28:10 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\gctmp
[2011/10/07 18:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Game Cam V2
[2011/10/07 17:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Minecraft
[2011/10/07 17:03:17 | 000,000,000 | ---D | C] -- C:\Users\Joey\Documents\My WeGame Videos
[2011/10/07 17:03:17 | 000,000,000 | ---D | C] -- C:\Users\Joey\Documents\My WeGame Screenshots
[2011/10/07 16:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\WeGame
[2011/10/07 16:46:59 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\WeGame
[2011/10/07 16:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\WeGame
[2011/10/07 15:41:45 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{1CD2FE77-7DF1-4B35-9D13-CE2EB8522C00}
[2011/10/07 15:41:33 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{D59E2715-52B3-4E72-BBAA-53D64AF8F14F}
[2011/10/06 19:31:31 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\AMD
[2011/10/06 19:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/10/06 19:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/10/06 19:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/10/06 19:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2011/10/06 19:16:27 | 000,000,000 | ---D | C] -- C:\ATI
[2011/10/06 18:18:20 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{1628AC15-B031-428E-A2BD-78E316DB750F}
[2011/10/06 18:18:07 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{899E40C3-2A37-4202-BD1F-5400B7D2DD1C}
[2011/10/04 19:38:59 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{C07242AF-F3BD-4E97-9439-33FE8C6974F7}
[2011/10/04 19:38:47 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{BF5CDC11-FDEA-483E-854C-186AFF7600F5}
[2011/10/03 17:06:16 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{358EB5A6-9C01-4919-BA16-A532139125A8}
[2011/10/03 17:06:03 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{C4136C83-491E-4BF6-8DFE-A2109A38DE75}
[2011/10/02 17:38:54 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{834130C8-50F6-4F44-AE45-274C6D74E8DB}
[2011/10/02 17:38:42 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{59806853-90DB-4F36-9A1D-3910DB2F2BC2}
[2011/10/01 14:38:32 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{9826CC3B-48F3-43FB-9814-692DFCC3B483}
[2011/10/01 14:38:20 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{39304BBF-A373-4EEB-A3D8-1ECB0CA7FBCA}
[2011/09/30 17:58:16 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{C6A99372-B53A-453F-B0C3-C0CA60C1952E}
[2011/09/30 15:34:01 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{D05BB804-C465-4873-BD8B-B626D3096280}
[2011/09/28 20:41:03 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{0327A231-7457-46BF-AD7A-BD91C0FA0EDF}
[2011/09/28 20:40:51 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{13A88C11-21B9-4AA2-B0EE-2B78E6358DD4}
[2011/09/27 17:15:50 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{7DDD476F-CFA0-407C-9C3E-13EE4071A2AD}
[2011/09/27 17:15:38 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{2D4B71CC-6DCA-4170-B9C9-60B6795EE87F}
[2011/09/26 20:26:12 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\TP
[2011/09/26 16:45:10 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{93FC7C1B-94D2-4CDF-8D20-05BA18769E7B}
[2011/09/26 16:44:58 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{7A97A2B6-DFF4-4C2B-8E0C-254AE7ED10BB}
[2011/09/25 20:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2011/09/25 20:01:47 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\Paint.NET
[2011/09/25 15:32:13 | 000,000,000 | ---D | C] -- C:\Users\Joey\Minecraft
[2011/09/23 15:33:42 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{9C85AC37-1004-4ABB-BCEC-DAF82BCD6900}
[2011/09/23 15:33:28 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{394F08D7-89C9-4050-AD79-B90C8D0EB4DF}
[2011/09/22 19:08:10 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{E179A1E3-02B3-4F9D-8B3A-FFD51EFC29F7}
[2011/09/22 19:07:55 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\{335CC9C4-2CC6-476D-BE77-F460438D9B33}
[2009/01/30 22:31:59 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009/01/30 22:31:58 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/21 22:09:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3688371679-3231779085-4022764246-1004UA.job
[2011/10/21 22:02:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3688371679-3231779085-4022764246-1006UA.job
[2011/10/21 22:01:08 | 000,694,754 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/10/21 22:01:08 | 000,142,954 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/10/21 21:53:35 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 21:53:35 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/21 21:53:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/21 21:53:26 | 2949,505,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/21 21:51:43 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2011/10/21 21:35:38 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/10/21 21:35:15 | 000,000,129 | ---- | M] () -- C:\Users\Joey\jagex_runescape_preferences2.dat
[2011/10/21 21:35:15 | 000,000,035 | ---- | M] () -- C:\Users\Joey\jagex_runescape_preferences.dat
[2011/10/21 19:28:09 | 000,002,521 | ---- | M] () -- C:\Users\Joey\Desktop\HiJackThis.lnk
[2011/10/20 18:07:49 | 000,009,755 | ---- | M] () -- C:\Users\Joey\Documents\platformgame2.fla
[2011/10/20 18:07:06 | 000,001,391 | ---- | M] () -- C:\Users\Joey\Documents\platformgame2.swf
[2011/10/20 18:04:42 | 000,001,299 | ---- | M] () -- C:\Users\Joey\Documents\platformgame1.swf
[2011/10/19 15:55:21 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3688371679-3231779085-4022764246-1006Core1cc8e6f1fefa1c7.job
[2011/10/18 18:59:45 | 000,002,771 | ---- | M] () -- C:\Users\Joey\Documents\anim1wave.swf
[2011/10/18 18:59:35 | 000,377,863 | ---- | M] () -- C:\Users\Joey\Documents\pointandclickadventure1.fla
[2011/10/18 18:55:05 | 000,082,719 | ---- | M] () -- C:\Users\Joey\Documents\pointandclickadventure1.swf
[2011/10/18 18:01:21 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cc8db78f8afcf3.job
[2011/10/16 20:41:28 | 000,014,916 | ---- | M] () -- C:\Users\Joey\Documents\escapechapter1.fla
[2011/10/16 20:25:23 | 000,002,043 | ---- | M] () -- C:\Users\Joey\Documents\escapechapter1.swf
[2011/10/16 17:50:01 | 000,017,590 | ---- | M] () -- C:\Users\Joey\Documents\anim1wave.fla
[2011/10/16 17:01:48 | 000,004,394 | ---- | M] () -- C:\Users\Joey\Documents\testanim.swf
[2011/10/16 16:46:09 | 000,022,851 | ---- | M] () -- C:\Users\Joey\Documents\testanim.fla
[2011/10/16 14:25:00 | 000,000,829 | ---- | M] () -- C:\Users\Joey\Documents\.actionScriptProperties
[2011/10/16 14:25:00 | 000,000,474 | ---- | M] () -- C:\Users\Joey\Documents\.project
[2011/10/15 21:47:13 | 000,092,672 | ---- | M] () -- C:\Users\Joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 21:28:11 | 000,009,917 | ---- | M] () -- C:\Users\Joey\Documents\platformgame1.fla
[2011/10/15 20:07:59 | 000,000,600 | ---- | M] () -- C:\Users\Joey\AppData\Local\PUTTY.RND
[2011/10/14 22:10:22 | 000,133,177 | ---- | M] () -- C:\Users\Joey\Documents\dressupnearlydone.fla
[2011/10/14 22:09:35 | 000,133,136 | ---- | M] () -- C:\Users\Joey\Documents\dressup3.fla
[2011/10/14 22:08:04 | 000,021,886 | ---- | M] () -- C:\Users\Joey\Documents\dressup3.swf
[2011/10/14 18:25:06 | 000,002,080 | ---- | M] () -- C:\Users\Joey\Documents\dressup3.html
[2011/10/14 18:21:23 | 000,004,365 | ---- | M] () -- C:\Users\Joey\Documents\AuthortimeSharedAssets.fla
[2011/10/14 18:20:32 | 000,129,311 | ---- | M] () -- C:\Users\Joey\Documents\dressup1.fla
[2011/10/14 17:20:22 | 000,085,271 | ---- | M] () -- C:\Users\Joey\Documents\dressup2.fla
[2011/10/14 17:13:42 | 000,018,615 | ---- | M] () -- C:\Users\Joey\Documents\dressup1.swf
[2011/10/13 21:12:40 | 000,020,050 | ---- | M] () -- C:\Users\Joey\Documents\Untitled-3.fla
[2011/10/13 20:07:18 | 000,000,352 | ---- | M] () -- C:\windows\tasks\AdobeAAMUpdater-1.0-vera-PC-Joey.job
[2011/10/13 20:06:59 | 000,007,263 | ---- | M] () -- C:\Users\Joey\Documents\Untitled-2.fla
[2011/10/13 17:22:53 | 000,453,920 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/10/07 18:39:26 | 000,001,523 | ---- | M] () -- C:\Users\Joey\Application Data\Microsoft\Internet Explorer\Quick Launch\MinecraftSP - Shortcut.lnk
[2011/10/07 18:25:06 | 000,001,523 | ---- | M] () -- C:\Users\Joey\Desktop\MinecraftSP - Shortcut.lnk
[2011/10/05 16:02:34 | 000,001,999 | ---- | M] () -- C:\Users\Joey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/05 16:02:33 | 000,002,037 | ---- | M] () -- C:\Users\Joey\Desktop\Google Chrome.lnk
[2011/09/30 20:38:35 | 000,000,938 | ---- | M] () -- C:\Users\Joey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/09/25 20:11:35 | 000,002,722 | ---- | M] () -- C:\Users\Joey\.recently-used.xbel
[2011/09/25 20:03:50 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/09/25 17:41:23 | 000,003,741 | ---- | M] () -- C:\Users\Joey\pack.png
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/21 19:26:54 | 000,002,521 | ---- | C] () -- C:\Users\Joey\Desktop\HiJackThis.lnk
[2011/10/20 18:06:01 | 000,001,391 | ---- | C] () -- C:\Users\Joey\Documents\platformgame2.swf
[2011/10/20 18:05:41 | 000,009,755 | ---- | C] () -- C:\Users\Joey\Documents\platformgame2.fla
[2011/10/19 15:55:21 | 000,000,852 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3688371679-3231779085-4022764246-1006Core1cc8e6f1fefa1c7.job
[2011/10/18 18:59:44 | 000,002,771 | ---- | C] () -- C:\Users\Joey\Documents\anim1wave.swf
[2011/10/18 18:01:21 | 000,000,882 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cc8db78f8afcf3.job
[2011/10/17 21:46:19 | 000,082,719 | ---- | C] () -- C:\Users\Joey\Documents\pointandclickadventure1.swf
[2011/10/16 21:01:05 | 000,377,863 | ---- | C] () -- C:\Users\Joey\Documents\pointandclickadventure1.fla
[2011/10/16 19:47:46 | 000,002,043 | ---- | C] () -- C:\Users\Joey\Documents\escapechapter1.swf
[2011/10/16 19:04:03 | 000,014,916 | ---- | C] () -- C:\Users\Joey\Documents\escapechapter1.fla
[2011/10/16 17:50:00 | 000,017,590 | ---- | C] () -- C:\Users\Joey\Documents\anim1wave.fla
[2011/10/16 17:01:48 | 000,004,394 | ---- | C] () -- C:\Users\Joey\Documents\testanim.swf
[2011/10/16 16:46:08 | 000,022,851 | ---- | C] () -- C:\Users\Joey\Documents\testanim.fla
[2011/10/15 21:26:35 | 000,001,299 | ---- | C] () -- C:\Users\Joey\Documents\platformgame1.swf
[2011/10/15 21:17:20 | 000,009,917 | ---- | C] () -- C:\Users\Joey\Documents\platformgame1.fla
[2011/10/14 22:10:21 | 000,133,177 | ---- | C] () -- C:\Users\Joey\Documents\dressupnearlydone.fla
[2011/10/14 18:25:06 | 000,002,080 | ---- | C] () -- C:\Users\Joey\Documents\dressup3.html
[2011/10/14 18:25:05 | 000,021,886 | ---- | C] () -- C:\Users\Joey\Documents\dressup3.swf
[2011/10/14 18:21:25 | 000,000,829 | ---- | C] () -- C:\Users\Joey\Documents\.actionScriptProperties
[2011/10/14 18:21:25 | 000,000,474 | ---- | C] () -- C:\Users\Joey\Documents\.project
[2011/10/14 18:21:23 | 000,004,365 | ---- | C] () -- C:\Users\Joey\Documents\AuthortimeSharedAssets.fla
[2011/10/14 18:21:15 | 000,133,136 | ---- | C] () -- C:\Users\Joey\Documents\dressup3.fla
[2011/10/14 17:20:22 | 000,085,271 | ---- | C] () -- C:\Users\Joey\Documents\dressup2.fla
[2011/10/14 17:00:12 | 000,018,615 | ---- | C] () -- C:\Users\Joey\Documents\dressup1.swf
[2011/10/14 16:43:18 | 000,129,311 | ---- | C] () -- C:\Users\Joey\Documents\dressup1.fla
[2011/10/13 21:12:40 | 000,020,050 | ---- | C] () -- C:\Users\Joey\Documents\Untitled-3.fla
[2011/10/13 20:07:18 | 000,000,352 | ---- | C] () -- C:\windows\tasks\AdobeAAMUpdater-1.0-vera-PC-Joey.job
[2011/10/13 20:06:58 | 000,007,263 | ---- | C] () -- C:\Users\Joey\Documents\Untitled-2.fla
[2011/10/13 19:18:13 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/10/10 21:54:51 | 000,000,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
[2011/10/09 16:03:07 | 000,000,600 | ---- | C] () -- C:\Users\Joey\AppData\Local\PUTTY.RND
[2011/10/07 18:39:26 | 000,001,523 | ---- | C] () -- C:\Users\Joey\Application Data\Microsoft\Internet Explorer\Quick Launch\MinecraftSP - Shortcut.lnk
[2011/09/25 20:11:35 | 000,002,722 | ---- | C] () -- C:\Users\Joey\.recently-used.xbel
[2011/09/25 20:03:50 | 000,000,946 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2011/09/25 20:03:50 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/09/25 17:41:23 | 000,003,741 | ---- | C] () -- C:\Users\Joey\pack.png
[2011/09/23 15:54:07 | 000,001,523 | ---- | C] () -- C:\Users\Joey\Desktop\MinecraftSP - Shortcut.lnk
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\windows\System32\OVDecode.dll
[2011/08/11 12:47:43 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI
[2011/07/03 21:57:02 | 000,000,680 | ---- | C] () -- C:\Users\Joey\AppData\Local\d3d9caps.dat
[2011/07/03 14:23:37 | 000,022,528 | --S- | C] () -- C:\windows\System32\drivers\PsSdk30.drv
[2011/06/25 21:38:01 | 000,001,676 | -H-- | C] () -- C:\Users\Joey\AppData\Local\GDIPFONT298ROMV32.DAT
[2011/06/07 17:49:17 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll
[2011/06/07 17:49:15 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2011/06/07 17:49:01 | 002,712,064 | ---- | C] () -- C:\windows\System32\x264vfw.dll
[2011/06/07 17:49:01 | 000,631,808 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2011/06/07 17:49:01 | 000,243,200 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2011/06/07 17:49:00 | 000,080,896 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2011/02/04 23:22:25 | 000,006,551 | ---- | C] () -- C:\Users\Joey\AppData\Roaming\UserTile.png
[2011/01/30 01:18:10 | 000,000,752 | ---- | C] () -- C:\windows\AnimatorDV.INI
[2011/01/04 22:44:16 | 000,092,672 | ---- | C] () -- C:\Users\Joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/02 08:33:54 | 000,015,360 | ---- | C] () -- C:\windows\System32\bdmjpeg.dll
[2010/09/02 08:32:52 | 000,058,368 | ---- | C] () -- C:\windows\System32\bdmpegv.dll
[2009/09/11 22:17:15 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2009/09/11 22:17:15 | 000,107,612 | ---- | C] () -- C:\windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/02/21 20:44:23 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/02/21 18:51:34 | 000,000,750 | ---- | C] () -- C:\windows\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2009/01/31 05:09:05 | 000,000,012 | ---- | C] () -- C:\windows\bthservsdp.dat
[2009/01/30 23:55:34 | 000,018,904 | ---- | C] () -- C:\windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/30 22:31:59 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009/01/30 22:31:59 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009/01/30 22:31:59 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2008/11/06 15:23:12 | 000,003,584 | ---- | C] () -- C:\windows\System32\wceprv.dll
[2008/10/22 05:29:06 | 000,173,550 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2008/06/26 07:56:29 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008/06/26 07:56:29 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008/06/26 07:56:29 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008/06/26 07:56:29 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008/06/26 07:56:29 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008/06/26 07:56:29 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008/06/26 07:25:27 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008/06/26 06:39:46 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2008/05/30 17:36:58 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008/05/21 10:38:12 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2008/05/21 10:09:24 | 003,107,788 | ---- | C] () -- C:\windows\System32\atiumdva.dat
[2008/03/06 11:40:54 | 000,168,883 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2008/03/04 20:02:00 | 000,090,112 | ---- | C] () -- C:\windows\System32\atibrtmon.exe
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2006/11/02 13:47:37 | 000,453,920 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,694,754 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,142,954 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2006/03/09 10:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005/04/03 23:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[1998/05/07 04:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll

========== LOP Check ==========

[2011/10/16 16:16:08 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\.minecraft
[2011/07/25 14:53:50 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\BANDISOFT
[2011/02/12 21:41:17 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Blender Foundation
[2011/10/13 20:44:13 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/24 19:44:38 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Daynmo
[2011/09/05 16:05:03 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\DriverCure
[2011/04/25 19:40:29 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Electronic Arts
[2011/10/19 16:37:04 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\FileZilla
[2011/02/18 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\GameTuts
[2011/09/25 20:11:35 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\gtk-2.0
[2011/01/24 23:03:46 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\LEGO Company
[2011/09/29 19:56:24 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\MAGIX
[2011/02/04 23:22:25 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\PeerNetworking
[2011/08/29 17:22:24 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\PFStaticIP
[2011/03/10 21:13:13 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Publish Providers
[2011/02/28 17:32:26 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Qyhy
[2011/06/23 19:03:03 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Registry Mechanic
[2011/03/10 21:13:04 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Sony
[2011/09/05 16:05:02 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\SpeedMaxPc
[2011/10/09 17:32:23 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\SystemRequirementsLab
[2011/08/24 14:17:36 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\TeamViewer
[2011/09/03 15:55:18 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Tunngle
[2011/05/15 14:07:49 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Unity
[2011/07/03 23:24:09 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Urqy
[2011/10/16 21:04:50 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\uTorrent
[2011/01/09 20:34:59 | 000,000,000 | ---D | M] -- C:\Users\Joey\AppData\Roaming\Vivox
[2011/09/05 16:32:07 | 000,000,370 | ---- | M] () -- C:\windows\Tasks\RegAce Scheduled Scan - Joey.job
[2011/08/31 14:03:43 | 000,032,622 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Joey\Documents\Test.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Joey\Documents\clip0006.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Joey\Documents\clip0005.avi:TOC.WMV
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#10
JoeBenyon
Posted 21 October 2011 - 03:14 PM

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
Also two files have appeared on my dekstop, both called Desktop.ini
Can I delete them?
  • 0

Advertisements

#11
Essexboy
Posted 21 October 2011 - 03:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No they are system files and I will rehide them when we are done

What are your current problems ?

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#12
JoeBenyon
Posted 21 October 2011 - 03:55 PM

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
Mbam:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7995

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

21/10/2011 22:54:27
mbam-log-2011-10-21 (22-54-27).txt

Scan type: Quick scan
Objects scanned: 226410
Time elapsed: 18 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DVYHI42JUG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\R4B1ZAOPF5 (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Windows\Microsoft\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Value: rundll32.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Joey\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Joey\AppData\Roaming\Adobe\plugs\mmc138.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
  • 0

#13
JoeBenyon
Posted 21 October 2011 - 04:20 PM

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
I have to go now but I will be back tomorrow at 1PM or later.
  • 0

#14
Essexboy
Posted 22 October 2011 - 04:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :yes:
  • 0

#15
JoeBenyon
Posted 22 October 2011 - 08:44 AM

JoeBenyon

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
Can you explain the hidden folders part again, because I'm using windows Vista and when I click My Computer there is no tools button.
Thanks, Joe.

P.S. I have McAfee Security as a service.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP