I can not load or Uninstall any programs

Recently whenever i start up the computer a message with an x comes up and says somthing and something is missing. I knew it was a virus as it initially was just on my computer, then when i inserted my new flash and put something on it and transferred it to another laptop. That laptop had the same msg come up on the screen. I didnt think of it as much as it was not affecting me and my work. Now i wanted to start adobe to read a book and it says "an internal error has occurred" this msg also comes up when i load my account alongside the other message. I tried force uninstall and nothing worked. Im so worried as i have to hand in some work and i need to study! My books online and its driving me crazy. I recently installed microsoft work and even that stopped working, telling me some files can not be found and i tried uninstalling and same thing, "such and such a file cannot be found to uninstall" GRR.
PLEAAAASE HELP

pLEASE please please. Im on holiday abroad and finding a computer repair shop is gna be hard and also i dont completely trust them with my laptop!

Can i send a scan, i downloaded the otl. Im quite worried. Any advice would be helpful.

Many thanks!

Please post the OTL scan and post both logs.

This is the message i get when i start up. Il run the scan and post the logs, i have attached the picture

I tried running the scan and this error box came up, attached

Hello.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

OTL logfile created on: 03/11/2010 11:03:31 - Run 3
OTL by OldTimer - Version 3.2.17.2 Folder = c:\Users\umm nabilah\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 205.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 34.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.79 Gb Total Space | 37.59 Gb Free Space | 36.93% Space Free | Partition Type: NTFS

Computer Name: CLAIRE | User Name: umm nabilah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/02 11:08:31 | 000,576,000 | ---- | M] (OldTimer Tools) -- c:\Users\umm nabilah\Downloads\OTL(2).exe
PRC - [2010/07/26 10:13:12 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/07/16 02:41:26 | 000,769,328 | ---- | M] (Pinball Corporation.) -- C:\Program Files\HBLite\bin\11.0.258.0\HBLiteSA.exe
PRC - [2010/06/25 12:16:48 | 005,869,936 | ---- | M] () -- C:\Program Files\Etisalat USB modem\Etisalat USB modem.exe
PRC - [2010/06/16 21:16:15 | 012,732,680 | ---- | M] (AVM Software Inc.) -- C:\Program Files\Paltalk Messenger\paltalk.exe
PRC - [2010/01/15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/25 19:07:33 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/01 20:55:16 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/01 20:55:12 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/09/01 20:54:54 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/01 20:54:45 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/09/01 20:53:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/12/11 13:38:22 | 001,093,632 | ---- | M] (www.IslamicFinder.org) -- C:\Program Files\Athan\Athan.exe
PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/12 00:22:06 | 000,196,608 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
PRC - [2008/04/07 16:09:06 | 000,306,112 | ---- | M] (Carbonite, Inc.) -- C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe
PRC - [2008/03/31 11:51:42 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PlayMovie\PMVService.exe
PRC - [2008/03/21 21:56:56 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
PRC - [2008/02/04 12:13:36 | 001,038,136 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
PRC - [2008/01/21 04:33:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/01/21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/21 04:33:00 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2008/01/14 15:12:30 | 001,688,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/10/16 11:06:22 | 000,552,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Program Files\SiS VGA Utilities\SiSTray.exe
PRC - [2007/10/09 10:59:30 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/09/17 13:33:34 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/11/02 11:08:31 | 000,576,000 | ---- | M] (OldTimer Tools) -- c:\Users\umm nabilah\Downloads\OTL(2).exe
MOD - [2009/09/01 20:55:19 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/21 04:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/01 20:54:45 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/09/01 20:53:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/24 14:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/03 17:37:40 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/02/03 14:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/17 13:33:34 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/01/08 10:29:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/08 10:29:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/08 10:29:32 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/12/30 12:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/09/01 20:55:15 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/09/01 20:55:15 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/04 12:35:10 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/28 21:19:41 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/06 16:32:54 | 000,038,496 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/03/23 15:07:28 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/23 15:07:26 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/23 15:07:26 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/08/22 20:55:46 | 000,007,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/03/31 11:52:10 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/01/23 23:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2008/01/21 04:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 04:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 04:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 04:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 04:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 04:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 04:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 04:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 04:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 04:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 04:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 04:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 04:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 04:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 04:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 04:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 04:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 04:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 04:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 04:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 04:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 04:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 04:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/16 11:07:26 | 000,454,008 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2007/10/09 10:49:58 | 001,970,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/09/26 08:32:44 | 001,355,520 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2007/07/30 16:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/06/20 05:12:18 | 000,047,616 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007/03/01 15:24:30 | 000,182,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/01/24 11:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2006/12/14 09:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9088
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2247187
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: HBLite@HBLite.com:11.0.0.0
FF - prefs.js..extensions.enabledItems: {C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 15:42:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files\HBLite\bin\11.0.258.0\firefox\extensions [2010/07/27 15:58:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/31 17:39:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 00:46:01 | 000,000,000 | ---D | M]

[2009/04/25 14:37:51 | 000,000,000 | ---D | M] -- C:\Users\Fathima nabilah\AppData\Roaming\Mozilla\Extensions
[2009/03/30 13:29:58 | 000,000,000 | ---D | M] -- C:\Users\Fathima nabilah\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/03 10:38:51 | 000,000,000 | ---D | M] -- C:\Users\umm nabilah\AppData\Roaming\mozilla\Firefox\Profiles\uh06ruhq.default\extensions
[2009/09/02 21:04:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\umm nabilah\AppData\Roaming\mozilla\Firefox\Profiles\uh06ruhq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/21 04:22:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\umm nabilah\AppData\Roaming\mozilla\Firefox\Profiles\uh06ruhq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/12 21:57:12 | 000,000,000 | ---D | M] (Mario Forever Toolbar) -- C:\Users\umm nabilah\AppData\Roaming\mozilla\Firefox\Profiles\uh06ruhq.default\extensions\{707db484-2428-402d-afb5-d85b387544c7}
[2008/12/26 00:22:13 | 000,000,000 | ---D | M] -- C:\Users\umm nabilah\AppData\Roaming\mozilla\Firefox\Profiles\uh06ruhq.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/10/09 11:00:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/19 22:51:18 | 000,000,000 | ---D | M] (QuestDns) -- C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}
[2008/07/03 17:45:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\packardbell@partners.mozilla.com
[2010/07/16 02:46:44 | 000,083,248 | ---- | M] (Pinball Corporation.) -- C:\Program Files\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Azkary] File not found
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HBLiteSA] C:\Program Files\HBLite\bin\11.0.258.0\HBLiteSA.exe (Pinball Corporation.)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SymLnch] C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ggtkusk] File not found
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - AVGRSSTX.DLL (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\System32\ezShellStart.exe (EasyBits Software AS)
O20 - HKLM Winlogon: GinaDLL - (dwlgina2.dll) - dwlgina2.dll ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f9bfffbf-b3ef-11dd-ba76-00221547980a}\Shell\AutoRun\command - "" = zPharaoh.exe
O33 - MountPoints2\{f9bfffbf-b3ef-11dd-ba76-00221547980a}\Shell\explore\command - "" = zPharaoh.exe
O33 - MountPoints2\{f9bfffbf-b3ef-11dd-ba76-00221547980a}\Shell\open\command - "" = zPharaoh.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - MSh263.drv File not found
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/01 20:42:13 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2010/11/01 20:42:13 | 000,000,000 | ---D | C] -- \Malwarebytes
[2010/11/01 20:17:25 | 000,000,000 | ---D | C] -- C:\Users\umm nabilah\AppData\Local\VS Revo Group
[2010/11/01 20:14:41 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2010/11/01 20:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/10/31 20:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/10/31 20:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/10/30 15:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/10/30 15:13:18 | 000,000,000 | ---D | C] -- C:\Users\Fathima nabilah\AppData\Local\Microsoft Help
[2010/10/30 15:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/10/30 14:52:58 | 000,000,000 | ---D | C] -- C:\Users\umm nabilah\Desktop\Microsoft Office 2007
[2010/10/27 19:12:40 | 000,000,000 | ---D | C] -- C:\Users\umm nabilah\_hiddenPbk
[2010/10/25 05:38:03 | 000,000,000 | ---D | C] -- C:\Adobe
[2010/10/25 05:38:03 | 000,000,000 | ---D | C] -- \Adobe
[2010/10/19 18:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Dual Calendar System
[2010/10/16 13:04:26 | 000,000,000 | ---D | C] -- C:\Users\Fathima nabilah\AppData\Local\Yahoo
[2010/10/16 13:04:16 | 000,000,000 | ---D | C] -- C:\Users\umm nabilah\Desktop\Plugin
[2010/10/16 10:22:50 | 000,000,000 | ---D | C] -- C:\Users\umm nabilah\Desktop\New Folder
[2010/10/12 22:01:23 | 000,000,000 | ---D | C] -- C:\Users\umm nabilah\Desktop\_hiddenPbk
[2010/10/12 21:56:15 | 000,000,000 | ---D | C] -- C:\Users\umm nabilah\Desktop\Icons
[2010/10/09 10:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/10/09 10:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/10/09 10:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2008/11/28 21:34:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\umm nabilah\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\umm nabilah\Documents\*.tmp files -> C:\Users\umm nabilah\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/03 11:00:02 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-umm nabilah.job
[2010/11/03 10:38:02 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-636704442-1074723387-1432114481-1001UA.job
[2010/11/03 10:28:17 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/03 10:28:17 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/03 10:22:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/03 10:22:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/03 10:21:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/03 10:21:11 | 938,762,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/02 19:20:27 | 000,013,808 | ---- | M] () -- C:\Users\umm nabilah\Desktop\48905_1118651221_4021881_n.jpg
[2010/11/02 18:38:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-636704442-1074723387-1432114481-1001Core.job
[2010/11/01 20:14:55 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2010/11/01 07:10:45 | 000,396,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/31 21:07:12 | 000,000,000 | ---- | M] () -- C:\Users\umm nabilah\Documents\jmnb.docx
[2010/10/31 18:34:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/31 18:32:43 | 000,026,112 | ---- | M] () -- C:\Users\umm nabilah\Documents\At Taqwa.doc
[2010/10/31 18:32:43 | 000,000,162 | -H-- | M] () -- C:\Users\umm nabilah\Documents\~$ Taqwa.doc
[2010/10/31 18:31:41 | 000,000,162 | -H-- | M] () -- C:\Users\umm nabilah\Documents\~$childs manner of thinking can in some way affect the children.docx
[2010/10/31 18:29:18 | 000,010,030 | ---- | M] () -- C:\Users\umm nabilah\Documents\A childs manner of thinking can in some way affect the children.docx
[2010/10/31 18:25:52 | 000,009,893 | ---- | M] () -- C:\Users\umm nabilah\Documents\A childs manner of.docx
[2010/10/31 18:00:07 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for umm nabilah.job
[2010/10/30 21:58:11 | 000,002,305 | ---- | M] () -- C:\Users\umm nabilah\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/10/30 21:42:10 | 000,040,645 | ---- | M] () -- C:\Users\umm nabilah\Documents\A Apple.pptx
[2010/10/30 16:35:50 | 000,000,030 | ---- | M] () -- C:\Users\umm nabilah\Documents\MSO2057.acl
[2010/10/30 16:31:14 | 000,036,233 | ---- | M] () -- C:\Users\umm nabilah\Documents\Ball.pptx
[2010/10/30 16:30:12 | 000,015,261 | ---- | M] () -- C:\Users\umm nabilah\Documents\Normal.dotm
[2010/10/24 18:34:15 | 000,004,796 | ---- | M] () -- C:\Users\umm nabilah\Desktop\CV ENGLISH TEACHING.rtf
[2010/10/23 10:46:10 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/23 10:46:05 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/22 14:55:40 | 000,000,680 | ---- | M] () -- C:\Users\umm nabilah\AppData\Local\d3d9caps.dat
[2010/10/19 18:47:55 | 000,090,173 | ---- | M] () -- C:\Windows\Dual Calendar System Uninstaller.exe
[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/18 20:13:05 | 000,000,737 | ---- | M] () -- C:\Users\umm nabilah\Desktop\mafosav.INI
[2010/10/18 20:12:42 | 000,000,140 | ---- | M] () -- C:\Users\umm nabilah\Desktop\forevermopt.INI
[2010/10/12 21:58:46 | 000,001,345 | ---- | M] () -- C:\Users\umm nabilah\Desktop\Softendo Games World.lnk
[2010/10/06 18:17:01 | 001,442,085 | ---- | M] () -- C:\Users\umm nabilah\Desktop\Volume_18_(surahs_78-114).pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\umm nabilah\Documents\*.tmp files -> C:\Users\umm nabilah\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/02 19:19:18 | 000,013,808 | ---- | C] () -- C:\Users\umm nabilah\Desktop\48905_1118651221_4021881_n.jpg
[2010/11/01 20:14:55 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2010/10/31 21:07:09 | 000,000,000 | ---- | C] () -- C:\Users\umm nabilah\Documents\jmnb.docx
[2010/10/31 18:32:43 | 000,000,162 | -H-- | C] () -- C:\Users\umm nabilah\Documents\~$ Taqwa.doc
[2010/10/31 18:32:39 | 000,026,112 | ---- | C] () -- C:\Users\umm nabilah\Documents\At Taqwa.doc
[2010/10/31 18:31:41 | 000,000,162 | -H-- | C] () -- C:\Users\umm nabilah\Documents\~$childs manner of thinking can in some way affect the children.docx
[2010/10/31 18:29:14 | 000,010,030 | ---- | C] () -- C:\Users\umm nabilah\Documents\A childs manner of thinking can in some way affect the children.docx
[2010/10/31 18:25:24 | 000,009,893 | ---- | C] () -- C:\Users\umm nabilah\Documents\A childs manner of.docx
[2010/10/30 21:42:07 | 000,040,645 | ---- | C] () -- C:\Users\umm nabilah\Documents\A Apple.pptx
[2010/10/30 16:35:50 | 000,000,030 | ---- | C] () -- C:\Users\umm nabilah\Documents\MSO2057.acl
[2010/10/30 16:31:13 | 000,036,233 | ---- | C] () -- C:\Users\umm nabilah\Documents\Ball.pptx
[2010/10/30 16:30:07 | 000,015,261 | ---- | C] () -- C:\Users\umm nabilah\Documents\Normal.dotm
[2010/10/23 10:46:10 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/23 10:46:05 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/19 18:47:54 | 000,090,173 | ---- | C] () -- C:\Windows\Dual Calendar System Uninstaller.exe
[2010/10/12 21:56:31 | 000,001,345 | ---- | C] () -- C:\Users\umm nabilah\Desktop\Softendo Games World.lnk
[2010/10/06 18:16:01 | 001,442,085 | ---- | C] () -- C:\Users\umm nabilah\Desktop\Volume_18_(surahs_78-114).pdf
[2010/08/08 21:43:36 | 000,000,000 | ---- | C] () -- C:\Users\umm nabilah\AppData\Local\prvlcl.dat
[2010/05/15 15:41:25 | 000,000,680 | ---- | C] () -- C:\Users\Fathima nabilah\AppData\Local\d3d9caps.dat
[2010/04/07 22:33:54 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2010/04/07 22:33:54 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009/04/28 21:19:34 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/04/25 10:31:49 | 000,039,936 | ---- | C] () -- C:\Windows\System32\dwlgina2.dll
[2009/04/21 21:52:34 | 000,022,328 | ---- | C] () -- C:\Users\umm nabilah\AppData\Roaming\PnkBstrK.sys
[2009/04/10 19:34:19 | 938,762,240 | -HS- | C] () --
[2009/04/01 14:12:32 | 000,000,552 | ---- | C] () -- C:\Users\Fathima nabilah\AppData\Local\d3d8caps.dat
[2009/03/18 15:23:35 | 000,376,832 | ---- | C] () -- C:\Windows\System32\M2000Twn.dll
[2009/03/18 15:23:27 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CompressATI2.dll
[2008/11/28 21:35:27 | 000,000,033 | ---- | C] () -- C:\Users\umm nabilah\AppData\Roaming\pcouffin.log
[2008/11/28 21:34:04 | 000,087,608 | ---- | C] () -- C:\Users\umm nabilah\AppData\Roaming\inst.exe
[2008/11/28 21:34:04 | 000,007,887 | ---- | C] () -- C:\Users\umm nabilah\AppData\Roaming\pcouffin.cat
[2008/11/28 21:34:04 | 000,001,144 | ---- | C] () -- C:\Users\umm nabilah\AppData\Roaming\pcouffin.inf
[2008/11/20 15:59:24 | 000,001,068 | ---- | C] () -- C:\Users\Fathima nabilah\AppData\Roaming\wklnhst.dat
[2008/11/20 13:54:49 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/10/26 12:12:12 | 000,070,656 | ---- | C] () -- C:\Users\Fathima nabilah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/05 17:17:34 | 1252,544,512 | -HS- | C] () --
[2008/07/04 02:13:31 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/07/03 17:49:17 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/07/03 17:40:01 | 000,000,426 | ---- | C] () -- \RHDSetup.log
[2008/07/03 09:50:21 | 000,333,203 | RHS- | C] () -- \bootmgr
[2008/05/07 10:08:26 | 000,000,208 | ---- | C] () -- \files.crc
[2007/12/12 14:44:44 | 000,466,944 | ---- | C] () -- C:\Windows\System32\RemoveDevice.dll
[2007/05/30 09:54:10 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys

========== Custom Scans ==========


< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 04:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/07/04 02:13:31 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/02/29 11:19:54 | 000,000,208 | ---- | M] () -- C:\files.crc
[2010/11/03 10:21:11 | 938,762,240 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/07 22:33:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/07 22:33:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/11/03 10:21:09 | 1252,544,512 | -HS- | M] () -- C:\pagefile.sys
[2008/07/03 17:41:23 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log

< %PROGRAMFILES%*. >
[2009/08/06 23:28:25 | 000,000,000 | ---D | M] -- C:\Program Files\3
[2010/10/25 06:22:15 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/04/11 08:33:39 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/07/28 17:24:52 | 000,000,000 | ---D | M] -- C:\Program Files\arab_media
[2009/01/07 18:43:07 | 000,000,000 | ---D | M] -- C:\Program Files\Athan
[2009/03/03 18:14:07 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/07/04 18:51:03 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2010/10/30 16:44:50 | 000,000,000 | ---D | M] -- C:\Program Files\Azkary
[2010/04/25 13:32:34 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/10/31 20:38:41 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/07/06 23:38:08 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2008/07/03 18:25:00 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/04/28 21:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2009/04/28 21:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Toolbar
[2010/10/19 18:47:12 | 000,000,000 | ---D | M] -- C:\Program Files\Dual Calendar System
[2009/03/19 22:17:49 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2008/11/09 23:58:20 | 000,000,000 | ---D | M] -- C:\Program Files\EasyBits For Kids
[2010/11/01 18:56:51 | 000,000,000 | ---D | M] -- C:\Program Files\Etisalat USB modem
[2009/05/03 19:51:10 | 000,000,000 | ---D | M] -- C:\Program Files\EyesDropper
[2010/07/26 10:48:35 | 000,000,000 | ---D | M] -- C:\Program Files\File Shredder
[2009/07/04 12:47:28 | 000,000,000 | ---D | M] -- C:\Program Files\FunWebProducts
[2010/10/31 18:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/07/27 15:58:23 | 000,000,000 | ---D | M] -- C:\Program Files\HBLite
[2008/07/03 17:45:23 | 000,000,000 | ---D | M] -- C:\Program Files\HDReg
[2009/03/08 22:24:38 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/03/08 22:00:06 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/09/22 19:29:26 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/10/19 18:00:42 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/01/26 19:55:19 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/03/20 22:43:18 | 000,000,000 | ---D | M] -- C:\Program Files\IslamicByte
[2009/01/26 19:55:59 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/09/22 20:35:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/02/14 18:53:45 | 000,000,000 | ---D | M] -- C:\Program Files\Kutchka
[2010/09/22 20:31:11 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2009/04/11 16:45:46 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/23 10:45:25 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2009/02/21 02:21:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 14:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/10/31 21:04:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2008/07/03 18:20:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2010/10/01 10:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/10/31 20:38:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/10/31 21:05:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2010/10/31 20:36:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/07/03 18:12:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 05:30:09 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/09 10:58:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/10/31 20:36:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/10/30 15:00:41 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/12/15 23:38:41 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/10/31 17:42:10 | 000,000,000 | ---D | M] -- C:\Program Files\MyRealGames.com
[2009/07/04 12:47:22 | 000,000,000 | ---D | M] -- C:\Program Files\MyWebSearch
[2008/07/03 17:57:38 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/07/03 17:59:49 | 000,000,000 | ---D | M] -- C:\Program Files\NeroInstall.bak
[2010/10/30 17:23:42 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Internet Security
[2010/10/30 17:37:51 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.3
[2010/10/31 17:41:05 | 000,000,000 | ---D | M] -- C:\Program Files\Packard Bell
[2010/08/03 21:14:48 | 000,000,000 | ---D | M] -- C:\Program Files\Paltalk Messenger
[2010/10/30 17:53:34 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2010/10/30 17:53:09 | 000,000,000 | ---D | M] -- C:\Program Files\Playalot Games
[2009/01/26 19:50:46 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/04/07 22:19:17 | 000,000,000 | ---D | M] -- C:\Program Files\Quran_in_Word
[2009/10/25 19:07:36 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/04/13 15:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\RealArcade
[2008/07/03 17:40:19 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2006/11/02 14:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/01/26 19:30:26 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/04/14 11:33:22 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2008/07/03 17:46:12 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
[2008/07/03 17:39:05 | 000,000,000 | ---D | M] -- C:\Program Files\SiS VGA Utilities
[2008/07/03 18:25:34 | 000,000,000 | ---D | M] -- C:\Program Files\Skype
[2009/04/11 17:36:40 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/07/26 10:40:45 | 000,000,000 | ---D | M] -- C:\Program Files\Sure Delete
[2008/07/03 17:39:26 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/03/18 16:03:03 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/04/08 13:03:16 | 000,000,000 | ---D | M] -- C:\Program Files\Tux4kids
[2006/11/02 14:58:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/04/28 00:34:35 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/11/01 20:14:39 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2008/01/21 04:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/01/21 04:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/01/21 04:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/08/01 00:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/01/18 01:11:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/05/12 14:30:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/08/14 00:06:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 14:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/21 04:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/21 04:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/07/25 13:23:11 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/08/27 14:46:51 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/04/11 12:14:14 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs
[2009/08/06 23:33:26 | 000,000,000 | ---D | M] -- C:\Program Files\ZTE_MF6X6_USB_MODEM_1.2050.0.6

Invalid Environment Variable: appdata


< MD5 for: AGP440.SYS >
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/21 04:32:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys
[2008/01/21 04:32:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 04:32:45 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 11:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USBSTOR.SYS >
[2008/01/21 04:32:50 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/01/21 04:32:50 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/21 04:32:50 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/11 06:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 10:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< End of report >

Only one notepad application came up. Saying OTL.TXT.

What should i do?

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5041

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

04/11/2010 10:25:32
mbam-log-2010-11-04 (10-25-32).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 311384
Time elapsed: 2 hour(s), 44 minute(s), 39 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 25
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 26
Files Infected: 47

Memory Processes Infected:
C:\Program Files\HBLite\bin\11.0.258.0\HBLiteSA.exe (Adware.Hotbar) -> No action taken.

Memory Modules Infected:
c:\program files\HBLite\bin\11.0.258.0\hblitesahook.dll (Adware.Hotbar) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\hbliteax.info (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{6f098504-cdb1-420f-a2e6-ddc0b835fedf} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d1ec4ca-4b92-4324-b8f8-c9a6ed06a8ae} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4d1ec4ca-4b92-4324-b8f8-c9a6ed06a8ae} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4e674574-3f0b-491d-8ae3-f90b43a34fd6} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4e674574-3f0b-491d-8ae3-f90b43a34fd6} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hbliteax.info.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hbliteax.userprofiles (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hbliteax.userprofiles.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\setup.mynshandler (Spyware.AdaEbook) -> No action taken.
HKEY_CLASSES_ROOT\shopperreports.reporter (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\shopperreports.reporter.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e8cfc029-8420-4eae-adef-915bdc77e1dc} (Spyware.AdaEbook) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> No action taken.
HKEY_CURRENT_USER\Software\hblitesa (Adware.HotBar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\HBLite (Adware.HotBar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HBLiteSA (Adware.HotBar) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hblitesa (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\srs_it_e879027fb37659543fae94 (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\hblite@hblite.com (Adware.HotBar) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> No action taken.
C:\Users\umm nabilah\AppData\Roaming\HBLite (Adware.Hotbar) -> No action taken.
C:\ProgramData\HBLiteSA (Adware.Hotbar) -> No action taken.
C:\Users\umm nabilah\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\HBLite (Adware.Hotbar) -> No action taken.
C:\Program Files\HBLite\bin (Adware.Hotbar) -> No action taken.
C:\Program Files\HBLite\bin\11.0.258.0 (Adware.Hotbar) -> No action taken.
C:\Program Files\HBLite\bin\11.0.258.0\firefox (Adware.Hotbar) -> No action taken.
C:\Program Files\HBLite\bin\11.0.258.0\firefox\extensions (Adware.Hotbar) -> No action taken.
C:\Program Files\HBLite\bin\11.0.258.0\firefox\extensions\plugins (Adware.Hotbar) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97} (Adware.QuestDns) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\chrome (Adware.QuestDns) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\defaults (Adware.QuestDns) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\defaults\preferences (Adware.QuestDns) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> No action taken.

Files Infected:
C:\Program Files\HBLite\bin\11.0.258.0\HBLiteSA.exe (Adware.Hotbar) -> No action taken.
c:\program files\HBLite\bin\11.0.258.0\hblitesahook.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\HBLite\bin\11.0.258.0\HBLiteSAAX.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\HBLite\bin\11.0.258.0\HBLiteUninstaller.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\HBLite\bin\11.0.258.0\LaunchHelp.dll (Adware.Seekmo) -> No action taken.
C:\Program Files\HBLite\bin\11.0.258.0\firefox\extensions\plugins\npclntax_HBLiteSA.dll (Adware.Hotbar) -> No action taken.
C:\Users\umm nabilah\Downloads\LimewireSetup.exe (Adware.HotBar) -> No action taken.
C:\Windows\Temp\QUEEB46.tmp\upgrade.exe (Adware.Dropper.Gen) -> No action taken.
C:\Windows\Temp\QUEFC1A.tmp\upgrade.exe (Adware.Dropper.Gen) -> No action taken.
C:\ProgramData\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> No action taken.
C:\ProgramData\HBLiteSA\HBLiteSAAbout.mht (Adware.Hotbar) -> No action taken.
C:\ProgramData\HBLiteSA\HBLiteSAau.dat (Adware.Hotbar) -> No action taken.
C:\ProgramData\HBLiteSA\HBLiteSAEULA.mht (Adware.Hotbar) -> No action taken.
C:\ProgramData\HBLiteSA\HBLiteSA_kyf.dat (Adware.Hotbar) -> No action taken.
C:\Program Files\HBLite\bin\11.0.258.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> No action taken.
C:\Program Files\HBLite\bin\11.0.258.0\firefox\extensions\install.rdf (Adware.Hotbar) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\chrome.manifest (Adware.QuestDns) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\install.rdf (Adware.QuestDns) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\chrome\questdns.jar (Adware.QuestDns) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\defaults\preferences\prefs.js (Adware.QuestDns) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> No action taken.

I used RKILL. This is the Log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as umm nabilah on 04/11/2010 at 13:28:04.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\umm nabilah\Downloads\rkill.com


Rkill completed on 04/11/2010 at 13:28:13.

The error box is still appearing when i start the laptop. I cannot do anything on office 2007 as it gives me these error boxs when i start up. And when i type anything the same error boxes comes up which stops me from typing. Then when i try to save the document, an error msg comes up (attached). PDF adobe also doesnt work.

Please help me, I have assignments to finish.

Thank you for your help!

Attached error boxes

The other error box

Hello.
Did you remove what MBAM found? the log says no action was taken.

Yes i removed them and deleted them after.

I did a quick scan and it found 0 infected items. What should i do now?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5041

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

04/11/2010 11:13:11
mbam-log-2010-11-04 (11-13-11).txt

Scan type: Quick scan
Objects scanned: 170018
Time elapsed: 27 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

I get a few error messages as i stated above in my posts, my laptop is slow. Its takes maybe 5 minutes to completely load everything. The situation is still the same despite the actions i have taken above. Please help

Please download SINO by Artellos.

• Save SINO to a place you can remember and run SINO.exe. (If you downloaded the ZIP version you will need to extract it first)
  
• Then please check the following checkboxes:
  

  Code:

  System Info
Services
Boot Check
Tasklist
Startup Items
Event Log
Hosts file
Routing Table
  
  
• Once checked, hit the Run Scan! button and wait for the program to finish the scan.
  
  
• A notepad window will pop up. Please copy all of the content into your next reply.

Note: If you try to interact with the program once it’s started scanning it might appear to hang. The scan however will continue.

System Investigator by Olrik
Log Created On: 1300_12-11-2010
SINO Version: 3.1.0.0

Total RAM: 894 MB | Free RAM: 215 MB | Pagefile Size: 1273 MB
C: | 35705 MB out of 104227 MB Free | Local Fixed Disk
D: | None | CD-ROM Disc
E: | None | CD-ROM Disc
F: | None | Removable Disk

<<<< System Information >>>>

Computer Name: CLAIRE
Username: umm nabilah
Language Setting: ENG
Windows Directory: C:\Windows
Windows Version: Windows Vista Service Pack 1
UAC Status: On
Windows Mode: Normal

<<<< Tasklist >>>>

[System Idle Process] - Process ID: 0
[System] - Process ID: 4
[smss.exe] - Process ID: 428
[C:\Windows\system32\csrss.exe] - Process ID: 496
[C:\Windows\system32\wininit.exe] - Process ID: 540
[C:\Windows\system32\csrss.exe] - Process ID: 552
[C:\Windows\system32\services.exe] - Process ID: 596
[C:\Windows\system32\lsass.exe] - Process ID: 612
[C:\Windows\system32\lsm.exe] - Process ID: 620
[C:\Windows\system32\winlogon.exe] - Process ID: 800
[C:\Windows\system32\svchost.exe] - Process ID: 952
[C:\Windows\system32\svchost.exe] - Process ID: 1012
[C:\Windows\System32\svchost.exe] - Process ID: 1052
[C:\Windows\System32\svchost.exe] - Process ID: 1160
[C:\Windows\System32\svchost.exe] - Process ID: 1220
[C:\Windows\system32\svchost.exe] - Process ID: 1260
[audiodg.exe] - Process ID: 1336
[C:\Windows\system32\SLsvc.exe] - Process ID: 1364
[C:\Windows\system32\svchost.exe] - Process ID: 1392
[C:\Windows\system32\svchost.exe] - Process ID: 1560
[C:\Windows\System32\spoolsv.exe] - Process ID: 1764
[C:\Windows\system32\svchost.exe] - Process ID: 1788
[C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] - Process ID: 1988
[C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe] - Process ID: 2008
[C:\Windows\system32\svchost.exe] - Process ID: 2020
[C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe] - Process ID: 276
[C:\Windows\system32\IoctlSvc.exe] - Process ID: 776
[C:\Windows\system32\svchost.exe] - Process ID: 892
[C:\PROGRA~1\AVG\AVG8\avgrsx.exe] - Process ID: 1108
[C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe] - Process ID: 1072
[C:\PROGRA~1\AVG\AVG8\avgnsx.exe] - Process ID: 1324
[C:\Windows\system32\svchost.exe] - Process ID: 1592
[C:\Windows\System32\StkCSrv.exe] - Process ID: 1716
[C:\Windows\System32\svchost.exe] - Process ID: 312
[C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe] - Process ID: 2096
[C:\PROGRA~1\AVG\AVG8\avgemc.exe] - Process ID: 2140
[C:\Program Files\AVG\AVG8\avgcsrvx.exe] - Process ID: 2260
[C:\Windows\system32\taskeng.exe] - Process ID: 2656
[C:\Windows\system32\Dwm.exe] - Process ID: 2748
[C:\Windows\Explorer.EXE] - Process ID: 2796
[C:\Program Files\Windows Defender\MSASCui.exe] - Process ID: 3168
[C:\Program Files\SiS VGA Utilities\SiSTray.exe] - Process ID: 3180
[C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] - Process ID: 3460
[C:\Windows\RtHDVCpl.exe] - Process ID: 3536
[C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe] - Process ID: 3648
[C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe] - Process ID: 3700
[C:\Program Files\CyberLink\PlayMovie\PMVService.exe] - Process ID: 3716
[C:\Program Files\Athan\Athan.exe] - Process ID: 3820
[C:\Program Files\iTunes\iTunesHelper.exe] - Process ID: 3900
[C:\Program Files\AVG\AVG8\avgtray.exe] - Process ID: 3908
[C:\Program Files\Java\jre6\bin\jusched.exe] - Process ID: 3932
[C:\Program Files\Common Files\Real\Update_OB\realsched.exe] - Process ID: 4052
[C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe] - Process ID: 4060
[C:\Windows\system32\wbem\unsecapp.exe] - Process ID: 4068
[C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe] - Process ID: 680
[C:\Windows\system32\wbem\wmiprvse.exe] - Process ID: 648
[C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe] - Process ID: 1424
[C:\Program Files\Windows Live\Messenger\msnmsgr.exe] - Process ID: 2156
[C:\Program Files\DAEMON Tools Lite\daemon.exe] - Process ID: 756
[C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe] - Process ID: 2232
[C:\Program Files\Paltalk Messenger\paltalk.exe] - Process ID: 1960
[C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE] - Process ID: 532
[C:\Program Files\Etisalat USB modem\Etisalat USB modem.exe] - Process ID: 3028
[C:\Program Files\Mozilla Firefox\firefox.exe] - Process ID: 1236
[C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe] - Process ID: 1272
[C:\Program Files\iPod\bin\iPodService.exe] - Process ID: 3452
[C:\PROGRA~1\Raptr\raptr.exe] - Process ID: 1444
[C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe] - Process ID: 2528
[C:\PROGRA~1\Raptr\raptr_im.exe] - Process ID: 3504
[C:\Program Files\Windows Media Player\wmpnscfg.exe] - Process ID: 6132
[C:\Program Files\Windows Media Player\wmpnetwk.exe] - Process ID: 4112
[C:\Program Files\Mozilla Firefox\plugin-container.exe] - Process ID: 5816
[C:\Windows\system32\taskeng.exe] - Process ID: 5000
[C:\Program Files\Mozilla Firefox\plugin-container.exe] - Process ID: 876
[C:\Users\UMMNAB~1\AppData\Local\Temp\SINO\SINO.exe] - Process ID: 4900
[C:\Windows\system32\wuauclt.exe] - Process ID: 4696
[C:\Windows\system32\WUDFHost.exe] - Process ID: 884
[C:\Windows\System32\mobsync.exe] - Process ID: 4672
[C:\Windows\system32\wbem\wmiprvse.exe] - Process ID: 5332

<<<< Startup Items >>>>

[OneNote 2007 Screen Clipper and Launcher.lnk] - - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[McAfee Security Scan Plus.lnk] - - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
[PalTalk.lnk] - - C:\Program Files\Paltalk Messenger\paltalk.exe
[Windows Defender] - - %ProgramFiles%\Windows Defender\MSASCui.exe -hide
[SiSTray] - - %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
[SynTPEnh] - - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[RtHDVCpl] - - RtHDVCpl.exe
[Skytel] - - Skytel.exe
[CarboniteSetupLite] - - "C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" /preinstalled
[PCMAgent] - - "C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe"
[CLMLServer] - - "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
[PlayMovie] - - "C:\Program Files\CyberLink\PlayMovie\PMVService.exe"
[toolbar_eula_launcher] - - C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
[Athan] - - C:\Program Files\Athan\Athan.exe
[QuickTime Task] - - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
[iTunesHelper] - - "C:\Program Files\iTunes\iTunesHelper.exe"
[AVG8_TRAY] - - C:\PROGRA~1\AVG\AVG8\avgtray.exe
[SunJavaUpdateSched] - - "C:\Program Files\Java\jre6\bin\jusched.exe"
[Adobe Reader Speed Launcher] - - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[TkBellExe] - - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[Azkary] - - C:\Program Files\Azkary\Azkary
[SymLnch] - - "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe" "C:\PROGRA~1\COMMON~1\SYMANT~1\SymSetup\{C1C18~1\Setup.exe" " /X"
[GrooveMonitor] - - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[SmpcSys] - - C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
[IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
[MsnMsgr] - - "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
[DAEMON Tools Lite] - - "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
[ggtkusk] - - rundll32.exe "C:\Users\umm nabilah\AppData\Roaming\ztvzb.dll",exefyl
[Messenger (Yahoo!)] - - "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
[Raptr] - - C:\PROGRA~1\Raptr\raptrstub.exe --startup
[FlashPlayerUpdate] - - C:\Windows\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin

<<<< MS Services >>>>

Windows Audio (Audiosrv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Background Intelligent Transfer Service (BITS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Computer Browser (Browser) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Bluetooth Support Service (BthServ) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k bthsvcs
Cryptographic Services (CryptSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
DCOM Server Process Launcher (DcomLaunch) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
DHCP Client (Dhcp) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
DNS Client (Dnscache) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
Extensible Authentication Protocol (EapHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows Event Log (Eventlog) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
COM+ Event System (EventSystem) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Server (LanmanServer) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Workstation (LanmanWorkstation) - Running [Auto | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k LocalService
TCP/IP NetBIOS Helper (lmhosts) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Network Connections (Netman) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Plug and Play (PlugPlay) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k DcomLaunch
IPsec Policy Agent (PolicyAgent) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Remote Access Connection Manager (RasMan) - Running [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Remote Procedure Call (RPC) (RpcSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k rpcss
Security Accounts Manager (SamSs) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Task Scheduler (Schedule) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Secondary Logon (seclogon) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
System Event Notification Service (SENS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Shell Hardware Detection (ShellHWDetection) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Print Spooler (Spooler) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\spoolsv.exe
SSDP Discovery (SSDPSRV) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Image Acquisition (WIA) (stisvc) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k imgsvc
Telephony (TapiSrv) - Running [Manual | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Terminal Services (TermService) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Themes (Themes) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Distributed Link Tracking Client (TrkWks) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
UPnP Device Host (upnphost) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Time (W32Time) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
WebClient (WebClient) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Management Instrumentation (Winmgmt) - Running [Auto | Stoppable | Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Media Player Network Sharing Service (WMPNetworkSvc) - Running [Manual | Stoppable | Not_Pausable] - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
Security Center (wscsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Windows Update (wuauserv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Driver Foundation - User-mode Driver Framework (wudfsvc) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Application Layer Gateway Service (ALG) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\alg.exe
Microsoft .NET Framework NGEN v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
COM+ System Application (COMSysApp) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Wired AutoConfig (dot3svc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Human Interface Device Access (hidserv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Health Key and Certificate Management (hkmsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows CardSpace (idsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Microsoft Office Groove Audit Service (Microsoft Office Groove Audit Service) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
Distributed Transaction Coordinator (MSDTC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\msdtc.exe
Windows Installer (msiserver) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\msiexec /V
Network Access Protection Agent (napagent) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Netlogon (Netlogon) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Net.Tcp Port Sharing Service (NetTcpPortSharing) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Microsoft Office Diagnostics Service (odserv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
Office Source Engine (ose) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Pml Driver HPZ12 (Pml Driver HPZ12) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k HPZ12
Protected Storage (ProtectedStorage) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
Remote Access Auto Connection Manager (RasAuto) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Routing and Remote Access (RemoteAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Remote Registry (RemoteRegistry) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k regsvc
Remote Procedure Call (RPC) Locator (RpcLocator) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\locator.exe
Smart Card (SCardSvr) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Internet Connection Sharing (ICS) (SharedAccess) - Stopped [Disabled | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Microsoft Software Shadow Copy Provider (swprv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k swprv
Volume Shadow Copy (VSS) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\vssvc.exe
WMI Performance Adapter (wmiApSrv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\wbem\WmiApSrv.exe

<<<< Non-MS Services >>>>

Application Experience (AeLookupSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Application Information (Appinfo) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Apple Mobile Device (Apple Mobile Device) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Windows Audio Endpoint Builder (AudioEndpointBuilder) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
AVG Free8 E-mail Scanner (avg8emc) - Running [Auto | Stoppable | Not_Pausable] - C:\PROGRA~1\AVG\AVG8\avgemc.exe
AVG Free8 WatchDog (avg8wd) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
Base Filtering Engine (BFE) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Diagnostic Policy Service (DPS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
ReadyBoost (EMDMgmt) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Easybits Shared Services for Windows (ezSharedSvc) - Running [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Function Discovery Resource Publication (FDResPub) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Group Policy Client (gpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
IKE and AuthIP IPsec Keying Modules (IKEEXT) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
IP Helper (iphlpsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetSvcs
iPod Service (iPod Service) - Running [Manual | Stoppable | Not_Pausable] - "C:\Program Files\iPod\bin\iPodService.exe"
CNG Key Isolation (KeyIso) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\lsass.exe
KtmRm for Distributed Transaction Coordinator (KtmRm) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Multimedia Class Scheduler (MMCSS) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Firewall (MpsSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) - Running [Auto | Stoppable | Not_Pausable] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
Network List Service (netprofm) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Network Location Awareness (NlaSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
NMIndexingService (NMIndexingService) - Running [Manual | Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"
Network Store Interface Service (nsi) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Program Compatibility Assistant Service (PcaSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
PLFlash DeviceIoControl Service (PLFlash DeviceIoControl Service) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\IoctlSvc.exe
User Profile Service (ProfSvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
SeaPort (SeaPort) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
Software Licensing (slsvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\SLsvc.exe
Secure Socket Tunneling Protocol Service (SstpSvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\StkCSrv.exe
Superfetch (SysMain) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Tablet PC Input Service (TabletInputService) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Desktop Window Manager Session Manager (UxSms) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Diagnostic System Host (WdiSystemHost) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Windows Error Reporting Service (WerSvc) - Running [Auto | Stoppable | Pausable] - C:\Windows\System32\svchost.exe -k WerSvcGroup
Windows Defender (WinDefend) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k secsvcs
WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) - Running [Manual | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
WLAN AutoConfig (Wlansvc) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Portable Device Enumerator Service (WPDBusEnum) - Running [Auto | Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Yahoo! Updater (YahooAUService) - Running [Auto | Stoppable | Not_Pausable] - "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
Certificate Propagation (CertPropSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
DFS Replication (DFSR) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\DFSR.exe
Function Discovery Provider Host (fdPHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
FLEXnet Licensing Service (FLEXnet Licensing Service) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
hpqcxs08 (hpqcxs08) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k hpdevmgmt
PnP-X IP Bus Enumerator (IPBusEnum) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Link-Layer Topology Discovery Mapper (lltdsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
McAfee Security Scan Component Host Service (McComponentHostService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe"
Microsoft iSCSI Initiator Service (MSiSCSI) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Net Driver HPZ12 (Net Driver HPZ12) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k HPZ12
Peer Networking Identity Manager (p2pimsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Peer Networking Grouping (p2psvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Performance Logs & Alerts (pla) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
PNRP Machine Name Publication Service (PNRPAutoReg) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Peer Name Resolution Protocol (PNRPsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Quality Windows Audio Video Experience (QWAVE) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Smart Card Removal Policy (SCPolicySvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k netsvcs
Windows Backup (SDRSVC) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k SDRSVC
Terminal Services Configuration (SessionEnv) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
SL UI Notification Service (SLUINotify) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
SNMP Trap (SNMPTRAP) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\snmptrap.exe
TPM Base Services (TBS) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Thread Ordering Server (THREADORDER) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalService
Windows Modules Installer (TrustedInstaller) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\servicing\TrustedInstaller.exe
Interactive Services Detection (UI0Detect) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\UI0Detect.exe
Virtual Disk (vds) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\vds.exe
Windows Connect Now - Config Registrar (wcncsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k LocalService
Windows Color System (WcsPlugInService) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k wcssvc
Diagnostic Service Host (WdiServiceHost) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k wdisvc
Windows Event Collector (Wecsvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k NetworkService
Problem Reports and Solutions Control Panel Support (wercplsupport) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k netsvcs
Windows Remote Management (WS-Management) (WinRM) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\System32\svchost.exe -k NetworkService
Parental Controls (WPCSvc) - Stopped [Manual | Not_Stoppable | Not_Pausable] - C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Windows Search (WSearch) - Stopped [Auto | Not_Stoppable | Not_Pausable] - C:\Windows\system32\SearchIndexer.exe /Embedding

<<<< bcdedit >>>>


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {06c1e3f2-495e-11dd-95ee-b4c0930ca3ad}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {bootloadersettings}
recoverysequence {572bcd56-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {06c1e3f2-495e-11dd-95ee-b4c0930ca3ad}
nx OptIn

<<<< Routing Table >>>>

===========================================================================
Interface List
46 ........................... Etisalat Internet
11 ...00 15 af c5 1c 2b ...... Atheros AR5007EG Wireless Network Adapter
10 ...00 22 15 47 98 0a ...... SiS191 Ethernet Controller
1 ........................... Software Loopback Interface 1
24 ...00 00 00 00 00 00 00 e0 isatap.{5F71DA2A-0FC3-462D-9568-6A76C8BB4604}
13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
12 ...00 00 00 00 00 00 00 e0 isatap.{5E49B5B1-AD25-4AEE-91E2-571DDF34DDBE}
14 ...00 00 00 00 00 00 00 e0 isatap.{47E19914-539C-40F3-8220-C083A2938802}
16 ...00 00 00 00 00 00 00 e0 isatap.{47E19914-539C-40F3-8220-C083A2938802}
25 ...00 00 00 00 00 00 00 e0 isatap.{5F71DA2A-0FC3-462D-9568-6A76C8BB4604}
26 ...00 00 00 00 00 00 00 e0 isatap.{BE8BC94A-FD0C-4CBE-B85F-C8876DECE0B8}
27 ...00 00 00 00 00 00 00 e0 isatap.{BE8BC94A-FD0C-4CBE-B85F-C8876DECE0B8}
29 ...00 00 00 00 00 00 00 e0 isatap.{BE8BC94A-FD0C-4CBE-B85F-C8876DECE0B8}
32 ...00 00 00 00 00 00 00 e0 isatap.{BE8BC94A-FD0C-4CBE-B85F-C8876DECE0B8}
40 ...00 00 00 00 00 00 00 e0 isatap.{BE8BC94A-FD0C-4CBE-B85F-C8876DECE0B8}
44 ...00 00 00 00 00 00 00 e0 isatap.{BE8BC94A-FD0C-4CBE-B85F-C8876DECE0B8}
53 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #22
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 On-link 10.69.111.236 41
10.69.111.236 255.255.255.255 On-link 10.69.111.236 296
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 10.69.111.236 41
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 10.69.111.236 296
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

<<<< Hosts File >>>>

The HOSTS file is 736 Bytes in size.

There were 0 lines which refer to an external IP address.



------ End of File ------

what should i do?

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

I let the Eset scan run over night as it took a very long time and it found 6 threats,

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application cleaned by deleting - quarantined
C:\Users\Fathima Nabilah\Downloads\Guffins.exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined
C:\Users\Public\Desktop\eBay.url Win32/Adware.ADON application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MSZ1M1G\upgrade[1].cab multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MSZ1M1G\upgrade[2].cab multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NEDMLGSU\upgrade[1].cab multiple threats deleted - quarantined


However my laptop is still the same, The box still pops up and most of my applications are not working, i.e skype, microsoft word etc etc

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=56fe2804a535664e848d0063301efa7f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-20 01:52:40
# local_time=2010-11-20 03:52:40 (+0200, Egypt Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 50757138 50757138 0 0
# compatibility_mode=1028 16777213 100 95 7855905 54091875 0 0
# compatibility_mode=5892 16776573 100 95 36104 127717929 0 0
# compatibility_mode=8192 67108863 100 0 4434 4434 0 0
# compatibility_mode=9217 16777214 0 9 50740303 50743903 0 0
# scanned=181883
# found=6
# cleaned=6
# scan_time=32873
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.url Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Fathima Nabilah\Downloads\Guffins.exe a variant of Win32/AdInstaller application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Public\Desktop\eBay.url Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MSZ1M1G\upgrade[1].cab multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6MSZ1M1G\upgrade[2].cab multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NEDMLGSU\upgrade[1].cab multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

Please download and run this file: ftp://ftp.GeekPolice.net/GPUser/DragonMasterJay/fixthis.reg

Merge it to the Registry. Then, let me know if you can run programs.

Note: if downloading it via Firefox, right click on the download link and select "Save link as..." and choose to save it to your Desktop.

How to i merge to the registry?

When you double click on it, it will ask you to Merge. Proceed with the merging.

It asks me to run the file the it informs me that i am about to add some information and it can unintentionally change components of the computer........, do you want to continue?


Then i click yes, then it says "ERROR: Cannot import "c://////Destination, fixthis", Not all data was written into the registry. Some keys are open by the system or other processes.

Theres nothing i can do!

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Then, please try again.

I started up inn safe mode and the same thing came up. The same error box

Please download DragonFix by DragonMaster Jay, and save it to your Desktop. Right click and Extract All, and save the files to your Desktop.

• Please disable realtime protection. The only realtime protection that gets in the way and need to be disabled: Windows Defender, Microsoft Security Essentials, Spybot TeaTimer, WinPatrol, and Ad-Aware AdWatch. If you have anyone of those, please disable them.
  
• Double-click DragonFix.reg, and follow the prompt(s).
  
• Please reboot your computer.

Let me know if it worked.

How do i disable windows defender?

I disabled it, it says error accessing registry when i run your file

Go to Start > Run, type in cmd and hit OK.

Type this in exactly and post the log:

reg query="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" > log.txt && log.txt

Error invalid argument, i copied and pasted it and pressed enter and it says its invalid, no log.
Thank you for trying! Its giving me some hope. No programs work now. Skype, word, paltalk etc

Note: the following tool is to only be used under the guidance of a malware helper. In the event you already have the tool, please delete the old copy and download a new copy.

Please download ComboFix from BleepingComputer.com

Alternate link: Forospyware.com (Click the green button on the page to download it).


Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\combo-fix.exe" /killall
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista, so it will just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

I tried to uninstall superspyware but it would not allow me like adobe, word and skype hence i can not run this program! One thing after another

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
    
  • Press Run Scan to start the scan.
    
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    
  • Copy this file to your USB drive if you do not have internet connection on this system
    
  • Please post the contents of the OTL.txt file in your reply.

Still with us?