WiredWX Hobby Weather ToolsLog in

 


Tidserv Activity 2

2 posters

descriptionTidserv Activity 2 EmptyTidserv Activity 2

more_horiz
Hello,
I have been struggling for the last three days to remove a tidserv trojan from my XP desktop.
I was "assisted" by Symantec's Indian subcontractors over a number of hours with no good result. Previously, I had applied Symantec's FixTDSS.exe and Kaspersky's TDSSKiller.exe to no avail - neither of them could find tidserv even though then (and now) I have a persistent little Norton popup box telling me "Threat requiring manual removal detected: System Infected: Tidserv Activity 2.”
I also have another persistent popup informing me that Malwarebytes has successfully blocked an (outgoing) attempt to connect with (one of several) potentially malicious websites.
I was unable to attach the requested log files in the usual manner or paste them in here so I had to upload them to my website cliveburton.com – please look for them there.
I certainly hope you can help me get rid of this nasty trojan which Norton Internet Security let through onto my system and they were of no use whatsoever in removing it.
I certainly do not want to go through the agony of reverting my system to factory state (as Symantec suggested) then spending many hours reinstating all my many applications from scratch (rather than from a backup image potentially still infected).
Any help you can give will be greatly appreciated!
Best regards
Clive Burton (PhD- physics)

descriptionTidserv Activity 2 EmptyRe: Tidserv Activity 2

more_horiz
Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
I was unable to attach the requested log files in the usual manner or paste them in here so I had to upload them to my website cliveburton.com – please look for them there.

What happens when you try to paste the logs? You may have to break the logs up into two or more posts.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
********************************************
Tidserv Activity 2 Mbamicontw5 Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

Tidserv Activity 2 DDS

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

descriptionTidserv Activity 2 EmptyRe: Tidserv Activity 2

more_horiz
Hello Dave
Thank you so much for your offer of assistance.
Well - I succeeded in installing and running Superantispyware but am afraid I can't do much with the results because everything I now go to do on the infected computer (my desktop) doesn't work anymore.
I consistently get messages saying that this that or the other .dll or .ime object "is not a valid Windows image" or that there is not enough system resource to carry out the task.
I am seeing a lot of what I class as memory leaks – screen images overlaying one another with transparent windows in them.
When I go to check on free space on the C drive (I believe there is well over 10 Gb) I see that used space and the free space are both reported as zero.
I can’t take any more pictures of my desktop because Jing isn’t working anymore.
I have to leave for an appointment in ten minutes so I’ll have to be quick here.
Please have a look at www.cliveburton.com/Tidserv Trojan Removal
This contains all the logs and some images of the Superantispy runs I did. I haven’t attempted to fix anything thus far.
I can’t do any better with sending you information at the moment.
Whenever I try to paste text logs here or attach files here I run into problems.
The files bring up an “invalid file” message and the pastes just don’t happen – this is from my laptop which appears to be working just fine.
I would like to run chkdsk on my desktop C drive but will await your instructions.
gottago
Best regards
Clive

descriptionTidserv Activity 2 EmptyRe: Tidserv Activity 2

more_horiz
I would like to run chkdsk on my desktop C drive but will await your instructions.

Go ahead and run chkdsk, if you can.
BTW, that link doesn't work.


Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.

descriptionTidserv Activity 2 EmptyRe: Tidserv Activity 2

more_horiz
Dave
Thank you for your reply - sorry - the link didn't copy properly - please go to:-
http://www.cliveburton.com/Tidserv%20Trojan%20Removal/
I will do the other things you suggested.
Best regards
Clive

descriptionTidserv Activity 2 EmptyRe: Tidserv Activity 2

more_horiz
Hi Dave
I had a lot of trouble with blue screens of death and have been unable to run chkdsk so far - however DrWeb LiveCD is running through all my HDDs and has so far identified two trojans though their names are hardly readable - look like TrojanSlgger2.8966 (the 9 could be a 5 but I don't think so) - it's in an exe file the name of which I cannot read. The other is Trojan.NulDrop3.17529 in SkypeSecrets.exe
DrWeb has been going for 13 hours so far and has only gone through 518344 files so there is a loooong way to go.
Suggestions please.
I'm thinking I may have to delete the boot partition and start again.
I've got an old copy of Ghost that I believe works on XP. Is that a good way of deleting and reinstating the boot partition without affecting the secondary partition. Will that really clobber a boot sector trojan?
Bset regards
Clive

descriptionTidserv Activity 2 EmptyRe: Tidserv Activity 2

more_horiz
Here's another boot disk that you may have better more luck.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  • Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

descriptionTidserv Activity 2 EmptyRe: Tidserv Activity 2

more_horiz
Hello Dave
Thanks for the added instructions which I will follow "just to be sure to be sure" as the Irish say.
However, running DrWeb_LiveCD seems to have had a good effect. I have not seen a blue screen of death since doing that nor have I seen a Norton box yabbering about Tidserv - wheee!!! I guess my main concern now is how do I tell whether I have really got rid of Tidserv since nothing I ever used actually found it under that name. ????
Malwarebytes is still preventing dial-home activity to at least three potentially malicious sites - any suggestion as to what to do about that?
Best regards
Clive

descriptionTidserv Activity 2 EmptyRe: Tidserv Activity 2

more_horiz
MBAM is still preventing dial-home activity to at least three potentially malicious sites - any suggestion as to what to do about that?

That's good. It's doing its job. Please run the SAS, MBAM and DDS scans and post the logs here.

descriptionTidserv Activity 2 EmptyRe: Tidserv Activity 2

more_horiz
Hi Dave - Here's the result of running OTLPE
I hope you can make sense of it - it's gobbledeygook to me.
The system continues to run OK with no blue screens or Tidserv warnings - only the Malwarebytes warnings about dialouts
================================================
OTL logfile created on: 12/17/2011 2:46:36 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,024.00 Mb Total Physical Memory | 771.00 Mb Available Physical Memory | 75.00% Memory free
907.00 Mb Paging File | 845.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 322.27 Gb Total Space | 44.68 Gb Free Space | 13.87% Space Free | Partition Type: NTFS
Drive D: | 14.16 Gb Total Space | 1.52 Gb Free Space | 10.73% Space Free | Partition Type: FAT32
Drive E: | 698.64 Gb Total Space | 80.63 Gb Free Space | 11.54% Space Free | Partition Type: NTFS
Drive F: | 143.49 Gb Total Space | 11.61 Gb Free Space | 8.09% Space Free | Partition Type: NTFS
Drive G: | 97.62 Gb Total Space | 0.88 Gb Free Space | 0.90% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (Secunia Update Agent)
SRV - File not found [Auto] -- -- (Secunia PSI Agent)
SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto] -- -- (MySQL)
SRV - File not found [Auto] -- -- (MBAMService)
SRV - File not found [On_Demand] -- -- (CoordinatorServiceHost)
SRV - File not found [Auto] -- -- (btwdins)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [Auto] -- -- (Apache2.2)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2011/07/07 21:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 19:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/08 15:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/04/01 22:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2010/08/23 23:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/13 01:40:24 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/10 19:28:11 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/12/16 18:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2009/09/26 01:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/07/07 16:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/02/08 20:38:52 | 000,056,344 | ---- | M] (Memeo) [Disabled] -- C:\Program Files\Memeo\AutoBackup\MemeoService.exe -- (BMUService)
SRV - [2005/09/23 09:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot] -- -- (iycct)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/12/15 07:31:05 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111216.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/15 07:31:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/15 07:31:04 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111216.034\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/12 17:55:45 | 000,083,064 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SMR210.SYS -- (SMR210)
DRV - [2011/12/08 17:01:21 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/07 18:43:12 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111216.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/11/24 02:08:44 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111210.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 12:29:26 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/26 19:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\symefa.sys -- (SymEFA)
DRV - [2011/08/31 20:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 18:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/02 21:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/02 21:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/25 21:18:39 | 000,387,192 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\NIS\1302000.00A\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/07/25 21:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\symds.sys -- (SymDS)
DRV - [2011/07/25 21:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\NIS\1302000.00A\Ironx86.SYS -- (SymIRON)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/25 19:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/25 19:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliand)
DRV - [2010/10/29 16:42:01 | 000,245,888 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\XHASP.sys -- (XHASP)
DRV - [2010/10/27 20:58:40 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/08/12 11:44:03 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/12/09 23:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/08/20 09:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009/07/07 16:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 16:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/22 11:06:32 | 000,016,384 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2009/03/13 12:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2008/08/26 12:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2007/07/23 16:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2004/10/07 13:21:22 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/10/09 23:23:48 | 000,032,640 | R--- | M] (Cypress Semiconductor) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2003/07/01 14:29:10 | 000,022,183 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2003/07/01 14:28:46 | 000,222,876 | ---- | M] (WIDCOMM, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2003/07/01 14:25:56 | 001,257,418 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2003/03/13 16:23:28 | 000,019,712 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1)
DRV - [2003/03/06 16:48:08 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2002/09/19 21:19:56 | 000,205,056 | ---- | M] (YAMAHA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Clive_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://mirostart.com/?cfg=2-365-0-QcG4
IE - HKU\Clive_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\Clive_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Clive_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Clive\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Clive\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2011/12/11 17:15:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2011/12/17 16:03:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/01/28 16:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/28 11:31:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.4\extensions\\Components: C:\Program Files\SeaMonkey\components [2011/10/29 21:23:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.4\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2011/10/29 21:23:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/10/12 12:04:12 | 000,000,000 | ---D | M]

[2010/10/01 18:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Extensions
[2010/10/01 18:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2009/09/21 18:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2011/12/17 13:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions
[2010/10/03 12:50:58 | 000,000,000 | ---D | M] (Link Evaluator) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\{2d4271b9-cc9f-4f37-8b1e-340293eacd5c}
[2011/12/17 13:38:32 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/11/09 19:28:10 | 000,000,000 | ---D | M] ("OutWit Kernel") -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}
[2011/12/07 12:51:25 | 000,000,000 | ---D | M] (ViralinBox) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\{8e319c1c-b993-4bf3-9aab-b4455476652e}
[2011/04/03 09:27:12 | 000,000,000 | ---D | M] (Web Enhancements) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}
[2011/10/03 17:01:41 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/01/06 17:54:46 | 000,000,000 | ---D | M] ("PPC Web Spy Toolbar") -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\{ec9CEB59-8266-438b-91D9-82F56D595E15}
[2011/11/09 19:27:55 | 000,000,000 | ---D | M] ("Outwit Docs") -- C:\Documents and Settings\Clive\Application Data\Mozilla\Firefox\Profiles\pfrurtul.default\extensions\outwit-docs@outwit.com
[2010/10/25 20:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Clive\Application Data\Mozilla\SeaMonkey\Profiles\jhviz8a6.default\extensions
[2010/10/15 11:49:15 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Clive\Application Data\Mozilla\SeaMonkey\Profiles\jhviz8a6.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/10/15 11:49:16 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Documents and Settings\Clive\Application Data\Mozilla\SeaMonkey\Profiles\jhviz8a6.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2010/10/15 11:49:15 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Clive\Application Data\Mozilla\SeaMonkey\Profiles\jhviz8a6.default\extensions\inspector@mozilla.org
[2011/11/28 00:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/04 13:08:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/05 02:10:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/04 22:44:20 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/11/04 22:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:44:20 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/11/04 22:44:20 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/11/04 22:44:20 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\Clive_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\Clive_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\Clive_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Clive_ON_C\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] File not found
O4 - HKLM..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\Clive_ON_C..\Run: [OpAgent] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\USB Sharing.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Clive_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Clive_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Clive_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Clive_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - File not found
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247343244515 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247376780203 (MUWebControl Class)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///D:/Program%20Files/AutoCAD%202000i/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///D:/Program%20Files/AutoCAD%202000i/InstFred.ocx (InstaFred Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///D:/Program%20Files/AutoCAD%202000i/AcPreview.ocx (AcPreview Control)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/29 00:23:50 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/11 18:27:00 | 000,000,132 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0337e984-6d66-11de-ba87-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0337e984-6d66-11de-ba87-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0337e984-6d66-11de-ba87-806d6172696f}\Shell\AutoRun\command - "" = G:\reatogoMenu.exe
O33 - MountPoints2\{fe4db67b-40ea-11df-acce-00e018f9eab8}\Shell - "" = AutoRun
O33 - MountPoints2\{fe4db67b-40ea-11df-acce-00e018f9eab8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fe4db67b-40ea-11df-acce-00e018f9eab8}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

descriptionTidserv Activity 2 EmptyRe: Tidserv Activity 2

more_horiz
AND here is the rest of the OTL.txt file
===========================================
========== Files/Folders - Created Within 90 Days ==========

[2011/12/15 01:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\SUPERAntiSpyware.com
[2011/12/15 00:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/12/15 00:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/12/15 00:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/14 15:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/12/14 13:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/14 13:36:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Start Menu\Programs\HiJackThis
[2011/12/13 12:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\My Documents\Backup Details
[2011/12/13 08:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\My Documents\AAALLL TRANSFERS I to Z
[2011/12/12 19:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\FixZeroAccess
[2011/12/12 19:19:18 | 001,776,248 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Clive\Desktop\FixZeroAccess.exe
[2011/12/12 18:10:22 | 000,046,640 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\msln.exe
[2011/12/12 17:55:45 | 000,083,064 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR210.SYS
[2011/12/12 17:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Local Settings\Application Data\NPE
[2011/12/12 02:42:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2011/12/11 18:24:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/11 17:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/11 17:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/08 15:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Start Menu\Programs\Norton
[2011/12/08 15:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2011/12/07 12:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\Appnimi
[2011/12/07 12:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Appnimi
[2011/11/20 20:23:00 | 000,000,000 | ---D | C] -- C:\SW2010_SP0.0
[2011/11/18 14:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/14 01:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\Auslogics
[2011/11/14 01:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/11/14 01:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/11/13 14:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DiskTrix
[2011/11/13 14:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\DiskTrix
[2011/11/06 13:57:15 | 000,000,000 | ---D | C] -- C:\Sony
[2011/10/29 21:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/29 21:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/24 16:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2011/10/24 16:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2011/10/13 18:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Local Settings\Application Data\MPlayer
[2011/10/13 18:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\.umplayer
[2011/10/13 18:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\UMPlayer
[2011/10/13 11:27:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/10/12 12:02:34 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2011/10/12 12:01:55 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2011/10/07 13:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/10/05 19:45:00 | 000,000,000 | ---D | C] -- C:\AAALLL NEW MUSIC FOR OUR CD PARTY 9 SEPT 2011
[2011/10/05 19:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IsoBuster
[2011/10/05 19:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Projects
[2011/10/05 19:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Start Menu\Programs\CNET TechTracker
[2011/10/05 19:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\CBS Interactive
[2011/10/03 12:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2011/10/02 16:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\MySQL
[2011/10/01 12:35:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Start Menu\Programs\XAMPP for Windows
[2011/09/30 16:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX860 series
[2011/09/30 00:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MySQL
[2011/09/30 00:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2011/09/30 00:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\My Documents\My Web Sites
[2011/09/30 00:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\My Documents\IISExpress
[2011/09/30 00:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft WebMatrix
[2011/09/30 00:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WebMatrix
[2011/09/30 00:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2011/09/30 00:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Start Menu\Programs\MySQL
[2011/09/30 00:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011/09/30 00:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\IIS Express
[2011/09/30 00:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/09/29 20:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IIS 7.0 Extensions
[2011/09/29 20:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2011/09/29 19:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2011/09/29 18:06:49 | 000,028,256 | ---- | C] (Applian Technologies Inc.) -- C:\WINDOWS\System32\drivers\appliand.sys
[2011/09/29 18:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2011/09/29 18:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\Replay Media Catcher 4
[2011/09/27 13:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\phpDesigner
[2011/09/27 13:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\phpDesigner 7
[2011/09/27 13:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\phpDesigner
[2011/09/27 13:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\phpDesigner 7
[2011/09/27 11:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2011/09/27 11:36:32 | 000,025,392 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2011/09/27 11:36:28 | 000,026,672 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2011/09/27 11:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2011/09/27 11:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2011/09/27 11:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Copy of Working Network Magic
[2011/09/26 22:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\My Documents\Marinviews from live site 26SEP2011 839PM
[2011/09/21 12:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Local Settings\Application Data\PandaBatchFileRenamer
[2011/09/21 12:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\Animal Software
[2011/09/21 12:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Batch File Renamer
[2011/09/20 18:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\Application Data\SynchroMaster
[2011/09/20 18:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SynchroMaster
[2011/09/20 18:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\SynchroMaster
[2011/09/20 13:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\My Documents\CuteFTP Clives Websites Data
[2011/09/20 12:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Clive\My Documents\Drive Image 16 Sept 2010
[2009/07/13 23:04:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Clive\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2011/12/17 17:38:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/17 17:13:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1390067357-839522115-1004UA.job
[2011/12/17 17:13:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1390067357-839522115-1004Core.job
[2011/12/17 16:54:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/17 14:05:17 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/17 14:04:23 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/17 14:04:23 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/12/17 14:04:23 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-776561741-1390067357-839522115-1004.job
[2011/12/17 14:04:17 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/17 14:03:52 | 1073,319,936 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/17 13:32:01 | 000,000,425 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/12/17 13:32:01 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/12/16 02:30:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/15 19:11:44 | 002,396,768 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/15 13:41:23 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2011/12/15 07:07:15 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to SUPERAntiSpyware.exe.lnk
[2011/12/15 00:58:02 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/15 00:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/12/14 18:12:57 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/14 18:07:37 | 001,682,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/14 15:51:59 | 000,734,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\Cat.DB
[2011/12/14 15:36:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\MBR.dat
[2011/12/14 13:36:30 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\HiJackThis.lnk
[2011/12/14 12:12:58 | 000,006,192 | ---- | M] () -- C:\{5FCC6C63-7A79-4217-9008-9874AA1F7CA2}
[2011/12/14 12:07:58 | 000,004,872 | ---- | M] () -- C:\{EBD9651B-6261-4D6B-9B46-903819BE7DF7}
[2011/12/14 11:51:26 | 000,004,872 | ---- | M] () -- C:\{1AD75ED9-E848-4120-8F59-7B872D040CBB}
[2011/12/14 06:30:04 | 000,004,872 | ---- | M] () -- C:\{C70EDF80-9BD5-45CE-A392-821B1FEFD2B0}
[2011/12/14 01:34:20 | 000,000,026 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2011/12/13 20:40:47 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 20:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/13 20:30:37 | 000,000,191 | ---- | M] () -- C:\WINDOWS\phpdesigner.ini
[2011/12/13 20:21:23 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-28FEL.exe
[2011/12/13 20:21:23 | 000,010,498 | ---- | M] () -- C:\WINDOWS\is-28FEL.msg
[2011/12/13 20:21:23 | 000,000,393 | ---- | M] () -- C:\WINDOWS\is-28FEL.lst
[2011/12/13 18:06:04 | 000,004,872 | ---- | M] () -- C:\{AC77E8C2-4F3C-4944-A066-79EBF368EC28}
[2011/12/13 17:49:55 | 000,004,872 | ---- | M] () -- C:\{E970B01C-3D88-419E-BA0D-AF8A66471B0F}
[2011/12/13 17:34:30 | 000,004,872 | ---- | M] () -- C:\{C3667A11-2EC5-4B59-AF72-B820B31DC20B}
[2011/12/13 17:17:33 | 000,004,872 | ---- | M] () -- C:\{610A3504-5FF3-4C1E-B991-0E6CF05203FE}
[2011/12/13 17:01:11 | 000,004,856 | ---- | M] () -- C:\{CF339214-7860-4944-931A-0D539A7A798A}
[2011/12/13 16:45:41 | 000,004,872 | ---- | M] () -- C:\{633A5982-6479-46E2-9B92-B78FAAB70DD6}
[2011/12/13 16:29:21 | 000,004,872 | ---- | M] () -- C:\{740D24BC-5B92-4550-89C1-3A0AB5D9C4F5}
[2011/12/13 16:20:20 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Clive\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/13 15:39:57 | 000,006,192 | ---- | M] () -- C:\{82D273DB-6DF2-4844-AE9B-07D26F51C014}
[2011/12/13 15:09:30 | 000,004,856 | ---- | M] () -- C:\{57A4138A-6D2C-45B9-B394-3943287836B5}
[2011/12/13 11:57:44 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2011/12/13 09:16:52 | 000,004,872 | ---- | M] () -- C:\{41E8C7AA-05C2-4117-9A04-0F5B2B040DE0}
[2011/12/12 21:57:06 | 001,776,248 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Clive\Desktop\FixZeroAccess.exe
[2011/12/12 20:11:33 | 000,002,105 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/12/12 18:10:29 | 000,384,414 | ---- | M] () -- C:\WINDOWS\System32\drivers\SMR210.dat
[2011/12/12 18:10:22 | 000,046,640 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\msln.exe
[2011/12/12 17:55:45 | 000,083,064 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR210.SYS
[2011/12/12 13:00:55 | 000,032,280 | ---- | M] () -- C:\{C91F9F0C-FCAF-45F5-9EE9-C1307A804E99}
[2011/12/11 18:06:27 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2011/12/11 18:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2011/12/10 20:59:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/09 11:59:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-776561741-1390067357-839522115-1004.job
[2011/12/08 22:35:53 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\VT20111023.024
[2011/12/08 21:52:29 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Norton Installation Files.lnk
[2011/12/08 17:01:21 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/12/08 17:01:21 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/12/08 17:01:21 | 000,007,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/12/08 17:01:21 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/12/07 12:43:05 | 000,001,019 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Appnimi RAR Password Unlocker.lnk
[2011/12/07 12:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Appnimi
[2011/12/05 13:05:25 | 000,002,175 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/29 14:10:49 | 000,001,041 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2011/11/28 00:49:04 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/28 00:49:04 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/26 14:44:14 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Analytics Settings - Google Analytics.URL
[2011/11/23 08:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/11/23 08:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2011/11/22 13:31:51 | 000,000,492 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2011/11/19 18:41:00 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/18 19:22:50 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Clive\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/18 19:22:48 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Google Chrome.lnk
[2011/11/18 14:04:09 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/18 14:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/14 01:09:15 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\AusLogics Disk Defrag.lnk
[2011/11/14 01:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/11/13 14:29:05 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to UDefrag.exe.lnk
[2011/11/13 14:27:16 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\UltimateDefrag.LNK
[2011/11/13 14:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DiskTrix
[2011/11/12 16:39:47 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/09 15:36:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/06 14:23:00 | 000,503,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 14:23:00 | 000,088,628 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/06 14:20:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\U12A_20e.INI
[2011/11/04 14:20:51 | 005,978,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/11/04 14:20:51 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/11/04 14:20:51 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2011/11/04 14:20:51 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2011/11/04 14:20:51 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2011/11/04 14:20:51 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2011/11/04 14:20:51 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2011/11/04 14:20:51 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2011/11/04 14:20:51 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2011/11/04 14:20:51 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/11/04 14:20:51 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2011/11/04 14:20:51 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2011/11/04 14:20:51 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2011/11/04 14:20:51 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2011/11/04 14:20:51 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2011/11/04 14:20:51 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/11/04 14:20:51 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2011/11/04 14:20:51 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2011/11/04 14:20:51 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2011/11/04 14:20:51 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2011/11/04 14:20:50 | 011,081,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/11/04 14:20:50 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/11/04 14:20:50 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2011/11/04 14:20:50 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2011/11/04 14:20:50 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2011/11/04 14:20:50 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2011/11/04 13:58:05 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2011/11/04 06:23:59 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2011/11/04 02:16:12 | 000,655,360 | ---- | M] () -- C:\ffastunT.ffl
[2011/11/03 19:43:43 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\isolate.ini
[2011/11/02 19:08:42 | 000,007,498 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.cat
[2011/11/01 11:07:10 | 001,288,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ole32.dll
[2011/10/29 21:22:16 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/29 21:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/10/29 18:51:21 | 000,028,203 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\2011-10-29_1650.png
[2011/10/28 00:31:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2011/10/28 00:31:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2011/10/25 08:37:08 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/10/25 08:33:08 | 002,192,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2011/10/25 08:33:08 | 002,192,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/10/25 07:52:03 | 002,069,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2011/10/25 07:52:03 | 002,069,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/10/25 07:52:02 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/10/24 16:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2011/10/24 16:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2011/10/24 15:52:50 | 000,000,737 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/10/24 15:51:47 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/10/24 15:51:46 | 000,001,978 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
[2011/10/24 15:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2011/10/21 23:01:59 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\SSA Benefit Calculator.lnk
[2011/10/19 17:31:53 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Clive\.recently-used.xbel
[2011/10/19 17:04:16 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Miro.lnk
[2011/10/19 08:30:06 | 000,002,784 | ---- | M] () -- C:\{EBC6B4FC-BEC0-48DF-BC04-172C317A3031}
[2011/10/19 02:25:32 | 000,002,224 | ---- | M] () -- C:\{BE150900-2110-4F68-A871-1006A5C535FD}
[2011/10/18 12:26:20 | 000,121,096 | ---- | M] () -- C:\WINDOWS\System32\MSForms.TWD
[2011/10/18 06:13:22 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/10/16 14:06:44 | 000,152,576 | ---- | M] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 5.mpp
[2011/10/16 13:14:26 | 000,146,944 | ---- | M] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 4.mpp
[2011/10/16 00:30:06 | 000,372,736 | ---- | M] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 3.mpp
[2011/10/15 23:47:34 | 000,387,584 | ---- | M] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 2.mpp
[2011/10/15 18:01:32 | 000,188,416 | -H-- | M] () -- C:\ffastun.ffo
[2011/10/15 18:01:32 | 000,004,718 | -H-- | M] () -- C:\ffastun.ffa
[2011/10/15 18:01:31 | 014,987,264 | -H-- | M] () -- C:\ffastun0.ffx
[2011/10/15 18:01:31 | 000,376,832 | -H-- | M] () -- C:\ffastun.ffl
[2011/10/15 14:58:02 | 000,035,262 | ---- | M] () -- C:\WINDOWS\Clive.acl
[2011/10/15 14:50:49 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to WINPROJ.EXE.lnk
[2011/10/15 14:41:50 | 000,004,346 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/15 14:41:50 | 000,000,120 | ---- | M] () -- C:\WINDOWS\MSMAIL32.INI
[2011/10/15 14:41:49 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Project.lnk
[2011/10/13 18:08:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\UMPlayer.lnk
[2011/10/13 16:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/10/12 12:29:41 | 000,001,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2011/10/12 12:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia
[2011/10/12 11:05:20 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Notepad++.lnk
[2011/10/10 09:22:41 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/10/07 13:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/10/05 19:37:44 | 000,000,845 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\IsoBuster.lnk
[2011/10/05 19:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\IsoBuster
[2011/10/05 19:36:49 | 000,001,185 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\CNET TechTracker.lnk
[2011/10/03 12:02:31 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\Clive\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/10/03 12:02:31 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/10/03 12:02:31 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2011/10/02 16:31:47 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to MySQLWorkbench.exe.lnk
[2011/10/02 16:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\MySQL
[2011/10/01 15:57:29 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SeaMonkey.lnk
[2011/10/01 12:35:50 | 000,000,582 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\XAMPP Control Panel.lnk
[2011/09/30 17:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon
[2011/09/30 16:37:22 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Canon IJ Network Tool.lnk
[2011/09/30 16:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX860 series
[2011/09/30 11:39:48 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Clive\My Documents\CLIVE2011.TAX
[2011/09/30 11:38:22 | 000,078,840 | ---- | M] () -- C:\Documents and Settings\Clive\My Documents\CLIVE2011.BAK
[2011/09/30 10:30:16 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\e-tax 2011.lnk
[2011/09/30 01:25:00 | 000,420,466 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-776561741-1390067357-839522115-1004-0.dat
[2011/09/30 01:24:59 | 000,420,466 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/30 00:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft WebMatrix
[2011/09/29 20:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\IIS 7.0 Extensions
[2011/09/29 19:49:40 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2011/09/29 19:05:41 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to EasyPHP-5.3.2.lnk
[2011/09/29 18:06:48 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Replay Media Catcher 4.lnk
[2011/09/29 18:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Applian Technologies
[2011/09/28 02:06:50 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/28 00:43:30 | 000,027,830 | ---- | M] () -- C:\Documents and Settings\Clive\Application Data\phpdesigner.xml
[2011/09/27 13:49:00 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\phpDesigner 7.lnk
[2011/09/27 13:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\phpDesigner 7
[2011/09/27 11:40:33 | 000,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2011/09/27 11:40:31 | 000,001,938 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Network Magic.lnk
[2011/09/27 11:37:04 | 008,892,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2011/09/26 19:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.sys
[2011/09/26 19:37:31 | 000,003,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symefa.inf
[2011/09/26 19:14:42 | 000,002,801 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1302000.00A\symvtcer.dat
[2011/09/26 13:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 13:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 13:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 13:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll
[2011/09/25 11:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
[2011/09/25 00:49:51 | 000,000,639 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to phpDesignerPrg.exe.lnk
[2011/09/25 00:49:10 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/09/24 21:55:41 | 000,006,224 | ---- | M] () -- C:\{018132AA-A563-43FB-83C2-6A4252D95F58}
[2011/09/24 21:51:02 | 000,006,120 | ---- | M] () -- C:\{91CA3ECA-C5A7-4DCE-9D0B-1EB8576FADB5}
[2011/09/23 11:22:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PhotoNow.INI
[2011/09/21 17:22:00 | 000,003,708 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\wp-config.php
[2011/09/21 12:15:18 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Panda Batch File Renamer.lnk
[2011/09/20 23:22:29 | 000,003,394 | ---- | M] () -- C:\Documents and Settings\Clive\Application Data\SAS7_000.DAT
[2011/09/20 23:17:12 | 000,002,537 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\Dragon NaturallySpeaking 10.0.lnk
[2011/09/20 18:57:37 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\Clive\Desktop\SynchroMaster.lnk
[2011/09/20 18:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SynchroMaster
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/17 13:32:01 | 000,000,425 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/12/16 02:14:11 | 1073,319,936 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/15 16:13:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/15 07:07:12 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to SUPERAntiSpyware.exe.lnk
[2011/12/15 00:58:00 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/12/14 15:36:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\MBR.dat
[2011/12/14 13:36:30 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\HiJackThis.lnk
[2011/12/14 12:12:58 | 000,006,192 | ---- | C] () -- C:\{5FCC6C63-7A79-4217-9008-9874AA1F7CA2}
[2011/12/14 12:07:58 | 000,004,872 | ---- | C] () -- C:\{EBD9651B-6261-4D6B-9B46-903819BE7DF7}
[2011/12/14 11:51:26 | 000,004,872 | ---- | C] () -- C:\{1AD75ED9-E848-4120-8F59-7B872D040CBB}
[2011/12/14 06:30:04 | 000,004,872 | ---- | C] () -- C:\{C70EDF80-9BD5-45CE-A392-821B1FEFD2B0}
[2011/12/13 20:21:23 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-28FEL.exe
[2011/12/13 20:21:23 | 000,010,498 | ---- | C] () -- C:\WINDOWS\is-28FEL.msg
[2011/12/13 20:21:23 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/13 20:21:23 | 000,000,393 | ---- | C] () -- C:\WINDOWS\is-28FEL.lst
[2011/12/13 18:06:04 | 000,004,872 | ---- | C] () -- C:\{AC77E8C2-4F3C-4944-A066-79EBF368EC28}
[2011/12/13 17:49:55 | 000,004,872 | ---- | C] () -- C:\{E970B01C-3D88-419E-BA0D-AF8A66471B0F}
[2011/12/13 17:34:30 | 000,004,872 | ---- | C] () -- C:\{C3667A11-2EC5-4B59-AF72-B820B31DC20B}
[2011/12/13 17:17:33 | 000,004,872 | ---- | C] () -- C:\{610A3504-5FF3-4C1E-B991-0E6CF05203FE}
[2011/12/13 17:01:11 | 000,004,856 | ---- | C] () -- C:\{CF339214-7860-4944-931A-0D539A7A798A}
[2011/12/13 16:45:41 | 000,004,872 | ---- | C] () -- C:\{633A5982-6479-46E2-9B92-B78FAAB70DD6}
[2011/12/13 16:29:21 | 000,004,872 | ---- | C] () -- C:\{740D24BC-5B92-4550-89C1-3A0AB5D9C4F5}
[2011/12/13 15:39:57 | 000,006,192 | ---- | C] () -- C:\{82D273DB-6DF2-4844-AE9B-07D26F51C014}
[2011/12/13 15:09:29 | 000,004,856 | ---- | C] () -- C:\{57A4138A-6D2C-45B9-B394-3943287836B5}
[2011/12/13 09:16:51 | 000,004,872 | ---- | C] () -- C:\{41E8C7AA-05C2-4117-9A04-0F5B2B040DE0}
[2011/12/12 21:24:36 | 000,162,816 | ---- | C] () -- C:\netbt.sys
[2011/12/12 19:22:47 | 002,396,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/12 17:55:46 | 000,384,414 | ---- | C] () -- C:\WINDOWS\System32\drivers\SMR210.dat
[2011/12/12 13:00:55 | 000,032,280 | ---- | C] () -- C:\{C91F9F0C-FCAF-45F5-9EE9-C1307A804E99}
[2011/12/08 15:20:59 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Norton Installation Files.lnk
[2011/12/07 12:43:05 | 000,001,019 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Appnimi RAR Password Unlocker.lnk
[2011/11/26 14:44:14 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Analytics Settings - Google Analytics.URL
[2011/11/18 14:04:08 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/11/14 01:09:15 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\AusLogics Disk Defrag.lnk
[2011/11/13 14:29:05 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to UDefrag.exe.lnk
[2011/11/13 14:27:16 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\UltimateDefrag.LNK
[2011/11/12 16:39:47 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/11/06 14:20:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\U12A_20e.INI
[2011/11/06 13:57:15 | 000,151,552 | ---- | C] () -- C:\WINDOWS\CheckModels.exe
[2011/11/03 18:55:03 | 000,655,360 | ---- | C] () -- C:\ffastunT.ffl
[2011/10/29 21:22:14 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/10/29 18:51:21 | 000,028,203 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\2011-10-29_1650.png
[2011/10/24 15:51:47 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/10/24 15:51:46 | 000,001,978 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
[2011/10/21 23:01:59 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\SSA Benefit Calculator.lnk
[2011/10/19 17:31:52 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Clive\.recently-used.xbel
[2011/10/19 08:30:06 | 000,002,784 | ---- | C] () -- C:\{EBC6B4FC-BEC0-48DF-BC04-172C317A3031}
[2011/10/19 02:25:31 | 000,002,224 | ---- | C] () -- C:\{BE150900-2110-4F68-A871-1006A5C535FD}
[2011/10/18 12:26:20 | 000,121,096 | ---- | C] () -- C:\WINDOWS\System32\MSForms.TWD
[2011/10/16 13:28:25 | 000,152,576 | ---- | C] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 5.mpp
[2011/10/16 13:14:24 | 000,146,944 | ---- | C] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 4.mpp
[2011/10/15 23:47:51 | 000,372,736 | ---- | C] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 3.mpp
[2011/10/15 20:56:07 | 000,387,584 | ---- | C] () -- C:\Documents and Settings\Clive\My Documents\Zoe Project Ver 2.mpp
[2011/10/15 18:01:32 | 000,004,718 | -H-- | C] () -- C:\ffastun.ffa
[2011/10/15 18:01:31 | 000,188,416 | -H-- | C] () -- C:\ffastun.ffo
[2011/10/15 18:01:27 | 014,987,264 | -H-- | C] () -- C:\ffastun0.ffx
[2011/10/15 17:52:21 | 000,376,832 | -H-- | C] () -- C:\ffastun.ffl
[2011/10/15 14:58:02 | 000,035,262 | ---- | C] () -- C:\WINDOWS\Clive.acl
[2011/10/15 14:50:49 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to WINPROJ.EXE.lnk
[2011/10/15 14:41:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\MSMAIL32.INI
[2011/10/15 14:41:49 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Project.lnk
[2011/10/13 18:08:32 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\UMPlayer.lnk
[2011/10/12 12:29:36 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2011/10/07 13:54:00 | 000,002,175 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/10/05 19:37:43 | 000,000,845 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\IsoBuster.lnk
[2011/10/05 19:36:48 | 000,001,185 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\CNET TechTracker.lnk
[2011/10/03 12:02:31 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\Clive\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/10/03 12:02:31 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2011/10/03 12:02:30 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/10/03 12:02:24 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/10/02 16:31:47 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to MySQLWorkbench.exe.lnk
[2011/10/01 12:35:05 | 000,000,582 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\XAMPP Control Panel.lnk
[2011/09/30 01:24:59 | 000,420,466 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/09/30 01:24:59 | 000,420,466 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-776561741-1390067357-839522115-1004-0.dat
[2011/09/29 19:49:40 | 000,001,820 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2011/09/29 19:05:41 | 000,000,452 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to EasyPHP-5.3.2.lnk
[2011/09/29 18:06:48 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Replay Media Catcher 4.lnk
[2011/09/28 00:43:30 | 000,027,830 | ---- | C] () -- C:\Documents and Settings\Clive\Application Data\phpdesigner.xml
[2011/09/27 13:49:00 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\phpDesigner 7.lnk
[2011/09/27 11:40:31 | 000,001,938 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Network Magic.lnk
[2011/09/27 11:40:31 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2011/09/25 00:49:51 | 000,000,639 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\Shortcut to phpDesignerPrg.exe.lnk
[2011/09/24 21:55:41 | 000,006,224 | ---- | C] () -- C:\{018132AA-A563-43FB-83C2-6A4252D95F58}
[2011/09/24 21:51:02 | 000,006,120 | ---- | C] () -- C:\{91CA3ECA-C5A7-4DCE-9D0B-1EB8576FADB5}
[2011/09/23 11:22:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2011/09/21 17:22:00 | 000,003,708 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\wp-config.php
[2011/09/21 12:15:18 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Panda Batch File Renamer.lnk
[2011/09/20 18:57:36 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Clive\Desktop\SynchroMaster.lnk
[2011/09/08 14:51:35 | 000,152,382 | ---- | C] () -- C:\WINDOWS\AudioLabel Uninstaller.exe
[2011/04/03 09:29:39 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/04/03 09:29:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/29 16:42:01 | 000,245,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\XHASP.sys
[2010/10/27 21:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AceCrypt.dll
[2010/10/27 20:58:41 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2010/10/27 20:57:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hsduinst.exe
[2010/10/27 20:57:09 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2010/10/27 18:26:06 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/10 21:51:41 | 000,000,229 | ---- | C] () -- C:\WINDOWS\OPENFX_.INI
[2010/10/03 00:37:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2010/08/10 19:28:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/04/18 06:12:18 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/09 21:26:42 | 000,000,015 | ---- | C] () -- C:\WINDOWS\cfwin.ini
[2010/03/09 21:26:38 | 000,000,098 | ---- | C] () -- C:\WINDOWS\cfwinlib.ini
[2010/02/19 13:49:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Clive\Local Settings\Application Data\Schedule8.dat
[2010/02/09 16:54:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2010/01/26 14:24:34 | 000,103,784 | ---- | C] () -- C:\Documents and Settings\Clive\GoToAssistDownloadHelper.exe
[2010/01/08 18:40:19 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2009/12/22 14:42:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/11/27 18:48:24 | 000,640,512 | ---- | C] () -- C:\WINDOWS\System32\gfkernel.dll
[2009/11/27 18:48:24 | 000,640,512 | ---- | C] () -- C:\WINDOWS\System32\gfbaksm.dat
[2009/11/27 17:35:37 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/26 22:50:40 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2009/11/25 18:41:02 | 000,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/25 18:41:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/25 18:41:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/25 18:41:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/25 18:41:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/14 17:17:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Clive\Local Settings\Application Data\fusioncache.dat
[2009/11/11 17:51:25 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/11/11 17:51:25 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\C9EAF77DC1.sys
[2009/10/20 13:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/10/13 19:00:30 | 000,086,608 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/12 10:57:00 | 000,000,023 | ---- | C] () -- C:\WINDOWS\bo9840cd.ini
[2009/08/28 00:37:09 | 000,003,394 | ---- | C] () -- C:\Documents and Settings\Clive\Application Data\SAS7_000.DAT
[2009/08/01 20:28:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/07/29 23:58:18 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/07/29 23:58:16 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/07/28 15:50:04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\XDirTree.dll
[2009/07/28 15:50:04 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\XFileLst.dll
[2009/07/28 15:29:18 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\efea2_g.dll
[2009/07/27 18:42:21 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Clive\g2mdlhlpx.exe
[2009/07/27 13:40:47 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/07/22 17:41:54 | 000,000,191 | ---- | C] () -- C:\WINDOWS\phpdesigner.ini
[2009/07/22 13:13:30 | 000,000,395 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/07/21 18:55:42 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/21 13:37:04 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Clive\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/18 01:11:13 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/17 13:44:11 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\bd9840cd.dat
[2009/07/16 20:51:05 | 000,000,492 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/07/16 20:51:05 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/07/16 20:48:08 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2009/07/16 19:41:28 | 000,001,041 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2009/07/15 13:07:48 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6y.DLL
[2009/07/13 23:04:52 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Clive\Application Data\pcouffin.cat
[2009/07/13 23:04:52 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Clive\Application Data\pcouffin.inf
[2009/07/13 18:46:43 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\CNCMP60.INI
[2009/07/13 18:46:38 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\CNCFMS60.EXE
[2009/07/12 12:55:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/11 15:27:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/07/10 17:48:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/10 17:44:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/10 10:33:47 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/10 10:32:54 | 001,682,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/08/21 22:46:34 | 000,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006/10/22 14:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 14:22:00 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/10/22 14:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 14:22:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 14:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 14:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 14:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 14:22:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/10/22 14:22:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/10/22 14:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 14:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/04 22:24:28 | 000,010,747 | ---- | C] () -- C:\WINDOWS\System32\UDBDef.exe
[2005/11/24 14:49:26 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2004/09/16 15:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/07/01 14:44:08 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2003/07/01 14:43:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2003/07/01 14:38:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/07/01 14:29:10 | 000,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys
[2002/08/29 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 07:00:00 | 000,503,138 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 07:00:00 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys
[2002/08/29 07:00:00 | 000,088,628 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2000/06/12 03:37:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mtstack.exe
[2000/03/30 00:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL
[1999/10/23 20:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[1999/08/11 17:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL
[1999/05/21 23:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL
[1998/04/07 02:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1998/01/28 02:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL
[1996/11/17 02:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/17 02:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 02:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2011/03/15 00:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Amazon
[2011/09/21 12:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Animal Software
[2009/09/03 02:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Ashampoo
[2011/11/14 01:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Auslogics
[2011/02/11 04:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Auto Click Profits
[2010/06/29 01:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Autodesk
[2011/04/01 07:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Backslash
[2011/09/30 17:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Canon
[2011/10/05 19:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\CBS Interactive
[2011/09/17 19:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/14 20:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\CopyToDvd
[2010/08/13 00:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\DAEMON Tools Lite
[2010/08/10 19:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\DassaultSystemes
[2011/11/17 00:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Domain Name Analyzer v4.1
[2009/11/26 22:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\DonationCoder
[2010/10/11 12:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\DWGeditor
[2009/11/19 02:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\EBookSys
[2010/08/10 19:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\EDrawings
[2011/12/12 19:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\FixZeroAccess
[2009/07/22 11:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\GlarySoft
[2009/07/14 01:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\GlobalSCAPE
[2011/12/07 13:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\gtk-2.0
[2009/07/22 17:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\JAM Software
[2011/02/04 13:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Keyword Advantage
[2010/08/30 00:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Luxology
[2011/03/06 20:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/10/02 16:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\MySQL
[2011/01/28 14:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Nokia
[2011/10/12 11:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Notepad++
[2009/08/11 18:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Nuance
[2009/11/02 16:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Nvu
[2009/08/02 12:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Opera
[2011/08/21 13:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\OutWit
[2011/09/15 00:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\PandoraRecovery
[2010/04/14 12:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Participatory Culture Foundation
[2010/06/25 16:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\PC Suite
[2011/12/07 15:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\PCF-VLC
[2009/08/01 20:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\pdf995
[2011/10/10 13:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\phpDesigner
[2011/09/29 18:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Replay Media Catcher 4
[2009/07/22 13:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\ScanSoft
[2009/10/11 03:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Softnik Technologies
[2011/09/20 21:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\SynchroMaster
[2011/08/08 22:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\TeamViewer
[2010/11/20 16:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Tific
[2011/07/10 01:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Usenet.nl
[2011/12/07 18:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\UseNeXT
[2010/05/24 12:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Vso
[2011/03/02 19:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\WordWeb
[2010/03/12 16:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\YouSendIt
[2009/07/22 13:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clive\Application Data\Zeon
[2011/08/11 10:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2011/03/18 17:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applian
[2009/09/03 02:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/07/05 19:08:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/10/13 11:27:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/07/05 20:46:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/08/12 11:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/10 19:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/11/26 20:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2011/01/28 15:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/09/30 00:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/06/25 01:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/07/18 18:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009/08/11 18:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/11/12 15:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2010/06/25 16:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/02/02 17:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/09/27 13:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\phpDesigner
[2009/09/02 23:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2011/09/17 18:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/01/25 23:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2009/08/11 18:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/07/13 10:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/11/11 17:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/11/14 17:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tanagra
[2011/09/20 23:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/14 00:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/05/06 13:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/17 14:04:23 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 409 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36085B5
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FB286BF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12F3A419
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5B56640
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B18E8E9
< End of report >

descriptionTidserv Activity 2 EmptyRe: Tidserv Activity 2

more_horiz
AND I will do the following when I can

Please run the SAS, MBAM and DDS scans and post the logs here.

Cheers
CB

descriptionTidserv Activity 2 EmptyRe: Tidserv Activity 2

more_horiz
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL

O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - File not found
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\Clive_ON_C..\Run: [OpAgent] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\USB Sharing.lnk = File not found
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - File not found
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - File not found

:folders

C:\Program Files\Search Toolbar

:COMMANDS
[resethosts]
[purity]
[start explorer]


* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

descriptionTidserv Activity 2 EmptyRe: Tidserv Activity 2

more_horiz
I Ran the Fix and it said "process completed" but no log file or whatever opened up and the only relevant text file I could find was the one below that was in a C:\OTL\MovedFiles folder and was called 12172011_214116.log


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Registry value HKEY_USERS\Clive_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\OpAgent deleted successfully.
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\USB Sharing.lnk scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{36ECAF82-3300-8F84-092E-AFF36D6C7040}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36ECAF82-3300-8F84-092E-AFF36D6C7040}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{36ECAF82-3300-8F84-092E-AFF36D6C7040}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36ECAF82-3300-8F84-092E-AFF36D6C7040}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB858B22-55E2-413f-87F5-30ADC5552151}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB858B22-55E2-413f-87F5-30ADC5552151}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ deleted successfully.
File {91774881-D725-4E58-B298-07617B9B86A8} - File not found not found.
Error: Unable to interpret <:folders> in the current context!
Error: Unable to interpret in the current context!
========== COMMANDS ==========
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 12172011_214116

descriptionTidserv Activity 2 EmptyRe: Tidserv Activity 2

more_horiz
I still need the logs from SAS, MBAM and DDS (2).

descriptionTidserv Activity 2 EmptyRe: Tidserv Activity 2

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum