Page 1 of 4 123 ... LastLast
Results 1 to 10 of 31
  1. #1
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default qvo6 browser hijack wont go away

    Hi, I tried all the basics before coming here for help since qvo6 on about the 19/7 ive noticed a lot of ads attached to blue highlights i am running XP 2002 SP3
    not avast but Security Essentials, logs as follows

    Regards Mick

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:51:15 PM, on 22/07/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\eSafe\eGdpSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\stsystra.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Garmin\Express Tray\ExpressTray.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.25:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
    O4 - HKCU\..\Run: [News.net] C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...Control_32.CAB
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O20 - AppInit_DLLs: c:\docume~1\alluse~1.win\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~1\magnipic\assist~1.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Wsys Service (WsysSvc) - Wsys Co., Ltd. - C:\Documents and Settings\All Users.WINDOWS\Application Data\eSafe\eGdpSvc.exe

    --
    End of file - 7684 bytes


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 07/21/2013 at 08:54 PM

    Application Version : 5.6.1020

    Core Rules Database Version : 10614
    Trace Rules Database Version: 8426

    Scan type : Complete Scan
    Total Scan Time : 00:45:22

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 498
    Memory threats detected : 0
    Registry items scanned : 36997
    Registry threats detected : 0
    File items scanned : 59326
    File threats detected : 48

    Adware.Tracking Cookie
    C:\Documents and Settings\Mick Warren\Cookies\J1RBCCXZ.txt [ /interclick.com ]
    C:\Documents and Settings\Mick Warren\Cookies\49N05573.txt [ /7.rotator.wigetmedia.com ]
    C:\Documents and Settings\Mick Warren\Cookies\ENJU33D2.txt [ /ad.yieldmanager.com ]
    C:\Documents and Settings\Mick Warren\Cookies\T94ML96M.txt [ /mediafire.com ]
    C:\Documents and Settings\Mick Warren\Cookies\W4I5YFTV.txt [ /ad.mlnadvertising.com ]
    C:\Documents and Settings\Mick Warren\Cookies\RJVSPB9V.txt [ /invitemedia.com ]
    C:\Documents and Settings\Mick Warren\Cookies\3WKSIESL.txt [ /ad.propellerads.com ]
    C:\Documents and Settings\Mick Warren\Cookies\LIV312FC.txt [ /exoclick.com ]
    C:\Documents and Settings\Mick Warren\Cookies\KL4PPJ0P.txt [ /liveperson.net ]
    C:\Documents and Settings\Mick Warren\Cookies\9C1RH57H.txt [ /media6degrees.com ]
    C:\Documents and Settings\Mick Warren\Cookies\PK747LEK.txt [ /track.adbooth.net ]
    C:\Documents and Settings\Mick Warren\Cookies\5TI5A01N.txt [ /burstnet.com ]
    C:\Documents and Settings\Mick Warren\Cookies\KS0D3A6F.txt [ /revsci.net ]
    C:\Documents and Settings\Mick Warren\Cookies\61RGFVCO.txt [ /adtechus.com ]
    C:\Documents and Settings\Mick Warren\Cookies\ILLJ3ALJ.txt [ /imrworldwide.com ]
    C:\Documents and Settings\Mick Warren\Cookies\LD84ROTM.txt [ /stats.paypal.com ]
    C:\Documents and Settings\Mick Warren\Cookies\JFRKYBNS.txt [ /lucidmedia.com ]
    C:\Documents and Settings\Mick Warren\Cookies\1JE36OQC.txt [ /paypal.112.2o7.net ]
    C:\Documents and Settings\Mick Warren\Cookies\USUK30MM.txt [ /at.atwola.com ]
    C:\Documents and Settings\Mick Warren\Cookies\D155EAKE.txt [ /doubleclick.net ]
    C:\Documents and Settings\Mick Warren\Cookies\3HYT99ER.txt [ /serving-sys.com ]
    C:\Documents and Settings\Mick Warren\Cookies\7BBGGQ33.txt [ /www.googleadservices.com ]
    C:\Documents and Settings\Mick Warren\Cookies\MQ9NKJT8.txt [ /liveperson.net ]
    C:\Documents and Settings\Mick Warren\Cookies\1XNX17R7.txt [ /ads.advertdigital.com ]
    C:\Documents and Settings\Mick Warren\Cookies\3NV3EY6W.txt [ /mediaplex.com ]
    C:\Documents and Settings\Mick Warren\Cookies\139AVU5Q.txt [ /track.adform.net ]
    C:\Documents and Settings\Mick Warren\Cookies\152YBNAY.txt [ /pro-market.net ]
    C:\Documents and Settings\Mick Warren\Cookies\RW10AVDS.txt [ /bs.serving-sys.com ]
    C:\Documents and Settings\Mick Warren\Cookies\PQ4JG87H.txt [ /ad.360yield.com ]
    C:\Documents and Settings\Mick Warren\Cookies\LEGPE9I3.txt [ /ru4.com ]
    C:\Documents and Settings\Mick Warren\Cookies\J0KHE8UQ.txt [ /atdmt.com ]
    C:\Documents and Settings\Mick Warren\Cookies\KW79BN43.txt [ /ads.pubmatic.com ]
    C:\Documents and Settings\Mick Warren\Cookies\D2HFEVOT.txt [ /apmebf.com ]
    C:\Documents and Settings\Mick Warren\Cookies\IHQUJIHT.txt [ /statcounter.com ]
    C:\Documents and Settings\Mick Warren\Cookies\8T7KSFNM.txt [ /advertising.com ]
    C:\Documents and Settings\Mick Warren\Cookies\ZGFLLDEZ.txt [ /overture.com ]
    C:\Documents and Settings\Mick Warren\Cookies\HASP97LK.txt [ /onclickads.net ]
    C:\Documents and Settings\Mick Warren\Cookies\3B1QBQEL.txt [ /clickbooth.com ]
    C:\Documents and Settings\Mick Warren\Cookies\CB97BGHC.txt [ /tribalfusion.com ]
    C:\Documents and Settings\Mick Warren\Cookies\S3EDI50D.txt [ /casalemedia.com ]
    C:\Documents and Settings\Mick Warren\Cookies\C53YB7KK.txt [ /ads.glispa.com ]
    C:\Documents and Settings\Mick Warren\Cookies\0126NFXX.txt [ /mshakers.rotator.hadj7.adjuggler.net ]
    C:\Documents and Settings\Mick Warren\Cookies\1ZTINTGD.txt [ /a.intentmedia.net ]
    C:\Documents and Settings\Mick Warren\Cookies\OFGZ7DKX.txt [ /fastclick.net ]
    C:\Documents and Settings\Mick Warren\Cookies\2Q6KHW37.txt [ /e-2dj6wfk4ckdjegp.stats.esomniture.com ]
    C:\Documents and Settings\Mick Warren\Cookies\A6C602V8.txt [ /adprudence.rotator.hadj7.adjuggler.net ]
    C:\Documents and Settings\Mick Warren\Cookies\C0K7BLVF.txt [ /realmedia.com ]
    C:\Documents and Settings\Mick Warren\Cookies\P334VU0H.txt [ /collective-media.net ]

    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2013.07.16.08

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Mick Warren :: WARREN [administrator]

    21/07/2013 11:00:47 PM
    mbam-log-2013-07-21 (23-00-47).txt

    Scan type: Custom scan (C:\Documents and Settings\Mick Warren\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk|)
    Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
    Objects scanned: 1
    Time elapsed: 8 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    My name is Joe and I'll be helping you to clean up your computer.

    Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. This may cause a delay between posts so your patience will be appreciated, though do keep in mind that you have the advantage, as you have 2 people examining your issue.

    Please read this post completely before beginning the fix. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

    Please take note of the guidelines for this fix:

    Please note that we are all volunteers. We do have families, careers, and other endeavors just as you do that may prevent immediate responses that meet your schedule. Your patience and understanding will be greatly appreciated.
    First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
    Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
    Please read ALL instructions carefully and perform the steps fully and in the order they are written.
    If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
    Continue to read and follow my instructions until I tell you that your machine is clean.
    If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you.
    Scanning with programs and reading the logs do take a fair amount of time, your patience will be necessary.



    I'll post further instructions soon.

  3. #3
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi mick warren,

    Please follow directions

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


    Next

    Download AdwCleaner
    • Double click on AdwCleaner.exe to run the tool.
      ***Note: Windows Vista/Windows 7 users please right click and select Run as administrator
    • Click the Search button.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your next reply.
    • Or you can find the logfile at C:\AdwCleaner[xx].txt where xx denotes the number of times the application has been run


    In your next reply to me please post:

    • OTL.txt
    • Extras.txt
    • AdwCleaner.txt


    Thanks,

    Joe

  4. #4
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default

    Joe,

    Restarted computer ....same
    Carried out instructions, log as follows

    OTL logfile created on: 23/07/2013 10:03:27 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mick Warren\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1022.07 Mb Total Physical Memory | 371.91 Mb Available Physical Memory | 36.39% Memory free
    2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.79% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 40.01 Gb Total Space | 16.56 Gb Free Space | 41.40% Space Free | Partition Type: NTFS
    Drive D: | 192.77 Gb Total Space | 134.61 Gb Free Space | 69.83% Space Free | Partition Type: NTFS

    Computer Name: WARREN | User Name: Mick Warren | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Mick Warren\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Documents and Settings\All Users.WINDOWS\Application Data\eSafe\eGdpSvc.exe (Wsys Co., Ltd.)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
    PRC - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
    PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\3e85ed966e140db4698b75e8f5d9abcb\System.ServiceProcess.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4ab19acc4cba2f25396bb6aabb0d04b4\System.ServiceModel.Routing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fdf344318ec178f5d0eede9f321dc294\System.ServiceModel.Discovery.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\55007586f4a5baf15e6ddfb2efcb94aa\System.ServiceModel.Channels.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\80bac2a305d0fa9e44bdef30fc170378\System.ServiceModel.Activities.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\f42a63caecfae9ccd7fbf05f059cf48a\System.ServiceModel.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\35a05407349d5ff5155161ac82935a4b\PresentationFramework.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\9a59af5d4ab1f1be74e0a41b8b54d644\PresentationCore.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\95759c98a24c0cb3c60025a38ceac9a4\System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\beb0b16c89aa9167e02e651e9aac30fd\WindowsBase.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\d76f46c6f6418250864e1605b81d647f\System.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\169de31f5c717d62ab5a9435f4600e96\System.IdentityModel.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\70394b75242ed95f1a7d97bf24551a26\System.Transactions.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a9dd967c054a667b5a00e218cde05166\System.Runtime.DurableInstancing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\dcbb0d0e35cbff73b8364323e525e5ff\SMDiagnostics.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\4110723c633bbe25ae1945a25280a5c7\System.Runtime.Serialization.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\95417c8454d37af7aeccb002b0ae2de6\System.Xml.Linq.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4e7e9b07db31551c887d5c80552e3885\System.Xaml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46346f2c0efd589a524f42d57d17938c\PresentationFramework.Luna.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\6391cea31e8d8c3e41a7bd7c4e85e630\System.Security.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\06f187eb8b9da275bdf8c146b8a9dfb6\System.Core.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\fd4bcc08668bb561ba59e57a30de6bcf\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\77758dbafc19e68f3dce030879c2cf8d\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\2f52fc9cf3baf5181d1897788d9678f4\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\f3b6f64941ee3b90d6abb16e415ceb3b\mscorlib.ni.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\WINDOWS\system32\BrMuSNMP.dll ()


    ========== Services (SafeList) ==========

    SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (WsysSvc) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\eSafe\eGdpSvc.exe (Wsys Co., Ltd.)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (Garmin Core Update Service) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV - (Intel(R) -- C:\WINDOWS\system32\IPROSetMonitor.exe (Intel Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\MICKWA~1\LOCALS~1\Temp\catchme.sys File not found
    DRV - (bvrp_pci) -- File not found
    DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys ()
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (X4HSEx) -- C:\Program Files\Free Ride Games\X4HSEx.sys (Exent Technologies Ltd.)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = Qvo6.com
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com.au/http://w [Binary data over 200 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = ninemsn Homepage - Outlook.com, News, Sport & More
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 11 C2 E9 39 1B CE 01 [binary data]
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://findgala.com/?uid=8039&q={searchTerms}&rlz=1I7GGLR_enAU374
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.0.25:80

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "qvo6"
    FF - prefs.js..browser.search.order.1: "qvo6"
    FF - prefs.js..browser.search.selectedEngine: "qvo6"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD2500JS-75NCB1_WD-WCANK257239272392&ts=1374086376"
    FF - prefs.js..extensions.enabledAddons: news%40news.net:1.0.15
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Program Files\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: C:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll (Commonwealth Government of Australia)
    FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Documents and Settings\Mick Warren\Local Settings\Application Data\Google\Google Earth\plugin\npgeplugin.dll (Google)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/02/08 03:00:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/04 17:11:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2013/02/27 21:40:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mick Warren\Application Data\Mozilla\Extensions
    [2012/12/11 23:11:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mick Warren\Application Data\Mozilla\Firefox\extensions
    [2012/12/11 23:11:22 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Documents and Settings\Mick Warren\Application Data\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
    [2013/02/10 08:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mick Warren\Application Data\Mozilla\Firefox\Profiles\extensions
    [2013/02/10 07:56:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mick Warren\Application Data\Mozilla\Firefox\Profiles\0\extensions
    [2013/07/21 15:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mick Warren\Application Data\Mozilla\Firefox\Profiles\qhvf06a9.default\extensions
    [2013/07/21 15:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mick Warren\Application Data\Mozilla\Firefox\Profiles\qhvf06a9.default\extensions\staged
    [2013/02/10 07:56:34 | 000,213,444 | ---- | M] () (No name found) -- C:\Documents and Settings\Mick Warren\Application Data\Mozilla\Firefox\Profiles\0\extensions\torntv@torntv.com.xpi
    [2012/07/29 22:37:16 | 000,221,380 | ---- | M] () (No name found) -- C:\Documents and Settings\Mick Warren\Application Data\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi
    [2013/06/30 16:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Documents and Settings\Mick Warren\Application Data\Mozilla\Firefox\Profiles\qhvf06a9.default\extensions\trtv3@trtv.com.xpi
    [2013/02/27 21:38:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/02/27 21:38:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QHVF06A9.DEFAULT\EXTENSIONS\NEWS@NEWS.NET
    [2013/02/16 08:35:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

    ========== Chrome ==========

    CHR - default_search_provider: MyTools (Enabled)
    CHR - default_search_provider: search_url = http://search.my-tools-app.com/?babsrc=home&s=web&as=0&isid=9851&q={searchTerms}
    CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&qu={searchTerms}
    CHR - plugin: First user (Enabled) = default_plugin
    CHR - plugin: Error reading preferences file
    CHR - Extension: MiaaggNiiPic = C:\Documents and Settings\Mick Warren\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gookbonkimjpiijhnohcpiafmibnidpp\1\
    CHR - Extension: No name found = C:\Documents and Settings\Mick Warren\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4\

    Hosts file not found
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
    O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
    O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [News.net] C:\Program Files\News.net\BreakingNews\DesktopContainer.exe File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...Control_32.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7D0C876-3569-40BF-882A-6F179F662BAA}: DhcpNameServer = 10.1.1.1
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (c:\docume~1\alluse~1.win\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found
    O20 - AppInit_DLLs: (c:\progra~1\magnipic\assist~1.dll) - c:\Program Files\MagniPic\assistant.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Mick Warren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mick Warren\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/07/23 10:00:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mick Warren\Desktop\OTL.exe
    [2013/07/21 15:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\StarApp
    [2013/07/21 15:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\MagniPic
    [2013/07/21 15:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MiaaggNiiPic
    [2013/07/21 15:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MiaaggNiiPic
    [2013/07/21 11:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mick Warren\My Documents\Tnt
    [2013/07/18 02:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\eSafe
    [2013/07/18 02:39:50 | 000,773,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
    [2013/07/18 02:39:50 | 000,420,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
    [2013/07/18 02:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mick Warren\Application Data\eIntaller
    [2013/07/15 16:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mick Warren\Desktop\apps
    [2013/07/15 14:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mick Warren\Local Settings\Application Data\Garmin
    [2013/07/15 14:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mick Warren\Desktop\Wii Stuff
    [2013/07/10 17:06:52 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/04/06 10:54:45 | 015,770,528 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware.exe
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/07/23 10:01:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mick Warren\Desktop\OTL.exe
    [2013/07/23 09:25:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/07/23 09:11:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/07/23 08:33:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2013/07/23 08:29:38 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/07/23 08:28:01 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/07/23 08:27:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/07/23 00:32:46 | 000,000,181 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
    [2013/07/23 00:32:35 | 000,000,041 | ---- | M] () -- C:\WINDOWS\MYOB.INI
    [2013/07/21 11:08:44 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Mick Warren\Desktop\common-key.bin
    [2013/07/18 19:47:53 | 000,430,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/07/18 02:39:46 | 000,773,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
    [2013/07/18 02:39:46 | 000,420,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
    [2013/07/18 02:39:37 | 000,001,010 | ---- | M] () -- C:\Documents and Settings\Mick Warren\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/07/18 02:39:36 | 000,001,049 | ---- | M] () -- C:\Documents and Settings\Mick Warren\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/07/18 01:51:42 | 018,066,720 | ---- | M] () -- C:\Documents and Settings\Mick Warren\My Documents\GUNDAM.bin
    [2013/07/17 23:55:45 | 001,585,132 | ---- | M] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO LG 4.pdf
    [2013/07/17 23:54:48 | 001,454,515 | ---- | M] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO LG 3.pdf
    [2013/07/17 23:52:21 | 001,483,204 | ---- | M] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO LG 2.pdf
    [2013/07/17 23:51:14 | 001,587,256 | ---- | M] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO LG 1.pdf
    [2013/07/17 23:41:35 | 001,018,925 | ---- | M] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO 4.pdf
    [2013/07/17 23:40:11 | 001,730,295 | ---- | M] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO 3.pdf
    [2013/07/17 23:38:48 | 001,333,917 | ---- | M] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO 2.pdf
    [2013/07/17 23:34:21 | 001,678,314 | ---- | M] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO 1.pdf
    [2013/07/16 16:37:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/07/15 14:45:22 | 001,556,288 | ---- | M] () -- C:\Documents and Settings\Mick Warren\My Documents\apps.bin
    [2013/07/10 17:06:52 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/07/10 17:06:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/07/21 11:08:44 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\common-key.bin
    [2013/07/21 11:06:48 | 000,891,904 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\DolMii.exe
    [2013/07/21 11:06:48 | 000,141,824 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\UltimateU8.exe
    [2013/07/21 11:06:48 | 000,130,048 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\U8Mii.exe
    [2013/07/21 11:06:48 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\WadMii.exe
    [2013/07/21 11:06:48 | 000,124,928 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\TplMii.exe
    [2013/07/21 11:06:48 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\Lz77Mii.exe
    [2013/07/18 01:51:42 | 018,066,720 | ---- | C] () -- C:\Documents and Settings\Mick Warren\My Documents\GUNDAM.bin
    [2013/07/17 23:55:45 | 001,585,132 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO LG 4.pdf
    [2013/07/17 23:54:48 | 001,454,515 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO LG 3.pdf
    [2013/07/17 23:52:02 | 001,483,204 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO LG 2.pdf
    [2013/07/17 23:51:14 | 001,587,256 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO LG 1.pdf
    [2013/07/17 23:41:35 | 001,018,925 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO 4.pdf
    [2013/07/17 23:40:10 | 001,730,295 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO 3.pdf
    [2013/07/17 23:38:48 | 001,333,917 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO 2.pdf
    [2013/07/17 23:34:21 | 001,678,314 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\ELMO 1.pdf
    [2013/07/16 12:03:30 | 000,470,016 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\NUS Downloader.exe
    [2013/07/15 16:22:30 | 000,860,160 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\md5summer.exe
    [2013/07/15 16:22:30 | 000,015,556 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\hacks_hash.ini
    [2013/07/15 14:45:22 | 001,556,288 | ---- | C] () -- C:\Documents and Settings\Mick Warren\My Documents\apps.bin
    [2013/07/15 13:59:49 | 000,059,212 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Desktop\BMW 735i 735iL wiring diagram pdf 1988 1989 1990 1991 1992 1993 1994 Download.pdf
    [2013/07/10 17:06:53 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/03/08 02:15:53 | 000,004,104 | ---- | C] () -- C:\Program Files\example.slang
    [2013/03/07 21:03:54 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2012/04/22 16:12:26 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
    [2012/04/10 21:17:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/04/10 21:17:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/04/10 21:17:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/04/10 21:17:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/04/10 21:17:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/03/25 11:39:48 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2012/03/15 03:03:40 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2012/02/16 13:50:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/29 16:04:45 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/07/29 07:56:17 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
    [2009/10/03 08:31:28 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/07/06 12:31:13 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mick Warren\Application Data\$_hpcst$.hpc

    ========== ZeroAccess Check ==========

    [2010/02/05 23:05:53 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 08:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/06/18 18:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2013/02/10 07:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
    [2013/03/07 20:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Big Fish Games
    [2011/02/13 13:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\eHlHkHg01803
    [2013/07/19 16:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\eSafe
    [2013/06/03 06:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Garmin
    [2013/07/21 15:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
    [2013/07/21 15:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MiaaggNiiPic
    [2012/01/29 10:34:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MPESBTSC
    [2013/06/03 09:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Package Cache
    [2013/07/21 15:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Premium
    [2009/06/27 20:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft
    [2013/07/21 15:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\StarApp
    [2013/04/25 14:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
    [2012/10/31 09:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    [2010/07/17 11:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/07/21 22:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{4C0DBD62-F011-4A41-B11D-BE5CFA6DEDD7}
    [2013/07/22 23:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mick Warren\Application Data\AUSkey
    [2013/02/10 07:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mick Warren\Application Data\Babylon
    [2012/12/13 23:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mick Warren\Application Data\Canon
    [2013/07/18 02:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mick Warren\Application Data\eIntaller
    [2013/06/03 03:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mick Warren\Application Data\Garmin
    [2012/01/29 10:35:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Mick Warren\Application Data\Malware Protection Center
    [2012/03/26 00:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mick Warren\Application Data\PC Cleaners
    [2012/03/11 16:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mick Warren\Application Data\PC-FAX TX
    [2012/03/26 00:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mick Warren\Application Data\PCPro
    [2012/12/30 11:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mick Warren\Application Data\PriceGong
    [2012/04/22 16:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mick Warren\Application Data\ScanSoft
    [2013/02/05 10:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mick Warren\Application Data\uTorrent

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:627B7F7C

    < End of report >

    OTL Extras logfile created on: 23/07/2013 10:03:27 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mick Warren\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    1022.07 Mb Total Physical Memory | 371.91 Mb Available Physical Memory | 36.39% Memory free
    2.40 Gb Paging File | 1.72 Gb Available in Paging File | 71.79% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 40.01 Gb Total Space | 16.56 Gb Free Space | 41.40% Space Free | Partition Type: NTFS
    Drive D: | 192.77 Gb Total Space | 134.61 Gb Free Space | 69.83% Space Free | Partition Type: NTFS

    Computer Name: WARREN | User Name: Mick Warren | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (BitLord - the easiest torrent downloader)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\Brother\Brmfl06a\FAXRX.exe" = C:\Program Files\Brother\Brmfl06a\FAXRX.exe:*:Enabled:PC-FAX Receive -- (Brother Industries Ltd.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\TornTV.com\Torntv Downloader.exe" = C:\Program Files\TornTV.com\Torntv Downloader.exe:*:Enabled:Torntv Downloader
    "C:\Documents and Settings\All Users.WINDOWS\Application Data\eSafe\eGdpSvc.exe" = C:\Documents and Settings\All Users.WINDOWS\Application Data\eSafe\eGdpSvc.exe:*:Enabled:WsysSvc -- (Wsys Co., Ltd.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{44663264-E108-4938-BF9E-A767315072C9}" = Intel(R) Network Connections 16.3.48.0
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{5E1DB3FA-0FAE-47D2-A539-478C85FE910C}" = MagniPic
    "{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{9074AFC0-CFDA-11DE-B484-005056806466}" = Google Earth
    "{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
    "{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
    "{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
    "{A06176AF-7494-4B29-BE74-F01323AD3233}" = MYOB BusinessBasics v1
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DE730F37-A198-4112-A3B6-97786F34354A}" = ECI Client v6.0
    "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
    "{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
    "{EB03EF39-C655-D560-FA95-79182B837D64}" =
    "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
    "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
    "{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
    "{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
    "{FF7DD5BE-42FF-44B8-AF36-4A46CD2C6D42}" = AUSkey software 1.4.0.6
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "BitLord" = BitLord 1.1
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "Common-Use Signing Interface" = Common-Use Signing Interface
    "DPP" = Canon Utilities Digital Photo Professional 3.9
    "EOS Utility" = Canon Utilities EOS Utility
    "exent_554750" = Cradle of Rome
    "exent_586550" = Luxor 3
    "Handmark® Tetris 2 for Pocket PC" = Handmark® Tetris 2 for Pocket PC
    "hp deskjet 960c series" = hp deskjet 960c series (Remove only)
    "hp deskjet 960c series_Driver" = hp deskjet 960c series
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{A06176AF-7494-4B29-BE74-F01323AD3233}" = MYOB BusinessBasics v1
    "MagniPic" =
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Original Data Security Tools" = Canon Utilities Original Data Security Tools
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picture Style Editor" = Canon Utilities Picture Style Editor
    "SP_d8283021" =
    "uTorrent" = µTorrent
    "WBFS Manager 3.0" = WBFS Manager 3.0
    "WFTK" = Canon Utilities WFT Utility
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "Zynga Toolbar" = Zynga Toolbar

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 19/05/2013 10:35:22 AM | Computer Name = WARREN | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft ActiveSync -- Error.No valid source could be found
    for product Microsoft ActiveSync. The Windows Installer cannot continue.

    Error - 10/06/2013 11:16:03 AM | Computer Name = WARREN | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 10/06/2013 11:16:03 AM | Computer Name = WARREN | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 26/06/2013 12:40:25 PM | Computer Name = WARREN | Source = Application Hang | ID = 1002
    Description = Hanging application Photoshop.exe, version 8.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 8/07/2013 1:11:36 AM | Computer Name = WARREN | Source = Application Hang | ID = 1002
    Description = Hanging application Photoshop.exe, version 8.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 10/07/2013 1:19:37 AM | Computer Name = WARREN | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/07/2013 1:23:29 AM | Computer Name = WARREN | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/07/2013 12:18:50 AM | Computer Name = WARREN | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

    Error - 21/07/2013 12:30:05 AM | Computer Name = WARREN | Source = Application Hang | ID = 1002
    Description = Hanging application OUTLOOK.EXE, version 10.0.2616.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 21/07/2013 12:31:42 AM | Computer Name = WARREN | Source = Microsoft Office 10 | ID = 2001
    Description = Rejected Safe Mode action : Microsoft Outlook.

    [ System Events ]
    Error - 24/06/2013 9:42:17 PM | Computer Name = WARREN | Source = Dhcp | ID = 1002
    Description = The IP address lease 10.1.1.6 for the Network Card with network address
    001372B7DAE7 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
    DHCPNACK message).

    Error - 11/07/2013 8:28:18 AM | Computer Name = WARREN | Source = Dhcp | ID = 1002
    Description = The IP address lease 10.1.1.8 for the Network Card with network address
    001372B7DAE7 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
    DHCPNACK message).

    Error - 17/07/2013 2:39:49 PM | Computer Name = WARREN | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_MPKSL10076117\0000 disappeared from the system
    without first being prepared for removal.

    Error - 18/07/2013 7:49:30 AM | Computer Name = WARREN | Source = Service Control Manager | ID = 7022
    Description = The Wsys Service service hung on starting.

    Error - 18/07/2013 9:07:33 PM | Computer Name = WARREN | Source = Service Control Manager | ID = 7022
    Description = The Wsys Service service hung on starting.

    Error - 21/07/2013 12:33:03 AM | Computer Name = WARREN | Source = Print | ID = 54
    Description = Document https://online.transport.wa.gov.au/w...linepayment/wi
    was corrupted and has been deleted. The associated driver is: Brother MFC-440CN
    Printer.

    Error - 21/07/2013 12:33:03 AM | Computer Name = WARREN | Source = Service Control Manager | ID = 7022
    Description = The Wsys Service service hung on starting.

    Error - 21/07/2013 9:38:35 AM | Computer Name = WARREN | Source = Service Control Manager | ID = 7022
    Description = The Wsys Service service hung on starting.

    Error - 22/07/2013 8:25:14 AM | Computer Name = WARREN | Source = Service Control Manager | ID = 7022
    Description = The Wsys Service service hung on starting.

    Error - 22/07/2013 8:29:33 PM | Computer Name = WARREN | Source = Service Control Manager | ID = 7022
    Description = The Wsys Service service hung on starting.


    < End of report >

    # AdwCleaner v2.306 - Logfile created 07/23/2013 at 10:22:18
    # Updated 19/07/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Mick Warren - WARREN
    # Boot Mode : Normal
    # Running from : C:\Program Files\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Documents and Settings\Mick Warren\Application Data\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi
    File Found : C:\WINDOWS\system32\conduitEngine.tmp
    File Infected : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD2500JS-75NCB1_WD-WCANK257239272392&ts=1374086376)
    File Infected : C:\Documents and Settings\Mick Warren\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD2500JS-75NCB1_WD-WCANK257239272392&ts=1374086376)
    File Infected : C:\Documents and Settings\Mick Warren\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD2500JS-75NCB1_WD-WCANK257239272392&ts=1374086376)
    File Infected : C:\Documents and Settings\Mick Warren\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD2500JS-75NCB1_WD-WCANK257239272392&ts=1374086376)
    File Infected : C:\Documents and Settings\Mick Warren\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD2500JS-75NCB1_WD-WCANK257239272392&ts=1374086376)
    File Infected : C:\Documents and Settings\Mick Warren\Start Menu\Programs\Internet Explorer.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD2500JS-75NCB1_WD-WCANK257239272392&ts=1374086376)
    File Infected : C:\Documents and Settings\Mick Warren\Start Menu\Programs\Internet Explorer.lnk ( arg. : hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD2500JS-75NCB1_WD-WCANK257239272392&ts=1374086376)
    Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
    Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\eSafe
    Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\MiaaggNiiPic
    Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Premium
    Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
    Folder Found : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MiaaggNiiPic
    Folder Found : C:\Documents and Settings\Mick Warren\Application Data\Babylon
    Folder Found : C:\Documents and Settings\Mick Warren\Application Data\eIntaller
    Folder Found : C:\Documents and Settings\Mick Warren\Application Data\Mozilla\Firefox\Profiles\qhvf06a9.default\extensions\staged
    Folder Found : C:\Documents and Settings\Mick Warren\Application Data\PriceGong
    Folder Found : C:\Documents and Settings\Mick Warren\Local Settings\Application Data\Conduit
    Folder Found : C:\Documents and Settings\Mick Warren\Local Settings\Application Data\ConduitEngine
    Folder Found : C:\Documents and Settings\Mick Warren\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gookbonkimjpiijhnohcpiafmibnidpp
    Folder Found : C:\Documents and Settings\Mick Warren\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
    Folder Found : C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Zynga
    Folder Found : C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Zynga
    Folder Found : C:\Program Files\Free Ride Games
    Folder Found : C:\Program Files\Gophoto.it
    Folder Found : C:\Program Files\MagniPic
    Folder Found : C:\Program Files\TornTV.com
    Folder Found : C:\Program Files\Viewpoint
    Folder Found : C:\Program Files\Zynga
    Folder Found : C:\Program Files\Zynga

    ***** [Registry] *****

    Data Found : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD2500JS-75NCB1_WD-WCANK257239272392&ts=1374086376
    Data Found : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD2500JS-75NCB1_WD-WCANK257239272392&ts=1374086376
    Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\docume~1\alluse~1.win\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll
    Key Found : HKCU\Software\1ClickDownload
    Key Found : HKCU\Software\5868ddce76aee17
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\conduitEngine
    Key Found : HKCU\Software\conduitEngine
    Key Found : HKCU\Software\ConduitSearchScopes
    Key Found : HKCU\Software\Crossrider
    Key Found : HKCU\Software\DataMngr
    Key Found : HKCU\Software\DataMngr_Toolbar
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75A8163E-037B-F508-1EE7-38A7DD9D70E0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75A8163E-037B-F508-1EE7-38A7DD9D70E0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\PriceGong
    Key Found : HKCU\Software\PrivitizeVPNInstallDates
    Key Found : HKCU\Software\SmartBar
    Key Found : HKCU\Software\StartSearch
    Key Found : HKCU\Software\Toolbar
    Key Found : HKCU\Software\Zynga
    Key Found : HKLM\SOFTWARE\5868ddce76aee17
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1640187
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\conduitEngine
    Key Found : HKLM\Software\conduitEngine
    Key Found : HKLM\Software\DataMngr
    Key Found : HKLM\Software\Desksvc
    Key Found : HKLM\Software\eSafeSecControl
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{571A58E3-5236-4ADA-9669-041EEB1A6C90}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F30A105-4D65-4BFF-81B9-ADF0097454BF}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD3C1CCA-DC61-41B3-B0A7-B662046C9FBA}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EB03EF39-C655-D560-FA95-79182B837D64}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zynga Toolbar
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB03EF39-C655-D560-FA95-79182B837D64}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zynga Toolbar
    Key Found : HKLM\Software\qvo6Software
    Key Found : HKLM\Software\SP Global
    Key Found : HKLM\Software\Tarma Installer
    Key Found : HKLM\Software\V9
    Key Found : HKLM\Software\Zynga
    Key Found : HKU\S-1-5-21-1708537768-115176313-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0 (en-US)

    File : C:\Documents and Settings\Mick Warren\Application Data\Mozilla\Firefox\Profiles\0\prefs.js

    [OK] File is clean.

    File : C:\Documents and Settings\Mick Warren\Application Data\Mozilla\Firefox\Profiles\qhvf06a9.default\prefs.js

    Found : user_pref("browser.search.defaultenginename", "qvo6");
    Found : user_pref("browser.search.order.1", "qvo6");
    Found : user_pref("browser.search.selectedEngine", "qvo6");
    Found : user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Documents and Settings\Mick Warren\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************
    The following errors occurred with your submission
    Your submission could not be processed because the token has expired.

    Please reload the window.
    .

    AdwCleaner[R1].txt - [11365 octets] - [23/07/2013 10:22:18]

    ########## EOF - C:\AdwCleaner[R1].txt - [11426 octets] ##########

  5. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Very well done! Now it's my turn and it's going to be a while to review your logs, consult with my instructor and prepare a fix / solution for you. Please remember not to make any changes to the computer, or copy instructions that other helpers have given in other threads.

    Joe

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi mick warren,

    Lets begin removing the malware. If you don't understand something please feel free to ask.

    Run OTL again

    • Under the Custom Scans/Fixes box at the bottom, copy / and paste in the following. Just whats in the code box, not the word code.




      Code:
      :commands
      [CREATERESTOREPOINT]
      
      :otl
      SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
      SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
      DRV - (WDICA) -- File not found
      DRV - (PDRFRAME) -- File not found
      DRV - (PDRELI) -- File not found
      DRV - (PDFRAME) -- File not found
      DRV - (PDCOMP) -- File not found
      DRV - (PCIDump) -- File not found
      DRV - (lbrtfdc) -- File not found
      DRV - (i2omgmt) -- File not found
      DRV - (Changer) -- File not found
      DRV - (catchme) -- C:\DOCUME~1\MICKWA~1\LOCALS~1\Temp\catchme.sys File not found
      DRV - (bvrp_pci) -- File not found
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
      IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
      IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = Qvo6.com
      IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://findgala.com/?uid=8039&q={searchTerms}&rlz=1I7GGLR_enAU374
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.0.25:80
      FF - prefs.js..browser.search.defaultenginename: "qvo6"
      FF - prefs.js..browser.search.order.1: "qvo6"
      FF - prefs.js..browser.search.selectedEngine: "qvo6"
      FF - prefs.js..browser.startup.homepage:"http://www.qvo6.com/utm_source=b&utm_medium=ild&from=ild&uid=WDCXWD2500JS-75NCB1_WD-WCANK257239272392&ts=1374086376"
      FF - user.js - File not found
      FF - prefs.js..extensions.enabledAddons: news%40news.net:1.0.15
      [2013/02/27 21:38:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MICK WARREN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QHVF06A9.DEFAULT\EXTENSIONS\NEWS@NEWS.NET
      O4 - HKCU..\Run: [News.net] C:\Program Files\News.net\BreakingNews\DesktopContainer.exe File not found
      O18 - Protocol\Handler\ipp - No CLSID value found
      O18 - Protocol\Handler\msdaipp - No CLSID value found
      O20 - AppInit_DLLs: (c:\docume~1\alluse~1.win\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found
      [2013/07/21 15:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\StarApp
      [2013/07/21 15:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\MagniPic
      [2013/07/21 15:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MiaaggNiiPic
      [2013/07/21 15:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MiaaggNiiPic
      [2013/07/21 11:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mick Warren\My Documents\Tnt
      [2013/07/18 02:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mick Warren\Application Data\eIntaller
      @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:627B7F7C
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [resethosts]
      [emptytemp]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


    Next

    We will run awCleaner again, this time "Select" Delete

    • Double-click AdwCleaner.exe to run the tool.
    • Click Delete button as shown below.


    • Everything that was found will be deleted.
    • Save any open files and approve the reboot. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.


    The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1

    Next

    Download and run Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • shut down your protection software now to avoid potential conflicts.
    • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
      the tool will open and start scanning your system
    • please be patient as this can take a while to complete depending on your system's specifications
    • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
    • post the contents of JRT.txt into your next message.


    In your next reply please post the:
    • OTL Fix log.
    • adwCleaner Log
    • JRT.txt


    Let me know how the computer is running now.

    Thanks,

    Joe
    Last edited by zep516; 07-23-2013 at 04:50 PM.

  7. #7
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default

    Hi joe I am not able to use my desktop computer to use help2go

  8. #8
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default

    Joe, OTL run for 24 hrs no indication that It is doing anything is tho normal or can you recomend a different prog for that fix. Mick

  9. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi mick warren,

    I'll run this by my instructor. In the mean time can you at least post a new OTL log.

  10. #10
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default

    Joe, what ever is affecting my desktop will not allow me to log into Help2go error message keeps reading tokens expired or something like I can only text replies via handphone

Page 1 of 4 123 ... LastLast