1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malaware or messed OS requiring reinstallation?

Discussion in 'Virus & Other Malware Removal' started by fatemeh, Jan 21, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. fatemeh

    fatemeh Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    3
    I have read the the advice for people requiring help and tried the following:
    1. Hijack - worked fine, logs attached
    2. DDS - not supported by my Windows 64-bit
    3. GMER - caused a system reboot (2 attempts, causing Asus Gate to display error message 'Installation incomplete'). I ran OTL instead.
    The problems started today: I was unable to run IE as well as the IE addon in Firefox, unable to install any new application (error message about Windows Installer not being accessible), unable to run system restore (the application window opens but the content is not displayed, same for User Accounts). I can only access the applications in use visa Alt-Tab rather than from the taskbar. Microsoft Outlook is not receiving any new messages. I wonder whether this is botched uninstal which will require a system reinstallation or whether my PC is infected.

    Thanks in advance for looking at this.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:14:28, on 21/01/2013
    Platform: Windows 2003 SP2 (WinNT 5.02.3790)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\ASUS.SYS\config\DVMExportService.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files (x86)\Java\jre6\bin\jqs.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
    C:\WINDOWS\SysWOW64\ctfmon.exe
    C:\Program Files\ASUS\Six Engine\SixEngine.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
    C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
    C:\Program Files (x86)\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Anyuser\Desktop\cbsidlm-tr1_10a-Hijack_Hunter_Portable-ORG-75317329.exe
    C:\Documents and Settings\Anyuser\Desktop\HiJackThis.exe

    F2 - REG:system.ini: UserInit=userinit
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -b
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
    O4 - HKLM\..\Run: [TurboV Help] "C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe"
    O4 - HKLM\..\Run: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\HDADeck\HDeck.exe" 1
    O4 - HKLM\..\Run: [VIAJDS] "C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe"
    O4 - HKLM\..\Run: [ASUS Update Checker] C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
    O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
    O4 - HKUS\S-1-5-21-2418687655-667931980-1501772065-1002\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
    O15 - ESC Trusted Zone: http://runonce.msn.com
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269655813718
    O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342209662109
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: acaptuser32.dll
    O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
    O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
    O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
    O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
    O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: Samsung Drive Manager Service (SZDrvSvc) - Clarus, Inc. - C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
    O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

    --
    End of file - 9445 bytes


    StartupList report, 21/01/2013, 21:15:47
    StartupList version: 1.52.2
    Started from : C:\Documents and Settings\Anyuser\Desktop\HiJackThis.EXE
    Detected: Windows 2003 SP2 (WinNT 5.02.3790)
    Detected: Internet Explorer v8.00 (8.00.6001.18702)
    * Using default options
    ==================================================

    Running processes:

    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\ASUS.SYS\config\DVMExportService.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files (x86)\Java\jre6\bin\jqs.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
    C:\WINDOWS\SysWOW64\ctfmon.exe
    C:\Program Files\ASUS\Six Engine\SixEngine.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
    C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
    C:\Program Files (x86)\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Anyuser\Desktop\cbsidlm-tr1_10a-Hijack_Hunter_Portable-ORG-75317329.exe
    C:\Documents and Settings\Anyuser\Desktop\HiJackThis.exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = userinit

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Six Engine = "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -b
    (Default) =
    NPSStartup =
    SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    JMB36X IDE Setup = C:\WINDOWS\RaidTool\xInsIDE.exe
    StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    TurboV EVO = "C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe" -b
    TurboV Help = "C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe"
    HDAudDeck = "C:\Program Files (x86)\VIA\VIAudioi\HDADeck\HDeck.exe" 1
    VIAJDS = "C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe"
    ASUS Update Checker = C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    PeerBlock = C:\Program Files\PeerBlock\peerblock.exe
    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    =

    --------------------------------------------------

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\SysWOW64\mshta.exe "%1" %*

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=acaptuser32.dll

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    AcroIEHelperStub - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    (no name) - C:\Program Files (x86)\Java\jre6\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (no name) - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
    (no name) - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
    JQSIEStartDetectorImpl - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
    SmartSelect - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll - {F4971EE7-DAA0-4053-9964-665D8EE6A077}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    User_Feed_Synchronization-{6668A471-6047-493B-8B5E-328365D5B30E}.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
    CODEBASE = http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

    [DLM Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX
    CODEBASE = http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab

    [WUWebControl Class]
    InProcServer32 = C:\WINDOWS\SysWow64\wuweb.dll
    CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269655813718

    [MksSkanerOnline Class]
    InProcServer32 = C:\WINDOWS\SysWow64\SkanerOnline.dll
    CODEBASE = http://www.mks.com.pl/skaner/SkanerOnline.cab

    [MUWebControl Class]
    InProcServer32 = C:\WINDOWS\SysWow64\muweb.dll
    CODEBASE = http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342209662109

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #4: C:\WINDOWS\system32\wshbth.dll

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\syswow64\SHELL32.dll
    CDBurn: C:\WINDOWS\syswow64\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\SysWOW64\stobject.dll

    --------------------------------------------------
    End of report, 7,648 bytes
    Report generated in 0.031 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  2. fatemeh

    fatemeh Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    3
    OTL logfile created on: 21/01/2013 21:18:46 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Anyuser\Desktop
    64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.99 Gb Total Physical Memory | 2.89 Gb Available Physical Memory | 72.34% Memory free
    5.73 Gb Paging File | 4.90 Gb Available in Paging File | 85.45% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.75 Gb Total Space | 293.33 Gb Free Space | 62.98% Space Free | Partition Type: NTFS
    Drive G: | 465.76 Gb Total Space | 9.12 Gb Free Space | 1.96% Space Free | Partition Type: NTFS

    Computer Name: UZI | User Name: Anyuser | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/21 21:18:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anyuser\Desktop\OTL.exe
    PRC - [2013/01/21 21:13:33 | 000,635,864 | ---- | M] () -- C:\Documents and Settings\Anyuser\Desktop\cbsidlm-tr1_10a-Hijack_Hunter_Portable-ORG-75317329.exe
    PRC - [2013/01/19 19:05:05 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/07/13 17:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
    PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
    PRC - [2009/09/10 10:34:12 | 007,322,624 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
    PRC - [2009/09/09 17:02:26 | 006,060,032 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
    PRC - [2009/08/19 19:12:08 | 001,043,968 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
    PRC - [2009/08/19 11:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    PRC - [2009/07/17 15:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/21 21:14:03 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Anyuser\Local Settings\Temp\nsw1D.tmp\customNsWeb.dll
    MOD - [2013/01/21 21:14:03 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Anyuser\Local Settings\Temp\nsw1D.tmp\CustomBrandingURL.dll
    MOD - [2013/01/21 21:14:03 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\Anyuser\Local Settings\Temp\nsw1D.tmp\ButtonEvent.dll
    MOD - [2013/01/21 21:13:58 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Anyuser\Local Settings\Temp\nsw1D.tmp\FloatingProgress.dll
    MOD - [2013/01/21 21:13:57 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Anyuser\Local Settings\Temp\nsw1D.tmp\LuaBridge.dll
    MOD - [2013/01/21 21:13:57 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Anyuser\Local Settings\Temp\nsw1D.tmp\System.dll
    MOD - [2013/01/21 21:13:33 | 000,635,864 | ---- | M] () -- C:\Documents and Settings\Anyuser\Desktop\cbsidlm-tr1_10a-Hijack_Hunter_Portable-ORG-75317329.exe
    MOD - [2013/01/19 19:05:05 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2013/01/03 06:19:04 | 000,163,920 | ---- | M] () -- C:\Documents and Settings\Anyuser\Local Settings\Temp\nsw1D.tmp\lua51.dll
    MOD - [2012/10/23 17:35:38 | 000,293,888 | ---- | M] () -- C:\Documents and Settings\Anyuser\Local Settings\Temp\nsw1D.tmp\luacom.dll
    MOD - [2012/04/01 03:44:50 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Anyuser\Local Settings\Temp\nsw1D.tmp\LuaSocket\socket\core.dll
    MOD - [2012/04/01 03:44:50 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\Anyuser\Local Settings\Temp\nsw1D.tmp\LuaSocket\mime\core.dll
    MOD - [2012/04/01 03:44:50 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Anyuser\Local Settings\Temp\nsw1D.tmp\LuaXml_lib.dll
    MOD - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
    MOD - [2009/08/27 19:41:46 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\pngio.dll
    MOD - [2009/08/27 19:41:46 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll
    MOD - [2009/05/22 14:16:58 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
    MOD - [2009/04/22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\AsusService.dll
    MOD - [2008/12/10 20:04:54 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\pngio.dll
    MOD - [2006/01/10 08:50:20 | 000,024,576 | R--- | M] () -- C:\WINDOWS\SysWOW64\AsIO.dll
    MOD - [2005/03/25 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\SysWOW64\msdmo.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2011/01/12 11:09:36 | 003,134,792 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
    SRV:64bit: - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
    SRV - [2013/01/19 19:05:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/07/13 17:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
    SRV - [2010/08/18 00:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
    SRV - [2010/08/07 11:17:13 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/08/19 11:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2009/07/17 15:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
    SRV - [2008/07/25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/02/17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
    SRV - [2006/10/18 20:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/11/06 22:24:34 | 000,021,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
    DRV - [2012/12/15 01:42:52 | 000,099,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Documents and Settings\Anyuser\Local Settings\Application Data\Temp\mvd23.sys -- (mvd23)
    DRV - [2012/12/15 01:42:51 | 000,020,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Documents and Settings\Anyuser\Local Settings\Application Data\Temp\mdf16.sys -- (mdf16)
    DRV - [2010/06/14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\TFsExDisk.Sys -- (TFsExDisk)
    DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWow64\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2005/03/25 12:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
    DRV - [2005/03/25 12:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKLM\..\SearchScopes,DefaultScope = ???????????????????
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\䙻㠰䍃〰ⴴ㍃㍂㐭䔵ⴳ㈹䄸㜭㌱䉂㕃䄳䅁終: "URL" = www.shareware-pl.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2418687655-667931980-1501772065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-2418687655-667931980-1501772065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2418687655-667931980-1501772065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKU\S-1-5-21-2418687655-667931980-1501772065-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 19 05 B1 84 D5 CA 01 [binary data]
    IE - HKU\S-1-5-21-2418687655-667931980-1501772065-1002\..\SearchScopes,DefaultScope = {E309E4C1-AEF3-4139-9812-470482E4FED3}
    IE - HKU\S-1-5-21-2418687655-667931980-1501772065-1002\..\SearchScopes\{E24FF3BA-8987-460E-A6E3-1DE9C4BE1953}: "URL" = http://www.imdb.com/find?q={searchTerms}
    IE - HKU\S-1-5-21-2418687655-667931980-1501772065-1002\..\SearchScopes\{E309E4C1-AEF3-4139-9812-470482E4FED3}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKU\S-1-5-21-2418687655-667931980-1501772065-1002\..\SearchScopes\{EFD36D41-3547-4D77-B967-5C4E43FE1780}: "URL" = http://www.panthermedia.net/index2.php?page=showPictures_container.php&ajax_off=true&searchwords={searchTerms}&search_update=1&logincount=1&current=0
    IE - HKU\S-1-5-21-2418687655-667931980-1501772065-1002\..\SearchScopes\䙻㠰䍃〰ⴴ㍃㍂㐭䔵ⴳ㈹䄸㜭㌱䉂㕃䄳䅁終: "URL" = www.shareware-pl.com
    IE - HKU\S-1-5-21-2418687655-667931980-1501772065-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "www.gazeta.pl"
    FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
    FF - prefs.js..extensions.enabledAddons: en-GB%40dictionaries.addons.mozilla.org:1.19.1
    FF - prefs.js..extensions.enabledAddons: fr-moderne%40dictionaries.addons.mozilla.org:4.3
    FF - prefs.js..extensions.enabledAddons: pl%40dictionaries.addons.mozilla.org:1.0.20110621
    FF - prefs.js..extensions.enabledAddons: printPages2Pdf%40reinhold.ripper:0.1.8.0
    FF - prefs.js..extensions.enabledAddons: %7Baab35b56-0206-4472-9993-9cb5c09bb722%7D:1.5.5
    FF - prefs.js..extensions.enabledAddons: %7Bac2cfa60-bc96-11e0-962b-0800200c9a66%7D:1.4
    FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
    FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
    FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
    FF - prefs.js..extensions.enabledAddons: autopager%40mozilla.org:0.8.0.8
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
    FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1.0
    FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
    FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8
    FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:3.10.7.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: [email protected]:0.79
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0.20110621
    FF - prefs.js..extensions.enabledItems: [email protected]:2.4
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll File not found

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/02/07 19:58:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 19:05:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/12 13:55:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: E:\ThunderbirdPortable\App\Thunderbird\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: E:\ThunderbirdPortable\App\Thunderbird\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/02/07 19:58:04 | 000,000,000 | ---D | M]

    [2011/11/27 18:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anyuser\Application Data\Mozilla\Extensions
    [2013/01/21 21:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Anyuser\Application Data\Mozilla\Firefox\Profiles\63wqc995.default\extensions
    [2012/12/30 23:08:57 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Anyuser\Application Data\Mozilla\Firefox\Profiles\63wqc995.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    [2012/08/27 21:02:43 | 000,000,000 | ---D | M] (Snip It! Button for eBay) -- C:\Documents and Settings\Anyuser\Application Data\Mozilla\Firefox\Profiles\63wqc995.default\extensions\{aab35b56-0206-4472-9993-9cb5c09bb722}
    [2011/11/27 18:50:57 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Anyuser\Application Data\Mozilla\Firefox\Profiles\63wqc995.default\extensions\[email protected]
    [2011/11/27 18:32:02 | 000,000,000 | ---D | M] (Dictionnaire français «Classique & Réforme 1990») -- C:\Documents and Settings\Anyuser\Application Data\Mozilla\Firefox\Profiles\63wqc995.default\extensions\[email protected](2).org
    [2011/11/27 18:50:57 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Documents and Settings\Anyuser\Application Data\Mozilla\Firefox\Profiles\63wqc995.default\extensions\[email protected]
    [2012/05/08 20:24:41 | 000,000,000 | ---D | M] (Polski slownik poprawnej pisowni) -- C:\Documents and Settings\Anyuser\Application Data\Mozilla\Firefox\Profiles\63wqc995.default\extensions\[email protected]
    [2012/06/13 18:40:38 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Documents and Settings\Anyuser\Application Data\Mozilla\Firefox\Profiles\63wqc995.default\extensions\[email protected]
    [2012/06/07 21:42:07 | 000,025,781 | ---- | M] () (No name found) -- C:\Documents and Settings\Anyuser\Application Data\Mozilla\Firefox\Profiles\63wqc995.default\extensions\[email protected]
    [2013/01/04 23:01:21 | 000,347,340 | ---- | M] () (No name found) -- C:\Documents and Settings\Anyuser\Application Data\Mozilla\Firefox\Profiles\63wqc995.default\extensions\[email protected]
    [2012/08/03 18:30:55 | 000,044,967 | ---- | M] () (No name found) -- C:\Documents and Settings\Anyuser\Application Data\Mozilla\Firefox\Profiles\63wqc995.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi
    [2012/11/23 20:19:18 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Anyuser\Application Data\Mozilla\Firefox\Profiles\63wqc995.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012/09/13 18:42:20 | 000,698,867 | ---- | M] () (No name found) -- C:\Documents and Settings\Anyuser\Application Data\Mozilla\Firefox\Profiles\63wqc995.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2013/01/11 20:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/01/11 20:16:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2013/01/11 20:16:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/01/11 20:16:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012/07/11 19:47:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2013/01/19 19:05:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/11/20 22:39:51 | 000,001,738 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/08/28 22:14:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/11/20 22:39:51 | 000,001,148 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/11/20 22:39:51 | 000,001,379 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/10/31 21:26:34 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2012/11/20 22:39:51 | 000,001,334 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

    Hosts file not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3:64bit: - HKU\S-1-5-21-2418687655-667931980-1501772065-1002\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
    O3 - HKU\S-1-5-21-2418687655-667931980-1501772065-1002\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ASUS Update Checker] C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe ()
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\Six Engine\SixEngine.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [TurboV Help] C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [VIAJDS] C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe (TODO: <Company name>)
    O4 - HKU\S-1-5-21-2418687655-667931980-1501772065-1002..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
    O4 - HKU\.DEFAULT..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
    O4 - HKU\S-1-5-18..\RunOnce: [TSClientMSIUninstaller] C:\WINDOWS\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
    O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2418687655-667931980-1501772065-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
    O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - %SystemRoot%\system32\wshbth.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - %SystemRoot%\system32\mswsock.dll File not found
    O16:64bit: - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x64/client/wuweb_site.cab?1269713708046 (WUWebControl Class)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab (DLM Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269655813718 (WUWebControl Class)
    O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342209662109 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E95AF9D-092C-431F-AD0D-5A0D38297268}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
    O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
    O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
    O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
    O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
    O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
    O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
    O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
    O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
    O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
    O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
    O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
    O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
    O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
    O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
    O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
    O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
    O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
    O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
    O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - File not found
    O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
    O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
    O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: System - (lsass.exe) - File not found
    O20 - HKLM Winlogon: UserInit - (userinit) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
    O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
    O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
    O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
    O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
    O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
    O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
    O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
    O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
    O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
    O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
    O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
    O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
    O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
    O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
    O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
    O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
    O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
    O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
    O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Windows XP.bmp
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/03/27 01:07:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{9eb13ac6-52a6-11e2-8bee-e0cb4e1bb678}\Shell - "" = AutoRun
    O33 - MountPoints2\{9eb13ac6-52a6-11e2-8bee-e0cb4e1bb678}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9eb13ac6-52a6-11e2-8bee-e0cb4e1bb678}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (OODBS)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/21 21:18:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anyuser\Desktop\OTL.exe
    [2013/01/21 19:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anyuser\Desktop\backups
    [2013/01/21 19:50:41 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Anyuser\Desktop\HiJackThis.exe
    [2013/01/21 18:09:08 | 004,232,976 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\Anyuser\Desktop\fseasyclean.exe
    [2013/01/21 18:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anyuser\Application Data\QuickScan
    [2013/01/21 17:19:58 | 005,442,160 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Anyuser\Desktop\Windows8-UpgradeAssistant.exe
    [2013/01/21 12:59:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Anyuser\Start Menu\Programs\Administrative Tools
    [2013/01/21 11:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SubEdit-Player
    [2013/01/21 11:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SubEdit-Player
    [2013/01/21 11:42:23 | 007,923,239 | ---- | C] (Artur Sikora ) -- C:\Documents and Settings\Anyuser\Desktop\subedit+codecpack_b4072_install.exe
    [2013/01/21 11:06:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anyuser\Desktop\dance tunes
    [2013/01/21 00:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anyuser\Application Data\PDAppFlex
    [2013/01/20 23:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2013/01/12 13:57:11 | 000,114,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\acaptuser32.dll
    [2013/01/11 20:16:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/12/30 22:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anyuser\Application Data\HTC
    [2012/12/30 22:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anyuser\Local Settings\Application Data\Apple Computer
    [2012/12/30 22:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anyuser\Application Data\Apple Computer
    [2012/12/30 22:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HTC
    [2012/12/30 22:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anyuser\My Documents\HTC
    [2012/12/30 22:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motorola
    [2012/12/30 22:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
    [3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/21 21:20:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6668A471-6047-493B-8B5E-328365D5B30E}.job
    [2013/01/21 21:18:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anyuser\Desktop\OTL.exe
    [2013/01/21 21:13:33 | 000,635,864 | ---- | M] () -- C:\Documents and Settings\Anyuser\Desktop\cbsidlm-tr1_10a-Hijack_Hunter_Portable-ORG-75317329.exe
    [2013/01/21 21:11:35 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
    [2013/01/21 21:05:38 | 000,071,131 | ---- | M] () -- C:\Documents and Settings\Anyuser\Desktop\2013-01-21_210532.jpg
    [2013/01/21 21:00:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/01/21 19:50:41 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Anyuser\Desktop\HiJackThis.exe
    [2013/01/21 19:39:37 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
    [2013/01/21 19:39:37 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
    [2013/01/21 18:09:08 | 004,232,976 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\Anyuser\Desktop\fseasyclean.exe
    [2013/01/21 17:57:59 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Anyuser\Desktop\HiJackThis.msi
    [2013/01/21 17:19:59 | 005,442,160 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Anyuser\Desktop\Windows8-UpgradeAssistant.exe
    [2013/01/21 15:07:30 | 061,106,230 | ---- | M] () -- C:\Documents and Settings\Anyuser\Desktop\Firefox 18.0.1 (en-GB) - 2013-01-21.pcv
    [2013/01/21 12:11:22 | 000,002,436 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/01/21 11:42:29 | 007,923,239 | ---- | M] (Artur Sikora ) -- C:\Documents and Settings\Anyuser\Desktop\subedit+codecpack_b4072_install.exe
    [2013/01/21 11:41:17 | 000,167,424 | ---- | M] () -- C:\Documents and Settings\Anyuser\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/01/20 23:06:09 | 000,012,975 | -HS- | M] () -- C:\Documents and Settings\Anyuser\Desktop\Folder.jpg
    [2013/01/20 23:06:09 | 000,002,891 | -HS- | M] () -- C:\Documents and Settings\Anyuser\Desktop\AlbumArtSmall.jpg
    [2013/01/14 22:39:06 | 000,074,952 | ---- | M] () -- C:\Documents and Settings\Anyuser\Desktop\LGBT handout 4 Support.jpg
    [2013/01/14 22:32:19 | 000,068,443 | ---- | M] () -- C:\Documents and Settings\Anyuser\Desktop\LGBT handout 3 Legislation.jpg
    [2013/01/14 22:17:15 | 000,082,331 | ---- | M] () -- C:\Documents and Settings\Anyuser\Desktop\LGBT handout 2 CPD.jpg
    [2013/01/14 22:16:39 | 000,101,481 | ---- | M] () -- C:\Documents and Settings\Anyuser\Desktop\LGBT handout 1.jpg
    [2013/01/12 09:31:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
    [2013/01/10 19:33:01 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\Anyuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2013/01/09 20:28:28 | 000,602,144 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
    [2013/01/02 23:31:26 | 000,062,640 | ---- | M] () -- C:\Documents and Settings\Anyuser\My Documents\KLM ROYAL DUTCH AIRLINES Baggage policy.jpg
    [2013/01/02 23:27:44 | 000,047,677 | ---- | M] () -- C:\Documents and Settings\Anyuser\Desktop\2013-01-02_232742.jpg
    [2013/01/02 20:59:32 | 000,080,359 | ---- | M] () -- C:\Documents and Settings\Anyuser\Desktop\MAN9010 Leadership & Management Training Suite for First Line Manag.pdf
    [2013/01/01 19:49:34 | 005,727,285 | ---- | M] () -- C:\Documents and Settings\Anyuser\Desktop\veryandroid-sms-backup.zip
    [2012/12/31 20:45:15 | 000,006,438 | ---- | M] () -- C:\Documents and Settings\Anyuser\Desktop\paybill 5425981015868638.pdf
    [3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/21 21:13:32 | 000,635,864 | ---- | C] () -- C:\Documents and Settings\Anyuser\Desktop\cbsidlm-tr1_10a-Hijack_Hunter_Portable-ORG-75317329.exe
    [2013/01/21 21:05:38 | 000,071,131 | ---- | C] () -- C:\Documents and Settings\Anyuser\Desktop\2013-01-21_210532.jpg
    [2013/01/21 17:57:58 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Anyuser\Desktop\HiJackThis.msi
    [2013/01/21 15:06:58 | 061,106,230 | ---- | C] () -- C:\Documents and Settings\Anyuser\Desktop\Firefox 18.0.1 (en-GB) - 2013-01-21.pcv
    [2013/01/21 14:56:37 | 013,144,064 | ---- | C] () -- C:\Documents and Settings\Anyuser\Desktop\XP Repair Pro.msi
    [2013/01/20 23:06:08 | 000,012,975 | -HS- | C] () -- C:\Documents and Settings\Anyuser\Desktop\Folder.jpg
    [2013/01/20 23:06:08 | 000,002,891 | -HS- | C] () -- C:\Documents and Settings\Anyuser\Desktop\AlbumArtSmall.jpg
    [2013/01/14 22:39:06 | 000,074,952 | ---- | C] () -- C:\Documents and Settings\Anyuser\Desktop\LGBT handout 4 Support.jpg
    [2013/01/14 22:32:19 | 000,068,443 | ---- | C] () -- C:\Documents and Settings\Anyuser\Desktop\LGBT handout 3 Legislation.jpg
    [2013/01/14 22:17:15 | 000,082,331 | ---- | C] () -- C:\Documents and Settings\Anyuser\Desktop\LGBT handout 2 CPD.jpg
    [2013/01/14 22:16:39 | 000,101,481 | ---- | C] () -- C:\Documents and Settings\Anyuser\Desktop\LGBT handout 1.jpg
    [2013/01/02 23:31:26 | 000,062,640 | ---- | C] () -- C:\Documents and Settings\Anyuser\My Documents\KLM ROYAL DUTCH AIRLINES Baggage policy.jpg
    [2013/01/02 23:27:44 | 000,047,677 | ---- | C] () -- C:\Documents and Settings\Anyuser\Desktop\2013-01-02_232742.jpg
    [2013/01/02 20:59:32 | 000,080,359 | ---- | C] () -- C:\Documents and Settings\Anyuser\Desktop\MAN9010 Leadership & Management Training Suite for First Line Manag.pdf
    [2013/01/01 19:49:20 | 005,727,285 | ---- | C] () -- C:\Documents and Settings\Anyuser\Desktop\veryandroid-sms-backup.zip
    [2012/12/31 21:22:28 | 000,001,559 | ---- | C] () -- C:\Documents and Settings\Anyuser\Desktop\Samsung Drive Manager.lnk
    [2012/12/31 20:45:15 | 000,006,438 | ---- | C] () -- C:\Documents and Settings\Anyuser\Desktop\paybill 5425981015868638.pdf
    [2012/06/14 21:35:51 | 000,000,035 | ---- | C] () -- C:\WINDOWS\ZipPwdDecry.INI
    [2012/06/14 21:20:30 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Anyuser\ziprecovery.ini
    [2012/06/14 21:18:41 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Anyuser\rarrecovery.ini
    [2012/03/12 19:57:46 | 000,028,672 | ---- | C] () -- C:\Program Files (x86)\Employee Performance Review.xlt
    [2012/01/11 19:07:05 | 000,098,344 | ---- | C] () -- C:\WINDOWS\unTMV.exe
    [2012/01/10 19:20:08 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\Anyuser\RPDLX2011.lic
    [2012/01/10 19:07:01 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\Anyuser\rpdeluxe.properties
    [2010/11/27 14:36:29 | 000,009,391 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profile.ini
    [2010/08/10 21:43:23 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Anyuser\Application Data\$_hpcst$.hpc
    [2010/05/26 18:02:02 | 000,059,014 | ---- | C] () -- C:\Documents and Settings\Anyuser\peerblock.dmp
    [2010/04/11 20:37:47 | 000,011,114 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MainApp.dll
    [2010/03/27 18:08:03 | 000,167,424 | ---- | C] () -- C:\Documents and Settings\Anyuser\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2010/03/27 11:38:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = %SystemRoot%\system32\shdocvw.dll
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2009/12/18 17:57:16 | 001,519,104 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\WINDOWS\system32\wbem\fastprox.dll
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 19:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\WINDOWS\system32\wbem\wbemess.dll
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

    < End of report >



    OTL Extras logfile created on: 21/01/2013 21:18:46 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Anyuser\Desktop
    64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.99 Gb Total Physical Memory | 2.89 Gb Available Physical Memory | 72.34% Memory free
    5.73 Gb Paging File | 4.90 Gb Available in Paging File | 85.45% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.75 Gb Total Space | 293.33 Gb Free Space | 62.98% Space Free | Partition Type: NTFS
    Drive G: | 465.76 Gb Total Space | 9.12 Gb Free Space | 1.96% Space Free | Partition Type: NTFS

    Computer Name: UZI | User Name: Anyuser | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
    .ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
    .url [@ = InternetShortcut] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
    .js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
    .jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
    .txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
    .vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
    .vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
    .wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
    .wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-2418687655-667931980-1501772065-1002\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
    inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
    inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
    inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
    InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
    InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
    vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
    vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
    vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
    vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
    wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
    wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
    wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
    wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1

    ========== System Restore Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    "C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\Anyuser\My Documents\Downloads\utorrent.exe" = C:\Documents and Settings\Anyuser\My Documents\Downloads\utorrent.exe:*:Enabled:µTorrent
    "C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
    "C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019
    "C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\Anyuser\My Documents\Downloads\utorrent.exe" = C:\Documents and Settings\Anyuser\My Documents\Downloads\utorrent.exe:*:Enabled:µTorrent
    "C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
    "C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files (x86)\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{114A24E4-6BD3-108B-098C-7C46653803FB}" = ccc-utility64
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{587F20B7-4193-4400-B404-C6E3E1919BCA}" = ESET NOD32 Antivirus
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
    "{7AA6F1A2-6A65-4A3A-AC62-4445704B04E3}" = O&O Defrag Professional
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
    "BurnInTest_is1" = BurnInTest v6.0 Pro
    "ie8" = Windows Internet Explorer 8
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
    "PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit)
    "Process_Hacker_is1" = Process Hacker 1.11
    "RTNUninstXPPCIE" = Realtek PCIE Ethernet Controller Windows Driver
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows x64 Service Pack" = Windows XP Service Pack 2
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11-64" = Windows Media Format 11 runtime
    "wmp11-64" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0CE473E5-4187-4D59-8CC0-0983395B37DC}" = GoGear SA19xx Device Manager
    "{1035B082-201E-466E-9084-D096589C05CD}" = PWN Oxford Dictionary
    "{14419689-3D49-AF3F-EDF5-04A33DE8EB8A}" = ccc-core-static
    "{175D57A5-6173-E842-7308-80E45013D986}" = CCC Help English
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
    "{27C0A1E5-8B0E-569B-3217-5E6AF7E5AA38}" = Catalyst Control Center Localization All
    "{2975AAEF-F2A6-0792-617D-32CDC190F9D4}" = ccc-core-preinstall
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
    "{3DEB070F-8374-99EA-5B45-0F7BE15789B9}" = CCC Help German
    "{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
    "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{753FDD4C-EA72-53BF-D0E8-B2AFA1EB43C9}" = Catalyst Control Center Graphics Light
    "{7645A1AD-89E8-2B0E-21E9-7C1C37C99F55}" = CCC Help Portuguese
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
    "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}" = Samsung Drive Manager
    "{AC76BA86-1033-F400-7761-000000000004}_953" = Adobe Acrobat 9.5.3 - CPSID_83708
    "{AD916296-98BE-3AA7-92BC-4C49299D176C}" = Catalyst Control Center HydraVision Full
    "{C43BC692-0EA4-D228-4EC7-7E718AA9C653}" = Catalyst Control Center Core Implementation
    "{C4C1945F-0D89-E953-AA69-ECDAC6331C68}" = Catalyst Control Center Graphics Full New
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CC94D741-E899-E2D1-C938-C6CC44F70F55}" = Catalyst Control Center Graphics Full Existing
    "{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
    "{D25C56CE-F4B9-6D6B-CF24-8543A2710083}" = CCC Help French
    "{E23CF225-98FA-9E85-6DA4-51B1D425E896}" = Catalyst Control Center InstallProxy
    "{E3B514ED-85EC-D06C-2C09-C996C9706470}" = CCC Help Spanish
    "{E72B75A2-3960-395B-4F5D-9800B8207D62}" = CCC Help Italian
    "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F2E9E142-B162-8DFE-DAB2-CD5EF6D05804}" = Catalyst Control Center Graphics Previews Common
    "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
    "FastStone Capture" = FastStone Capture 6.6
    "FLV Player2.0.25" = FLV Player
    "HijackThis" = HijackThis 2.0.2
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "IrfanView" = IrfanView (remove only)
    "MainApp.exe_is1" = BlazeDVDCopy 4.1.0.23
    "MozBackup" = MozBackup 1.5.1
    "Mozilla Firefox 18.0.1 (x86 en-GB)" = Mozilla Firefox 18.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
    "Mp3tag" = Mp3tag v2.47b
    "RAR Password Recovery v2.0_is1" = RAR Password Recovery v2.0
    "Recover My Files_is1" = Recover My Files
    "Recovery Toolbox for Outlook_is1" = Recovery Toolbox for Outlook 1.0
    "SkanerOnline" = mks_vir - online scanner
    "SubEdit-Player_is1" = SubEdit-Player
    "uTorrent" = µTorrent
    "VideoGet_is1" = Nuclear Coffee - VideoGet
    "VLC media player" = VLC media player 1.1.11
    "ZIP Password Recovery v2.0_is1" = ZIP Password Recovery v2.0

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 21/01/2013 16:48:24 | Computer Name = UZI | Source = VSS | ID = 17
    Description =

    Error - 21/01/2013 16:48:24 | Computer Name = UZI | Source = VSS | ID = 8193
    Description =

    Error - 21/01/2013 16:49:25 | Computer Name = UZI | Source = WinMgmt | ID = 28
    Description =

    Error - 21/01/2013 17:00:12 | Computer Name = UZI | Source = Userenv | ID = 1090
    Description = Windows couldn't log the RSoP (Resultant Set of Policies) session
    status. An attempt to connect to WMI failed. No more RSoP logging will be done for
    this application of policy.

    Error - 21/01/2013 17:01:28 | Computer Name = UZI | Source = EventSystem | ID = 4610
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80040155 from line 150 of d:\nt\com\complus\src\events\tier2\service.cpp.
    This may indicate that the COM+ Event System is not properly installed. Please
    try reinstalling the COM+ Event Syste

    Error - 21/01/2013 17:01:32 | Computer Name = UZI | Source = SecurityCenter | ID = 1802
    Description =

    Error - 21/01/2013 17:01:32 | Computer Name = UZI | Source = EventSystem | ID = 4610
    Description = The COM+ Event System detected a bad return code during its internal
    processing. HRESULT was 80040155 from line 44 of d:\nt\com\complus\src\events\tier1\eventsystemobj.cpp.
    This may indicate that the COM+ Event System is not properly installed. Please
    try reinstalling the COM+ Event Syste

    Error - 21/01/2013 17:01:32 | Computer Name = UZI | Source = VSS | ID = 17
    Description =

    Error - 21/01/2013 17:01:32 | Computer Name = UZI | Source = VSS | ID = 8193
    Description =

    Error - 21/01/2013 17:02:33 | Computer Name = UZI | Source = WinMgmt | ID = 28
    Description =

    [ System Events ]
    Error - 13/01/2013 07:45:29 | Computer Name = UZI | Source = Service Control Manager | ID = 7024
    Description = The Routing and Remote Access service terminated with service-specific
    error 340 (0x154).

    Error - 14/01/2013 14:48:02 | Computer Name = UZI | Source = Service Control Manager | ID = 7024
    Description = The Routing and Remote Access service terminated with service-specific
    error 340 (0x154).

    Error - 14/01/2013 16:00:27 | Computer Name = UZI | Source = Service Control Manager | ID = 7024
    Description = The Routing and Remote Access service terminated with service-specific
    error 340 (0x154).

    Error - 15/01/2013 15:21:45 | Computer Name = UZI | Source = Service Control Manager | ID = 7024
    Description = The Routing and Remote Access service terminated with service-specific
    error 340 (0x154).

    Error - 16/01/2013 07:38:00 | Computer Name = UZI | Source = Service Control Manager | ID = 7024
    Description = The Routing and Remote Access service terminated with service-specific
    error 340 (0x154).

    Error - 17/01/2013 14:52:15 | Computer Name = UZI | Source = Service Control Manager | ID = 7024
    Description = The Routing and Remote Access service terminated with service-specific
    error 340 (0x154).

    Error - 18/01/2013 14:50:23 | Computer Name = UZI | Source = Service Control Manager | ID = 7024
    Description = The Routing and Remote Access service terminated with service-specific
    error 340 (0x154).

    Error - 19/01/2013 13:36:24 | Computer Name = UZI | Source = Service Control Manager | ID = 7024
    Description = The Routing and Remote Access service terminated with service-specific
    error 340 (0x154).

    Error - 21/01/2013 09:04:10 | Computer Name = UZI | Source = sptd | ID = 262148
    Description = Driver detected an internal error in its data structures for .

    Error - 21/01/2013 17:04:47 | Computer Name = UZI | Source = System Error | ID = 1003
    Description = Error code 0000000000000050, parameter1 fffffffffd602481, parameter2
    0000000000000001, parameter3 fffff80001081030, parameter4 0000000000000002.


    < End of report >
     
  3. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    fatemeh,
    Win2003 is a server operating system, not designed to run as a normal desktop system.
    There are very few tools able to fix it when used in this way.
    In this case, the use of utorrent has probably doomed the system.
    Even with your very good antivirus, there is no remedy for the things (good and evil) that installed P2P programs are authorized to do.
    It appears from your logs that you are likely to have the "Zero Access" rootkit, which requires a re-installation of the system to ever trust the system again.
    See:
    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Sirefef
    http://www.symantec.com/security_response/writeup.jsp?docid=2012-080900-3758-99


    In your case, I would suggest changing to any other operating system suitable for desktop use, and installing from scratch.
    (WinXP, Vista, Win7, Win8, Linux Mint,etc.)

    askey127
     
  4. fatemeh

    fatemeh Thread Starter

    Joined:
    Jan 21, 2013
    Messages:
    3
    Thank you for confirming this askey127, this is what I have suspected but hoped will not be the case. I guess I should be very careful with my P2P downloads in the future and have a good excuse to start my adventure with the new Windows OS :eek:
     
  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    fatemeh,
    Please be aware that NO downloads are safe with P2P.
    Criminals have loaded tens of thousands of infections into the free and file-share programs.
    P2P programs typically bypass the AV and firewall features when they run.
    Be smart and good luck.
    askey127
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086302

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice