# Uninstall Fixio PC cleaner



## speedyzap (Feb 26, 2006)

I have accidentally downloaded Fixio PC cleaner. I tried to stop the download but today it popped up as installed

It also appears to have a sub program which seems to have taken over my Firefox browser. I managed to uninstall the toolbar it installed but thats about all. But the Google search box appears different now

I can't see these new programs in all programs or add / remove programs

Can anyone assist?

Thanks


----------



## kevinf80 (Mar 21, 2006)

Run the following and post the logs..

Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.


 Please close all open programs and internet browsers.
 Double click on *Adwcleaner.exe* to run the tool.
 Click on *Delete*.
 Confirm each time with OK.
 Your computer will be rebooted automatically. A text file will open after the restart.
 Please post the content of that logfile in your reply.
 You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Next,

Download *OTL* from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)


 When the window appears, underneath *Output* at the top, make sure *Standard output* is selected.
 Select *Scan all users*
 Under the *Extra Registry* section, check *Use SafeList*
 In the lower right corner, checkmark *"LOP Check"* and checkmark *"Purity Check".*
 Click *Run Scan* and let the program run uninterrupted.
 When the scan is complete, two text files will be created on your Desktop.
 *OTL.Txt* <- this one will be opened
 *Extras.txt* <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply.

Post those logs..

Kevin


----------



## speedyzap (Feb 26, 2006)

*Logs for http://general-changelog-team.fr/fr/...e/2-adwcleaner posted as under (Note: Pressed DELETE button only once and auto rebooted):*

# AdwCleaner v2.106 - Logfile created 01/20/2013 at 18:42:31
# Updated 17/01/2013 by Xplode
# Operating system : Microsoft Windows XP (32 bits)
# User : PETER - PETER-OYOU4XROG
# Boot Mode : Normal
# Running from : C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3015261

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

-\\ Google Chrome v20.0.1132.57

*************************

AdwCleaner[R1].txt - [2697 octets] - [20/01/2013 18:25:20]
AdwCleaner[R2].txt - [2757 octets] - [20/01/2013 18:42:05]
AdwCleaner[S1].txt - [2593 octets] - [20/01/2013 18:42:31]

########## EOF - C:\AdwCleaner[S1].txt - [2653 octets] ##########


----------



## speedyzap (Feb 26, 2006)

*OTL.txt under:*

OTL logfile created on: 1/20/2013 8:01:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop
Windows XP Home Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.48 Mb Total Physical Memory | 546.11 Mb Available Physical Memory | 71.16% Memory free
1.83 Gb Paging File | 1.65 Gb Available in Paging File | 89.75% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 58.97 Gb Free Space | 46.08% Space Free | Partition Type: NTFS

Computer Name: PETER-OYOU4XROG | User Name: PETER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/20 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
PRC - [2012/05/30 04:12:49 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/04 18:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/08/27 20:34:00 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 06:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\mspmspsv.dll -- (WmdmPmSp)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/13 13:35:03 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/12/14 16:49:28 | 000,018,800 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/09 19:16:12 | 000,528,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/04/14 05:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/08 15:34:46 | 004,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2001/11/22 16:08:06 | 000,070,528 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttrak.sys -- (fasttrak)
DRV - [2001/08/18 00:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 23:12:02 | 000,063,208 | ---- | M] (Intel Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc21x4.sys -- (DC21x4)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Produtools Manuals 2.1 Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3209604&SearchSource=13&CUI=UN65949957198735637"
FF - prefs.js..extensions.enabledAddons: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3209604&SearchSource=2&CUI=UN65949957198735637&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/10/06 00:00:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/30 04:14:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 21:53:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/30 04:15:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/30 04:13:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/05/30 04:15:30 | 000,000,000 | ---D | M]

[2012/04/20 01:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions
[2012/04/20 01:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions\[email protected]
[2010/08/11 03:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions\[email protected]
[2013/01/18 18:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\extensions
[2013/01/18 17:19:27 | 000,001,100 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\searchplugins\produtools-manuals-21-customized-web-search.xml
[2011/12/30 08:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/30 04:14:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/06/16 21:53:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/30 04:13:07 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/11/05 14:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/05 14:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16299 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/12/14 20:47:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1659004503-362288127-839522115-1004..\Run: [Ellud] "C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Reec\isyn.exe" File not found
O4 - HKU\S-1-5-21-1659004503-362288127-839522115-1004..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Config.Msi\c2f98.rbf (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\DAN\Start Menu\Programs\Startup\DirectDVD Update Manager.lnk = C:\Program Files\Orion Studios HD\UpdateHD.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\PartyPoker\RunApp.exe ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} https://video.manheim.com/lib/LiveSound.dll (lgbplay Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {447F8438-8124-4369-905B-A249E13CBBFC} http://pickles.liveblockauctions.com/install/new/lgbkc.cab (LgbContent Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208852273484 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98A06A82-F53F-444E-B6B9-11259873A459}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/22 01:48:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/20 19:58:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
[2013/01/20 00:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp_files
[2013/01/18 19:09:54 | 003,362,744 | ---- | C] (http://www.maxuninstaller.com/ ) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MaxUninstaller_Setup.exe
[2013/01/16 01:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\WMTools Downloaded Files
[2013/01/15 00:54:05 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit.wu.FISC.156281598502540974.3.1.Run.exe
[2013/01/04 14:04:47 | 000,000,000 | ---D | C] -- C:\400489b79493023d5f
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/20 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
[2013/01/20 19:27:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/20 19:05:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/20 18:49:47 | 000,402,120 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/20 18:49:47 | 000,062,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/20 18:45:30 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1004.job
[2013/01/20 18:45:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/20 18:45:28 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1005.job
[2013/01/20 18:45:26 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\Iutndwc.job
[2013/01/20 18:45:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/20 18:25:06 | 000,574,677 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
[2013/01/20 17:00:14 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2013/01/20 01:46:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Windows Update.job
[2013/01/20 01:40:24 | 004,279,751 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Russia & the Jews.pdf
[2013/01/20 01:14:18 | 000,101,622 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Frankfurt School - Satanic Judaism in Action.eml
[2013/01/20 00:50:25 | 000,052,195 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp.htm
[2013/01/19 16:15:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1005.job
[2013/01/19 00:49:25 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1004.job
[2013/01/18 19:10:09 | 003,362,744 | ---- | M] (http://www.maxuninstaller.com/ ) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MaxUninstaller_Setup.exe
[2013/01/18 01:52:29 | 001,615,449 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DELONGHI PAC W150 ECO USER MANUAL GB-5751018800.pdf
[2013/01/15 00:54:10 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit.wu.FISC.156281598502540974.3.1.Run.exe
[2013/01/14 20:16:30 | 000,983,040 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit50777.msi
[2013/01/14 03:04:10 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/13 13:35:02 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/13 13:35:02 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/12 01:37:51 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\WindowsXP-KB942288-v3-x86.exe
[2013/01/03 01:52:10 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/03 01:52:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/20 18:24:54 | 000,574,677 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
[2013/01/20 01:40:07 | 004,279,751 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Russia & the Jews.pdf
[2013/01/20 01:14:18 | 000,101,622 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Frankfurt School - Satanic Judaism in Action.eml
[2013/01/20 00:50:24 | 000,052,195 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp.htm
[2013/01/18 01:52:28 | 001,615,449 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DELONGHI PAC W150 ECO USER MANUAL GB-5751018800.pdf
[2013/01/15 01:37:12 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Windows Update.job
[2013/01/14 20:16:25 | 000,983,040 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit50777.msi
[2013/01/12 01:35:56 | 003,327,000 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\WindowsXP-KB942288-v3-x86.exe
[2012/11/22 14:36:35 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\.backup.dm
[2012/07/21 16:44:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/07/21 16:44:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/07/21 16:43:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012/03/11 13:14:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/05 23:52:30 | 000,081,321 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2011/10/05 23:59:19 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/10/05 00:32:22 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2011/10/05 00:32:22 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2011/10/05 00:32:22 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2009/01/27 21:26:08 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/04/22 02:18:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2010/06/24 23:10:44 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 23:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 11:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/04/22 04:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/12/12 01:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/11/07 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/09/20 19:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2011/10/05 23:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2008/04/22 07:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/07/17 06:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2008/04/22 03:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/10/26 18:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyVirtualHome
[2010/07/25 13:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/05/29 20:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/20 01:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/02/19 04:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2008/10/20 20:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\Canon
[2008/04/22 09:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\Grisoft
[2009/07/17 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\LimeWire
[2008/07/16 15:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\MailFrontier
[2008/09/23 13:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\SharePod
[2012/01/13 13:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Canon
[2008/04/23 22:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Grisoft
[2008/07/21 18:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\MailFrontier
[2010/05/30 11:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\NCH Swift Sound
[2010/05/30 11:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Recordpad
[2010/07/11 13:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\SharePod
[2010/07/24 13:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Babylon
[2012/06/20 15:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Canon
[2010/05/29 19:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\FreeAudioPack
[2008/04/22 16:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Grisoft
[2009/09/03 17:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\LimeWire
[2008/07/19 13:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\MailFrontier
[2010/07/25 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\NCH Swift Sound
[2008/07/12 18:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\PowerChallenge
[2010/05/30 08:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Recordpad
[2009/07/27 13:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\SharePod
[2009/01/21 10:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Thunderbird
[2010/07/24 23:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\uTorrent
[2009/11/24 12:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Xtranormal
[2008/06/24 18:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Grisoft
[2008/11/07 13:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\MailFrontier
[2008/04/25 03:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Canon
[2008/04/22 07:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Grisoft
[2008/05/31 04:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\LimeWire
[2008/04/22 03:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\MailFrontier
[2008/04/23 00:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Thunderbird
[2012/07/30 22:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Azcu
[2011/11/07 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Canon
[2011/10/05 01:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\CheckPoint
[2012/12/11 20:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Ifcaeb
[2012/11/23 11:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\LimeWire
[2011/10/06 00:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\MailFrontier
[2009/10/26 19:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\MyVirtualHome
[2010/05/29 23:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\NCH Swift Sound
[2010/05/29 23:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Recordpad
[2012/07/31 02:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Reec
[2010/05/07 22:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\SharePod
[2008/06/12 18:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Thunderbird
[2012/04/20 01:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\TomTom
[2012/07/31 01:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Uplui
[2012/12/11 02:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\WinBatch
[2010/12/16 14:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\WinPatrol
[2012/12/11 15:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Yqih

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >


----------



## speedyzap (Feb 26, 2006)

*Extras.txt under:* *(Let me know what next?)*

OTL Extras logfile created on: 1/20/2013 8:01:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop
Windows XP Home Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.48 Mb Total Physical Memory | 546.11 Mb Available Physical Memory | 71.16% Memory free
1.83 Gb Paging File | 1.65 Gb Available in Paging File | 89.75% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 58.97 Gb Free Space | 46.08% Space Free | Partition Type: NTFS

Computer Name: PETER-OYOU4XROG | User Name: PETER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40589552-3892-409E-B92C-9F5032A4B2F0}" = Safari
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{901B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{919F3D91-8374-410F-932B-A126F2C85426}" = e-tax 2009
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}" = e-tax 2012
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6BEB5BC-5386-4AF9-ADF2-8451BEB2A48B}" = Video Piggy
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AlphaBrowser v.1.3" = AlphaBrowser v.1.3
"ArcSoft PhotoBase" = ArcSoft PhotoBase
"audcle" = Plus! MP3 Audio Converter LE
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon ScanGear Toolbox 3.1" = Canon ScanGear Toolbox 3.1
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP6e.DLL" = Canon PIXMA iP1000
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DBX Viewer Free_is1" = DBX Viewer Free 1.0
"DirectDVD 6 HD" = DirectDVD 6 HD
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"Easy Outlook Express Repair_is1" = Easy Outlook Express Repair 1.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"ESET Online Scanner" = ESET Online Scanner v3
"e-tax 2008" = e-tax 2008
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Kernel for Outlook Express Evaluation Version_is1" = Kernel for Outlook Express Evaluation ver 9.04.01
"LimeWire" = LimeWire 5.5.14
"Mah Jong Quest_is1" = Mah Jong Quest
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyTomTom" = MyTomTom 3.2.0.802
"Outlook Express Backup Wizard_is1" = Outlook Express Backup Wizard version 1.1
"PhotoRecord" = Canon PhotoRecord
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.90
"SCRABBLE  Journey" = SCRABBLE  Journey
"TomTom HOME" = TomTom HOME 2.8.3.2499
"UT2004-Demo" = Unreal Tournament 2004 Demo
"wa2wmp" = Windows Media Player Skin Importer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm Security Suite" = ZoneAlarm Security Suite
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2013 10:17:14 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application pip.exe, version 6.0.907.0, faulting module openscn6.dll,
version 6.0.907.0, fault address 0x000081bb.

Error - 1/12/2013 4:40:38 AM | Computer Name = PETER-OYOU4XROG | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2013 4:40:40 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 13.0.1.4548, faulting
module xul.dll, version 13.0.1.4548, fault address 0x009c72c0.

Error - 1/13/2013 9:25:45 AM | Computer Name = PETER-OYOU4XROG | Source = Windows Update Agent | ID = 16
Description =

Error - 1/15/2013 9:36:34 AM | Computer Name = PETER-OYOU4XROG | Source = Windows Update Agent | ID = 16
Description =

Error - 1/15/2013 1:28:55 PM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/15/2013 1:31:47 PM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/17/2013 9:36:35 AM | Computer Name = PETER-OYOU4XROG | Source = Windows Update Agent | ID = 16
Description =

Error - 1/18/2013 12:47:14 AM | Computer Name = PETER-OYOU4XROG | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2013 9:36:36 AM | Computer Name = PETER-OYOU4XROG | Source = Windows Update Agent | ID = 16
Description =

[ System Events ]
Error - 1/19/2013 6:47:05 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%5

Error - 1/19/2013 6:47:05 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1083

Error - 1/19/2013 6:47:05 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7023
Description = The Portable Media Serial Number service terminated with the following
error: %%126

Error - 1/20/2013 3:45:31 AM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon iP4200 failed to initialize because a suitable Canon
iP4200 driver could not be found.

Error - 1/20/2013 3:45:31 AM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon PIXMA iP1000 failed to initialize because a suitable
Canon PIXMA iP1000 driver could not be found.

Error - 1/20/2013 3:45:31 AM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 1/20/2013 3:46:55 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The MBAMScheduler service failed to start due to the following error:
%%5

Error - 1/20/2013 3:46:55 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The MBAMService service failed to start due to the following error:
%%5

Error - 1/20/2013 3:46:55 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1083

Error - 1/20/2013 3:46:55 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7023
Description = The Portable Media Serial Number service terminated with the following
error: %%126

< End of report >


----------



## kevinf80 (Mar 21, 2006)

Run the following:

Re-Run







by double left click, Vista and Widows 7 users accept UAC alert.

Under the







box at the bottom, paste in the following


```
:OTL
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3209604&SearchSource=13&CUI=UN65949957198735637"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3209604&SearchSource=2&CUI=UN65949957198735637&q="
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found	
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/10/06 00:00:01 | 000,000,000 | ---D | M]
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKU\S-1-5-21-1659004503-362288127-839522115-1004..\Run: [Ellud] "C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Reec\isyn.exe" File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

Next,

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed:

Download Malwarebytes from one of the following links and save it to your desktop.:

http://www.malwarebytes.org/mbam.php 
http://www.softpedia.com/get/Antivirus/Malwarebytes-Anti-Malware.shtml
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Next,

Download Security Check by screen317 from either of the following: 
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post those logs, also give an update on current issues/concerns..

Kevin


----------



## speedyzap (Feb 26, 2006)

Did the OTL Run Fix
Note: For some reason on auto reboot my PC just hung there not totally rebooting. I let it try automatically for 10 mins and then knew something was wrong and then I hit the re-boot button myself. I should point out that I probably have several corruptions in my HD Windows XP Home OS that makes some operations fail or complex. 
I also noted a command to create a new restore point. Restore point is also corrupted> I tried a restore point myself about 3 days ago and it failed and also showed no restore points in calender. I just went into restore point to see if yours went in and I see 20 Jan 2013 as a restore point but text to the right says no current restore point available. I also believe I have a windows* installer *corruption. My XP Home has not been updating for some long time also. Anyway...
(Note: Will do the Malware Bytes request next)
(Note: Trusting my Zone Alarm Security Suite has not been affected by the OTL kill commands?)
Then after re-boot the following log came up:

All processes killed
========== OTL ==========
Prefs.js: "http://search.conduit.com/?ctid=CT3209604&SearchSource=13&CUI=UN65949957198735637" removed from browser.startup.homepage
Prefs.js: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.152.14 removed from extensions.enabledItems
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3209604&SearchSource=2&CUI=UN65949957198735637&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\ not found.
C:\Program Files\CheckPoint\ZAForceField\TrustChecker\components folder moved successfully.
C:\Program Files\CheckPoint\ZAForceField\TrustChecker\chrome folder moved successfully.
C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin folder moved successfully.
C:\Program Files\CheckPoint\ZAForceField\TrustChecker folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1659004503-362288127-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Ellud deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ deleted successfully.
File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll File not found not found.
C:\WINDOWS\System32\SET514.tmp deleted successfully.
C:\WINDOWS\System32\SET518.tmp deleted successfully.
C:\WINDOWS\System32\SET519.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:242231A9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8AA8E0FE deleted successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Temp folder emptied: 0 bytes

User: BEC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DAN
->Temp folder emptied: 2309330 bytes
->Temporary Internet Files folder emptied: 318339795 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 243851011 bytes
->Google Chrome cache emptied: 360816105 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 17281 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: DIANE
->Temp folder emptied: 100684887 bytes
->Temporary Internet Files folder emptied: 524967696 bytes
->Java cache emptied: 3917811 bytes
->FireFox cache emptied: 260004549 bytes
->Google Chrome cache emptied: 392814626 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 237672 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: PETER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: PETER.PETER-OYOU4XROG
->Temp folder emptied: 336887614 bytes
->Temporary Internet Files folder emptied: 1417010820 bytes
->Java cache emptied: 11734213 bytes
->FireFox cache emptied: 947633408 bytes
->Google Chrome cache emptied: 380664643 bytes
->Apple Safari cache emptied: 1113088 bytes
->Flash cache emptied: 80450 bytes

User: PETER.PETER-OYOU4XROG.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 92094 bytes

User: TIM

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4691572306 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 321532039 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 460605326 bytes

Total Files Cleaned = 10,278.00 mb

System Restore Service not available.

OTL by OldTimer - Version 3.2.69.0 log created on 01202013_224111

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\DIANE\Local Settings\Temp\plugtmp-242\plugin-;pos=0;tile=0;canvasSizes=740;sz=1x1;dp=arkadium;pn=arkadium;sn=mahjonggdb_v1;gn=mahjonggdimensionsblast;app=vex;l=en;c=AU;src=other;u=pos-0_tile-0_canvasSizes-740_sz-1x1_dp-arkadium_pn-arkadium_sn-m not found!
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Temporary Internet Files\Content.IE5\0093FDNI\1085772-uninstall-fixio-pc-cleaner[1].html moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## kevinf80 (Mar 21, 2006)

Post the other logs when you`re ready, also what exactly do you mean by "several corruptions on the hard drive"


----------



## speedyzap (Feb 26, 2006)

*I mean corruption in Win XP Home OS - sorry about that. Will next do "download security check by screen 317"

Malware Bytes log under:*

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.20.04

Windows XP x86 NTFS
Internet Explorer 8.0.6001.18702
PETER :: PETER-OYOU4XROG [administrator]

1/20/2013 11:51:10 PM
mbam-log-2013-01-20 (23-51-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 397401
Time elapsed: 6 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## speedyzap (Feb 26, 2006)

Note: Items such as Zone Alarm, Windows Updates.... are not updating for quite some long time now as I appear to have a Windows Installer problem. Also Adobe reader is not updating either for about a couple of months, getting error codes and instructions like:
"The Windows Installer Service could not be accessed. This can occur if you are running safe mode, or if the Windows Installer is not correctly installed....."
and
"Set up has detected the version of the service pack installed in your system is lower than what is necessary to apply to this hotfix. A minimum you must have installed Service Pack 2"
and
Error code: 80070002
Also disc defragmentor no longer working

*Security Check Log under:*

Results of screen317's Security Check version 0.99.57 
Windows XP x86 
*Out of date service pack!!* 
Internet Explorer 8 
*``````````````Antivirus/Firewall Check:``````````````* 
*Windows Security Center service is not running! This report may not be accurate!* 
ESET Online Scanner v3 
ZoneAlarm Antivirus 
ZoneAlarm Security Suite 
ZoneAlarm Toolbar 
*`````````Anti-malware/Other Utilities Check:`````````* 
Malwarebytes Anti-Malware version 1.70.0.1100 
CCleaner 
Java(TM) 6 Update 29 
*Java version out of Date!* 
Adobe Flash Player 11.5.502.135 
Adobe Reader 8 *Adobe Reader out of Date!* 
Adobe Reader 9 *Adobe Reader out of Date!* 
Mozilla Firefox 13.0.1 *Firefox out of Date!* 
Mozilla Thunderbird (2.0.0 *Thunderbird out of Date!* 
Google Chrome 20.0.1132.47 
Google Chrome 20.0.1132.57 
*````````Process Check: objlist.exe by Laurent````````* 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C:: 
*````````````````````End of Log``````````````````````*


----------



## speedyzap (Feb 26, 2006)

Note: Zone Alarm Security Suite is just now prompting a message box each time on boot up. It requests the submission of an error report. It says:
ZA Security Suite detected problem with stability. You can help developers to resolve this problem by sending some debug information to ZoneLabs Server. Please select what kind of information ZA Browser Security can send:
* Max info about all protected applications (over 50mb)
* Max Info about unstable process (10 - 50mb)
* Min info about protected applications (0.1 to 0.5mb)

I sent the minimum info but still popping up on boot up

also an error report re ZA to send was requested by Microsoft > sent

Note: Mozilla Firefox is working OK now (back) and the Fixio PC cleaner problem appears to have been fixed - good news!

Note: Tried to update Adobe Reader only to get a message error code: 1601 (which on inspection is "out of disc space"). On inspecting disc defragmentor it says "68GB free/spare". However, as said, disc defragmentor and analyse does not work. These problems (Disc Defr. and Adobe updates) have been in existance for a while now.

Sorry its getting a little complex now


----------



## kevinf80 (Mar 21, 2006)

You have plenty of HD space, the service pack issue is a definite problem. Befor we look at that run this please:

Run the MGA Diagnostic Tool and post back the report it creates:


Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.

Kevin


----------



## speedyzap (Feb 26, 2006)

Where do I find Windows Clipboard on XP Home? That is, when I press "copy" on MGA where do I go in windows to find it?
Thanks


----------



## speedyzap (Feb 26, 2006)

*Report pasted as under:*

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-CQX6R-G3YTD-XHT6J
Windows Product Key Hash: llSy0furpqBzNt1DsjHzbLT18KU=
Windows Product ID: 55277-OEM-2115041-74099
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.0.0.hom
ID: {1063A784-6CB5-4163-853D-5E1117763B87}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-364-800706ba_025D1FF3-229-800706ba_025D1FF3-230-1_025D1FF3-238-2
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: 1.7.105.35
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 1.7.105.35
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Word 2002 - 100 Genuine
OGA Version: Registered, 1.7.105.35
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-800706ba_025D1FF3-229-800706ba_025D1FF3-230-1_025D1FF3-238-2

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1063A784-6CB5-4163-853D-5E1117763B87}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.0.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-XHT6J</PKey><PID>55277-OEM-2115041-74099</PID><PIDType>3</PIDType><SID>S-1-5-21-1659004503-362288127-839522115</SID><SYSTEM/><BIOS/><HWID>626732CF01842F69</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.105.35"/><File Name="OGAAddin.dll" Version="1.7.105.35"/><File Name="OGAVerify.exe" Version="1.7.105.35"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{901B0409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Word 2002</Name><Ver>10</Ver><Val>4F414E359DFC9C0</Val><Hash>BboaGsZG7CBohSlWvacczwRUksw=</Hash><Pid>54189-753-9192007-16282</Pid><PidType>1</PidType></Product></Products><Applications><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A


----------



## kevinf80 (Mar 21, 2006)

There are no service packs on your system, without those many issues will happen. To get the OS up to date you will need SP1a and SP3, no need for SP2. When those service packs are installed the system should start to respond much better.

SP1a is available here - https://www.microsoft.com/en-us/download/details.aspx?id=19751

SP3 is available here - https://www.microsoft.com/en-us/download/details.aspx?id=1260

Let me know when those are complete....


----------



## speedyzap (Feb 26, 2006)

Problem:

On trying to download SP1 partway through it says:

"The following error occured:
While SP1 Setup attempted to download the SP1 files from the internet:
The server did not respond"

AFTER TRYING RETRY ABOUT 4 TIMES I GOT THE SAME RESPONSE as under:

"If the error persists after you have clicked retry several times, go to Windows XP Service Pack Web Site and select "Problems downloading the Service Pack. This will give you instructions on how to download aversion of the Service Pack that does not require a web connection during installation"

Note: I tried the SP1 download using option "Archive Files" and also "Do not archive Files" both several times with retry without success
Note: In Add / Remove Programs it says I have the following programs currently installed:
Microsoft.NET Framework V 1.0.3705
" 1.0 Hotfix (KB928376)
" 2.00 Service Pack 2
Microsoft User Mode Driver Framework Feature Pack 1
Windows XP Service Pack 3

but according to the MGA Diag you said it does not have the Service Packs - perhaps a corruption ??

Also both my DVD reader/ burners do not work (one is recognised by BIOS but just does not play any CD/DVD's - that's why I haven't tried any repairs with the disc


----------



## kevinf80 (Mar 21, 2006)

Security Checks flagged security packs outdated, OTL also does not show any service packs. Select start > right click on "My Computer" > select "Properties" In the new window with the "General" tab you should see what Windows version you have and what service pack level. Can you check that..


----------



## speedyzap (Feb 26, 2006)

Just says
XP Home edition Version 2002
No mention there of any service packs


----------



## kevinf80 (Mar 21, 2006)

Run the tool available here: http://support.microsoft.com/kb/916247 See if that lists any errors,


----------



## speedyzap (Feb 26, 2006)

Genuine Microsoft Software Diagnostic Results
Passed Active scripting allowed 
Passed Display images enabled 
Passed Computer time and date correct 
Passed Cookies enabled 
Passed ActiveX enabled 
Passed Windows validation ActiveX loade
Passed Office validation ActiveX loaded 
Passed Validation Self-help ActiveX loaded

I am now doing a security validation check - is that the other thing you wanted? Seems to be taking forever to check?
*Edit: Should the Security Validation Check be taking more than 20 mins to complete?* Try to get off the page but it stops me saying it will only take several more minutes to complete?


----------



## speedyzap (Feb 26, 2006)

Did diagnostic test again as under with a few more results (ended it too quickly last time)

Genuine Microsoft Software Diagnostic Results
Passed Active scripting allowed 
Passed Display images enabled 
Passed Computer time and date correct 
Passed Cookies enabled 
Passed ActiveX enabled 
Passed Windows validation ActiveX loaded 
Passed Office validation ActiveX loaded 
Passed Validation Self-help ActiveX loaded 
Passed Validation Self-help: Data.dat Corruption check 
Passed Validation Self-help: Cryptography check 
Passed Validation Self-help: Product Activation check

then clicked on "Validate Windows" as under:
Your computer is properly configured to run the Microsoft validation process. 
Click either Validate Windows or Validate Office to use the Microsoft validation process. 

The process to validate started running but after over one and a half hours of no results being published 
(just said it was still running so I manually ended the process as something must be wrong there taking so long)
Not even sure you wanted me to validate windows anyway ?


----------



## kevinf80 (Mar 21, 2006)

There is no need for you validate windows, i`d be more content if the service packs installed. See if you can download and install SP1a and SP3 from here http://windows.microsoft.com/en-GB/windows/service-packs-download#sptabs=xp


----------



## speedyzap (Feb 26, 2006)

Sorry, did not work either, that link download exactlty the same response as the former link

Note: I haven't tried to download SP2 or SP3 as I assume that SP1a needs to go in first ?


----------



## kevinf80 (Mar 21, 2006)

That is a very good point, I suppose it depends when the XP version you have was released. OK, try to d/l and install SP2.

It is available here: http://www.microsoft.com/en-us/download/details.aspx?id=28. I believe support for the service packs ended mid 2010, hence they don`t come in with windows normal updates and have to be d/l direct.


----------



## speedyzap (Feb 26, 2006)

Whoo Hoo! SP2 loaded OK and now shows up in System Properties 

Was that a different download site to the others? If so, perhaps I should try SP1a from that site?


----------



## kevinf80 (Mar 21, 2006)

No need for SP1a when SP2 is loaded, continue and install SP3..


----------



## speedyzap (Feb 26, 2006)

Which link would be best?

Will try this one you gave me on page 1 of my thread:

https://www.microsoft.com/en-us/down...s.aspx?id=1260


----------



## kevinf80 (Mar 21, 2006)

http://www.microsoft.com/en-us/download/details.aspx?id=24

See how that goes, if ok check how your system responds, also what issues/concerns remain etc....


----------



## speedyzap (Feb 26, 2006)

OK just got me in the nick of time


----------



## kevinf80 (Mar 21, 2006)

Yep, i`m going out shortly, maybe not back online for most of the day........


----------



## speedyzap (Feb 26, 2006)

Thats OK Kev

SP3 has downloaded most of the way but seems to be just hanging there now "Finishing Installation (doing a cleanup)"

If it goes on hanging much longer I assume something is wrong. Will give it another 20 mins

Let u know how its going


----------



## speedyzap (Feb 26, 2006)

Well well...

SP3 http://www.microsoft.com/en-us/downl...ils.aspx?id=24 updated and installed fine it appears so far

Windows installer now appears to be working and is recognised in "administrative Tools / Services"

I installed Adobe reader XI (11.0.01) which I could not do before

I checked in Performance Maint. & Disc defragmenter and disc analysis and they are both working now

Unfortunately, Windows Updater (automatic) is still not showing up in "administrative tools / services"

Unfortunately, my two dvd drive reader/burners are still not working. That makes sense because they are BIOS based and possibly not XP OS based. It could be that they both have died ? They haven't worked for ages. I originally thought they had XP OS corruptions.

I will now try and get the latest version of my Zone Alarm Security Suite and see if that actually downloads now. It ages out of date.

Let me know what we should do next to get my XP Home OS updated correctly ?
or
Should we do some more maintenence and repair checks ?

*Well done so far Kevin*


----------



## speedyzap (Feb 26, 2006)

Tried to install latest version of Zone Alarm security Suite (my previous version was 9.3.037.000 )

I tried to install the latest ZASS version now because as above I have just tonight finally worked out why I could not install other items > I did not have Windows XP Home Service Pack 2 or 3 installed properly (or corrupted). I finally installed SP 2 & 3 tonight and finally managed to update Adobe reader

After ZA Security Suite began "Unpacking Installation Files" I tried then to install ZASS and after brief installing an error message came up saying:
"Installation encountered an error and cannot continue. You can try install again at a later time."
"Error # 1603 Fatal error during installation"

Is Error # 1603 relatively easy to fix? So I can try the ZASS install again?

Note: Zone Alarm's new tool bar installed though ??

Note: As it stands, I don't even have the old ZASS version installed now (I assume) because it has been uninstalled by trying to install the latest version. A mess now I think

ZA Tech support said it was a Microsoft problem and could not assist. They said they didn't even have a link to my old ZA version to try and re-install

ZA tech gave me the following meaning to error 1603 as follows:
It is an error that comes up when you try to install any Microsoft Windows Installer packages. It occurs when any of the following conditions are true: 
The folder that you are trying to install the Windows Installer package to is encrypted.
The drive that contains the folder that you are trying to install the Windows Installer package to is accessed as a substitute drive.
The SYSTEM account does not have Full Control permissions on the folder that you are trying to install the Windows Installer package to. You notice the error message because the Windows Installer service uses the SYSTEM account to install software.

I currently have no security suite working except for Windows Firewall which says it is "ON"
Windows Automatic Update says its "ON"
Windows Virus Protection says its "OFF"
I got the above details from Windows Security Centre on XP Home

*How then do I fix error 1603 (which I assume is a Windows error)??*


----------



## kevinf80 (Mar 21, 2006)

Error 1603 is usually down to the windows installer package, as you already installed Adobe that may not be the case this time. 
Leave ZA for now, infact if still onboard UNinstall it altogther. there is an uninstaller tool for ZA available here:

http://www.techspot.com/downloads/5402-zone-alarm-uninstaller.html.

I want you to install Microsoft Security Essentials until we are sure the system is good to go, use this instruction:

To keep safe when online you need a good *Antivirus/Antspyware/Antimalware/Anti-Rootkit* combination application. *Microsoft Security Essentials* covers all of those bases, but better still it is free. Go here http://www.microsoft.com/security_essentials/ select your Operating System, download, install and follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen. Let me know if it finds anything from the scan...

Kevin


----------



## speedyzap (Feb 26, 2006)

Deleted ZA using link you gave

Will now try and install MSE

thanks


----------



## speedyzap (Feb 26, 2006)

MSE install had an error which prevented instal

Error code: 0x80070643

Suggests I go to link: http://windows.microsoft.com/en-US/...p&v2h=win7tab1&v3h=winvistatab1&v4h=winxptab1

Will try to install MSE again in the meantime just incase it was a server problem

NOTE: Did not ask me to select any OS - maybe download didn't get that far??

Edit: 2nd try on MSE install failed again


----------



## kevinf80 (Mar 21, 2006)

Download Windows Repair Tool by Tweaking.com from here :- http://majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html and unzip the contents into a newly created folder on your desktop.


 Now open Repair_Windows.exe in the folder
 Go to *Step 4* and create a *Restore Point*
 Go to *Start repairs tab* then select *Start*
 In the Custom Mode window, only select the following repair options:

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Remove Policies Set By Infections
Repair Windows Updates
Repair MSI (Windows Installer)

 Click the Start button.

Be patient while the tool repairs the selected items.
If prompted reboot the computer for the changes to take affect, make sure other tasks in the program are not still running before re-booting..

Let me see the log which will be found in this folder:

C:\Tweaking.com_windows_Repair_Logs

When that is finished try MSE one more time...

Kevin


----------



## speedyzap (Feb 26, 2006)

Is that the "reimage repair tool set up" download?

Reimage repair is telling me I have the following:
Stability Issues: 14
Security Threats: Good
Registry: 122 errors
Junk Files: 1.10Gb's
Windows Damage Severity: Medium

It is also asking me to insert my XP OS licence key number?? Don't really want to do that
Asks me to "Start Repair"

Did not give me any "step" options or ask me to create any resore point. Unless that happens during "repair" which I have not started

Have I dowloaded the right file ?? I won't do the "repair" till I hear from you
Reimage How it works link: http://www.reimageplus.com/how-does-it-work/


----------



## kevinf80 (Mar 21, 2006)

That is not correct, when you`ve d/l the tool and started it the GUI should look like the attached image...


----------



## speedyzap (Feb 26, 2006)

Bit lost now. 
I got this file: tweaking.com_windows_repair_aio.zip\Tweaking.com - Windows Repair - ZIP archive, unpacked size 9,211,276 bytes

With "add", "extract", "test", "view", delete, find, etc

Doesn't look like your pic

Finally found it - version 1.9.6 Tweaking.com - will run it

Tweaking is now running

Did not select repair option: "repair CD/DVD missing/ not working" - my CD/DVD reader/burner does not work


----------



## kevinf80 (Mar 21, 2006)

Select "Extract" then give your Desktop as where you wanted it extracted to, open the folder on your Desktop, inside will be a file with red briefcase, that is the tool, double click to run that. Then you`ll see the image I posted...


----------



## speedyzap (Feb 26, 2006)

Tweaking is now running - upto part 2 of 9

Did not select repair option: "repair CD/DVD missing/ not working" - my CD/DVD reader/burner does not work. Should I have selected it as option 10? Not to late as repair hasn't reached that option part yet
--------------------------------------------------------------------------------

System Restore says there are currently no restore points even though I selected it in step 4


----------



## kevinf80 (Mar 21, 2006)

Only select what I gave, then reboot and try MSE again...


----------



## speedyzap (Feb 26, 2006)

OK I'll try MSE again

I have the log file but can't seem to uplaod it as an attachment


----------



## kevinf80 (Mar 21, 2006)

can you just copy and paste the log?


----------



## speedyzap (Feb 26, 2006)

MSE does not want to load - same problem as last time:
MSE install had an error which prevented instal > Error code: 0x80070643

I went into add / remove programs and still saw some items of Zone Alarm which I uninstalled > then re-booted > then tried MSE a couple of times but failed as above. They may have uninstalled previously but I went through the uninstall hoops again anyway

The log doesn't want to paste. It appears to copy but doesn't want to paste on this thread
I have a copy of it in My Pictures but it seems it might be too pixle heavy to upload - takes too long
It will copy and paste if I open each log separately (they open up in notepad) but the first log seems too long to put on here - do you stll want them?


----------



## kevinf80 (Mar 21, 2006)

download Farbar Service Scanner and run it on the computer with the issue.
*Make sure the following options are checked:*


*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center/Action Center*
*Windows Update*
*Windows Defender*


Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## speedyzap (Feb 26, 2006)

*LOG 3*
WARNING HKEY_CLASSES_ROOT\* : registry key is skipped (contains wildcard)
WARNING HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\* : registry key is skipped contains wildcard)
WARNING HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\mk\* : registry key is skipped (contains wildcard)

*LOG 4*
WARNING HKEY_CLASSES_ROOT\* : registry key is skipped (contains wildcard)
WARNING HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\* : registry key is skipped (contains wildcard)
WARNING HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\mk\* : registry key is skipped (contains wildcard)

*CURRENT USER 3 LOG*
WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* : registry key is skipped (contains wildcard)
WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)
WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com\* : registry key is skipped (contains wildcard)

*CURRENT USER 4 LOG*
WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* : registry key is skipped (contains wildcard)
WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE15AAA2-AF1F-4A96-91F0-99EDF00F7C2A}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)
WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com\* : registry key is skipped (contains wildcard)

*LOCAL MACHINE 3 LOG*
HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\SAC : 2 The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\SAI : 2 The system cannot find the file specified.

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Classes\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\mk\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Dlwin.exe\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\MSWIN.EXE\* : registry key is skipped (contains wildcard)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 - RegSetKeySecurity Error : 6 The handle is invalid.

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\* : registry key is skipped (contains wildcard)

*LOCAL MACHINE 4 LOG*
HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\SAC : 2 The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SECURITY\Policy\Secrets\SAI : 2 The system cannot find the file specified.

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Classes\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\mk\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\iexplore\AllowedDomains\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\Dlwin.exe\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\MSWIN.EXE\* : registry key is skipped (contains wildcard)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009 - RegSetKeySecurity Error : 6 The handle is invalid.

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBCINST.INI\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\* : registry key is skipped (contains wildcard)

WARNING HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\* : registry key is skipped (contains wildcard)


----------



## speedyzap (Feb 26, 2006)

*WINDOWS REPAIR LOG*

Starting Repairs...
Start (1/23/2013 5:41:13 AM)

Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (1/23/2013 5:41:13 AM)
Done (1/23/2013 5:41:20 AM)

Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (1/23/2013 5:41:20 AM)
Done (1/23/2013 5:42:46 AM)

Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (1/23/2013 5:42:46 AM)
Done (1/23/2013 5:43:32 AM)

Reset File Permissions 01/52
C:\215c1e8c820174feb39c & Sub Folders
Start (1/23/2013 5:43:32 AM)
Done (1/23/2013 5:43:36 AM)

Reset File Permissions 02/52
C:\32788R22FWJFW & Sub Folders
Start (1/23/2013 5:43:36 AM)
Done (1/23/2013 5:43:41 AM)

Reset File Permissions 03/52
C:\400489b79493023d5f & Sub Folders
Start (1/23/2013 5:43:41 AM)
Done (1/23/2013 5:43:43 AM)

Reset File Permissions 04/52
C:\498fbe4af874fc02645f & Sub Folders
Start (1/23/2013 5:43:43 AM)
Done (1/23/2013 5:43:45 AM)

Reset File Permissions 05/52
C:\4c6fc1f43eb93c77efb1d9b76f & Sub Folders
Start (1/23/2013 5:43:45 AM)
Done (1/23/2013 5:43:48 AM)

Reset File Permissions 06/52
C:\527a39c383dbb742b9b963 & Sub Folders
Start (1/23/2013 5:43:48 AM)
Done (1/23/2013 5:43:52 AM)

Reset File Permissions 07/52
C:\550588fd9fd33298121f8dcd3ab9 & Sub Folders
Start (1/23/2013 5:43:52 AM)
Done (1/23/2013 5:43:55 AM)

Reset File Permissions 08/52
C:\5dd14aca1fec66dd1e161a8b59bb & Sub Folders
Start (1/23/2013 5:43:55 AM)
Done (1/23/2013 5:43:57 AM)

Reset File Permissions 09/52
C:\715e279e234e1d0a0b9d & Sub Folders
Start (1/23/2013 5:43:57 AM)
Done (1/23/2013 5:44:02 AM)

Reset File Permissions 10/52
C:\74f9e7b52405aa9783f0783832 & Sub Folders
Start (1/23/2013 5:44:02 AM)
Done (1/23/2013 5:44:04 AM)

Reset File Permissions 11/52
C:\75dc08dc146eed0233cf57ed9b9d & Sub Folders
Start (1/23/2013 5:44:04 AM)
Done (1/23/2013 5:44:07 AM)

Reset File Permissions 12/52
C:\Aiseesoft FLV Video Converter & Sub Folders
Start (1/23/2013 5:44:07 AM)
Done (1/23/2013 5:44:09 AM)

Reset File Permissions 13/52
C:\AVSVideoConverter6 & Sub Folders
Start (1/23/2013 5:44:09 AM)
Done (1/23/2013 5:44:12 AM)

Reset File Permissions 14/52
C:\BJPrinter & Sub Folders
Start (1/23/2013 5:44:12 AM)
Done (1/23/2013 5:44:32 AM)

Reset File Permissions 15/52
C:\c299f17a6f3b03e7038e16 & Sub Folders
Start (1/23/2013 5:44:32 AM)
Done (1/23/2013 5:44:37 AM)

Reset File Permissions 16/52
C:\c42beecd800ab0f8aad90a990b & Sub Folders
Start (1/23/2013 5:44:37 AM)
Done (1/23/2013 5:44:41 AM)

Reset File Permissions 17/52
C:\chrome & Sub Folders
Start (1/23/2013 5:44:41 AM)
Done (1/23/2013 5:44:44 AM)

Reset File Permissions 18/52
C:\cmdcons & Sub Folders
Start (1/23/2013 5:44:44 AM)
Done (1/23/2013 5:44:48 AM)

Reset File Permissions 19/52
C:\components & Sub Folders
Start (1/23/2013 5:44:48 AM)
Done (1/23/2013 5:44:51 AM)

Reset File Permissions 20/52
C:\Config.Msi & Sub Folders
Start (1/23/2013 5:44:51 AM)
Done (1/23/2013 5:45:01 AM)

Reset File Permissions 21/52
C:\defaults & Sub Folders
Start (1/23/2013 5:45:01 AM)
Done (1/23/2013 5:45:03 AM)

Reset File Permissions 22/52
C:\e46424be0c638da415ff4d3020 & Sub Folders
Start (1/23/2013 5:45:04 AM)
Done (1/23/2013 5:45:06 AM)

Reset File Permissions 23/52
C:\etax2008 & Sub Folders
Start (1/23/2013 5:45:06 AM)
Done (1/23/2013 5:45:12 AM)

Reset File Permissions 24/52
C:\etax2009 & Sub Folders
Start (1/23/2013 5:45:12 AM)
Done (1/23/2013 5:45:19 AM)

Reset File Permissions 25/52
C:\Formats & Sub Folders
Start (1/23/2013 5:45:19 AM)
Done (1/23/2013 5:45:21 AM)

Reset File Permissions 26/52
C:\greprefs & Sub Folders
Start (1/23/2013 5:45:21 AM)
Done (1/23/2013 5:45:24 AM)

Reset File Permissions 27/52
C:\help & Sub Folders
Start (1/23/2013 5:45:24 AM)
Done (1/23/2013 5:45:37 AM)

Reset File Permissions 28/52
C:\images & Sub Folders
Start (1/23/2013 5:45:37 AM)
Done (1/23/2013 5:45:39 AM)

Reset File Permissions 29/52
C:\Land Of The Dead & Sub Folders
Start (1/23/2013 5:45:39 AM)
Done (1/23/2013 5:45:43 AM)

Reset File Permissions 30/52
C:\language & Sub Folders
Start (1/23/2013 5:45:43 AM)
Done (1/23/2013 5:45:46 AM)

Reset File Permissions 31/52
C:\locale & Sub Folders
Start (1/23/2013 5:45:46 AM)
Done (1/23/2013 5:45:48 AM)

Reset File Permissions 32/52
C:\MSOCache & Sub Folders
Start (1/23/2013 5:45:48 AM)
Done (1/23/2013 5:45:51 AM)

Reset File Permissions 33/52
C:\osdmenu & Sub Folders
Start (1/23/2013 5:45:51 AM)
Done (1/23/2013 5:45:53 AM)

Reset File Permissions 34/52
C:\PartyCasino & Sub Folders
Start (1/23/2013 5:45:53 AM)
Done (1/23/2013 5:45:55 AM)

Reset File Permissions 35/52
C:\PartyPoker & Sub Folders
Start (1/23/2013 5:45:55 AM)
Done (1/23/2013 5:46:02 AM)

Reset File Permissions 36/52
C:\plugins & Sub Folders
Start (1/23/2013 5:46:02 AM)
Done (1/23/2013 5:46:06 AM)

Reset File Permissions 37/52
C:\Program Files & Sub Folders
Start (1/23/2013 5:46:06 AM)
Done (1/23/2013 5:48:46 AM)

Reset File Permissions 38/52
C:\Qoobox & Sub Folders
Start (1/23/2013 5:48:46 AM)
Done (1/23/2013 5:48:48 AM)

Reset File Permissions 39/52
C:\rei & Sub Folders
Start (1/23/2013 5:48:48 AM)
Done (1/23/2013 5:48:51 AM)

Reset File Permissions 40/52
C:\res & Sub Folders
Start (1/23/2013 5:48:51 AM)
Done (1/23/2013 5:48:53 AM)

Reset File Permissions 41/52
C:\skins & Sub Folders
Start (1/23/2013 5:48:53 AM)
Done (1/23/2013 5:48:56 AM)

Reset File Permissions 42/52
C:\Tweaking.com_Windows_Repair_Logs & Sub Folders
Start (1/23/2013 5:48:56 AM)
Done (1/23/2013 5:48:58 AM)

Reset File Permissions 43/52
C:\UBIOS & Sub Folders
Start (1/23/2013 5:48:58 AM)
Done (1/23/2013 5:49:01 AM)

Reset File Permissions 44/52
C:\UT2004 & Sub Folders
Start (1/23/2013 5:49:01 AM)
Done (1/23/2013 5:49:13 AM)

Reset File Permissions 45/52
C:\UT2004Demo & Sub Folders
Start (1/23/2013 5:49:13 AM)
Done (1/23/2013 5:49:24 AM)

Reset File Permissions 46/52
C:\VideoOutput & Sub Folders
Start (1/23/2013 5:49:24 AM)
Done (1/23/2013 5:49:26 AM)

Reset File Permissions 47/52
C:\VLC & Sub Folders
Start (1/23/2013 5:49:26 AM)
Done (1/23/2013 5:49:29 AM)

Reset File Permissions 48/52
C:\Will Rock & Sub Folders
Start (1/23/2013 5:49:29 AM)
Done (1/23/2013 5:49:41 AM)

Reset File Permissions 49/52
C:\WINDOWS & Sub Folders
Start (1/23/2013 5:49:41 AM)
Done (1/23/2013 5:54:58 AM)

Reset File Permissions 50/52
C:\WinFast WorkArea & Sub Folders
Start (1/23/2013 5:54:58 AM)
Done (1/23/2013 5:55:00 AM)

Reset File Permissions 51/52
C:\WUTemp & Sub Folders
Start (1/23/2013 5:55:00 AM)
Done (1/23/2013 5:55:03 AM)

Reset File Permissions 52/52
C:\_OTL & Sub Folders
Start (1/23/2013 5:55:03 AM)
Done (1/23/2013 5:55:05 AM)

Register System Files
Start (1/23/2013 5:55:05 AM)
Done (1/23/2013 5:57:53 AM)

Repair WMI
Start (1/23/2013 5:57:53 AM)
Step 01/03 - Deleting WMI Repository...
The system cannot find the path specified.
The system cannot find the path specified.
Step 02/03 - Rebuilding WMI Repository...
Step 03/03 - Registering WMI...
Done (1/23/2013 6:00:56 AM)

Repair Windows Firewall
Start (1/23/2013 6:00:56 AM)
System error 1060 has occurred.

The specified service does not exist as an installed service.

The Windows Firewall/Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

System error 1060 has occurred.

The specified service does not exist as an installed service.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

System error 1060 has occurred.

The specified service does not exist as an installed service.

System error 1060 has occurred.

The specified service does not exist as an installed service.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

Done (1/23/2013 6:01:07 AM)

Repair Internet Explorer
Start (1/23/2013 6:01:07 AM)
Done (1/23/2013 6:02:43 AM)

Remove Policies Set By Infections
Start (1/23/2013 6:02:43 AM)
Done (1/23/2013 6:02:48 AM)

Repair Windows Updates
Start (1/23/2013 6:02:48 AM)
The Background Intelligent Transfer Service service is not started.

More help is available by typing NET HELPMSG 3521.

The Automatic Updates service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\catroot2\edb.log - The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\catroot2\edbtmp.log - The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\catroot2\tmp.edb - The process cannot access the file because it is being used by another process.
'bitsadmin.exe' is not recognized as an internal or external command,
operable program or batch file.
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

The system cannot find the file specified.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\catroot2\edb.log - The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\catroot2\edbtmp.log - The process cannot access the file because it is being used by another process.
C:\WINDOWS\system32\catroot2\tmp.edb - The process cannot access the file because it is being used by another process.
'bitsadmin.exe' is not recognized as an internal or external command,
operable program or batch file.
The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

Done (1/23/2013 6:04:28 AM)

Repair MSI (Windows Installer)
Start (1/23/2013 6:04:28 AM)
The Windows Installer service is not started.

More help is available by typing NET HELPMSG 3521.

Done (1/23/2013 6:04:39 AM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (1/23/2013 6:04:39 AM)
Total Repair Time: 00:23:26

...YOU MUST RESTART YOUR SYSTEM...

*NOTE: ALL THE ABOVE LOGS ARE FROM TWEEKING.COM NOT FARBER SCANNER*


----------



## speedyzap (Feb 26, 2006)

Do you still want me to do the farber dowlNoad and scan ??

I WILL HAVE TO LEAVE IT THERE FOR NOW AND GET BACK TO YOU IN ABOUT 14 HOURS

THANKS HEAPS SO FAR


----------



## kevinf80 (Mar 21, 2006)

Yes please run FSS and post the log, Also you have no security running, that will need to be sorted asap. Maybe try to install Avast free version....

http://www.avast.com/free-antivirus-download.

Probably best to see if AVast will install first, no good being online with no security....


----------



## speedyzap (Feb 26, 2006)

Hi Kev

AVAST free downloaded > but notice says, "The Avast antivirus program has been stopped, or is in an inconsistent state. Please re-start the program to resume protecting your system". I assume that means re-boot. If so, after re-boot, it doesn't change anything, it still won't work or scan. I also pressed the "start program" click on near the above notice but nothing happens.

Also, another notice on the Avast program says "UNSECURED your system is not protected: Please use the"FIX NOW button". On pressing FIX NOW nothing happens, except an add comes up telling you to install the paid upgrade of AVAST

It also fails to update when requested, saying "Avast service is not running"

When first trying to download Avast it said download would take 1.5 hours after 5 mins I cancelled download and tried download again. This time It said download time 9 mins. It did download and did a scan at the end of download but it did not re-boot automatically and it did not give any scan results or log.

Might need to delete Avast and try another free anti-virus or try and repair it or reload it??

Have not done FSS yet - will try later when have time

Thanks


----------



## speedyzap (Feb 26, 2006)

FSS LOG UNDER: (seemed to quick for a full scan - is under what you wanted?)

Farbar Service Scanner Version: 16-01-2013
Ran by PETER (administrator) on 23-01-2013 at 15:46:34
Running from "C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****


----------



## speedyzap (Feb 26, 2006)

I have uninstalled AVAST because its not working but also because I just realised I have a 3 user Norton Internet Security Suite with one user still spare. I will wait for your advice whether I should or should not use Norton

Off course my dvd / cd player does not work on this PC so I can try and download it off Nortons site and use the product key code off the CD

Waiting your advice whether to try and install or not?


----------



## kevinf80 (Mar 21, 2006)

FSS is a very quick scan, it makes no changes but does give a lot of information regarding certain functions and service file status. I do not see any issues in FSS.
I also still remember the issue with your CD/DVD not working, that could be a driver issue (needs replacing/updating) or it could be down to malware.
That driver *cdrom.sys* could have been patched by malware. OK before you go any further with installs i`d like you to run a couple of scans, if the first does not run, move to the second. Or if possible, run them both....

Please download the latest version of TDSSKiller from *Here* and save it to your Desktop.


 Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.










 Put a checkmark beside loaded modules.










 A *reboot* will be needed to apply the changes. *Do it.*
 TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
 Then click on Change parameters in TDSSKiller.
 Check all boxes then click OK.










 Click the Start Scan button.










 The scan will be quick.
 If a *suspicious* object is detected, the default action will be *Skip,* click on *Continue.*










 If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
 Ensure *Cure (default)* is selected, then click *Continue* > *Reboot* now to finish the cleaning process.










 Note: If *Cure* is not available, please choose *Skip* instead, do not choose *Delete* unless instructed.
 A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the logs in next reply please...

Kevin


----------



## speedyzap (Feb 26, 2006)

Note: Windows auto installer for updates must now be working as i have just received 21 new updates and windows is prompting me to install them

i won't install them till you say its best to try

asking either express install or custom


----------



## kevinf80 (Mar 21, 2006)

Yes install the updates, maybe then hold off on the scans TDSSKiller/Combofix and try to install MSE or AVast. One important point, when I asked you to run the windows repair tool you accessed something called "Reimage" or something like that? That needs removing ASAP, is very suspicious...:up:


----------



## speedyzap (Feb 26, 2006)

Unfortunately, I am already halfway? through TDSS Killer. It has already found two threats and is asking me to continue or cancel ?

Also, with windows updates, one thing I don't want is IE8 installing, happy with IE7 (apparently IE8 has a bad reputation?)

Will wait about 7 mins for your reply - then probably finish TDSS scan (continue)


----------



## kevinf80 (Mar 21, 2006)

Yes continue with the scans if you`ve already started, IE8 is far more secure than IE7. I advise to update. I`m very busy on another site so my replies maybe sporadic, I try to keep up with you...


----------



## speedyzap (Feb 26, 2006)

See Kapersk Scan attachment under:


----------



## kevinf80 (Mar 21, 2006)

Unsigned just means the driver does not have a certificate, suspicious does not always mean malicious. Post the full TDSSKiller log for me to see, also Combofix log when complete...:up:


----------



## speedyzap (Feb 26, 2006)

I could not find combofix in any places like desktop, my pictures, my documents, my downloads, etc 
BUT I did find 4 combofix files after a search on the name and I deleted them.

I deleted any set up files on Reimage - found one in my documents - must have deleted it before off desktop 
Did search on reimage and found 7 items and deleted them

Did a search on any remaining Zone Alarm items and deleted them

Deleted all the above out of recycle bin as well and did a re-boot


----------



## kevinf80 (Mar 21, 2006)

I only ask that you delete Combofix from Desktop in case you happen to have an old version, no need to delete any other files/folders..

Can you post TDSSKiller log and Combofix log when done...


----------



## speedyzap (Feb 26, 2006)

kevinf80 said:


> Unsigned just means the driver does not have a certificate, suspicious does not always mean malicious. Post the full TDSSKiller log for me to see, also Combofix log when complete...:up:


I can't seem to do a "select all" on this to copy and paste (post) or even a scroll select. The last one was a print screen that fitted on one page. I would have to do about 15-22 print screens on this one and that would take a long time.
Do you still want me to do it (i.e., print screen, then scroll next page, print screen, upload etc ??
OR
Would certain selected pages of your interest be the go?

Let me know?

Will attempt Combo Fix next


----------



## kevinf80 (Mar 21, 2006)

Attach the logs as zip files, right click on the file > select > send to > compressed (zipped) folder. That will be saved as a zip file next to the txt file. Under the reply box use the "manage attachments" option to attach the two zip files to the reply


----------



## speedyzap (Feb 26, 2006)

Got a problem running combofix

The run file box was saying scanning files and that "typically it takes about 10 mins and double that if many files infected." 

I gave combo fix about 50mins without any completion, so I thought its not working, so I cancelled the scan. The end result being that bot IE and Firefox Mozilla are not connecting to my internet

Did I mistakenly cancel too soon? 

What do we do now? Should I start Combofix afgain and let it run for say over 1 hour?

I guess this problem is now serious because I can no longer access the internet for fixes!!!

I am contacting you now via my laptop > the problem PC is my desktop


----------



## kevinf80 (Mar 21, 2006)

Combofix scans can take a couple of hours at times, it depends on what it has found and what it tries to remove. If you have stopped the scan midway it is possible to corrupt different files etc....

I would definitely run it again, it may or may not run, depending what has happened...


----------



## speedyzap (Feb 26, 2006)

Will try a re-run


----------



## speedyzap (Feb 26, 2006)

I know why it took so long....

Windows was automatically uploading the 21 files it downloaded without asking my permission

Its saying uploading your computer is almost complete - do you want to restart your cmputer??

Combofix is now scanning again. Should I cancell combo fix or tell Windows updates to restart later.

This could mean that any new windows updates got corrupted in my previous Combofix cancellation??


----------



## kevinf80 (Mar 21, 2006)

When windows asks to re-boot after an update you can put that on hold, it will give time increments 10 minutes upto 4 hours, choose the longest time... If Combofix is running leave that to complete,


----------



## speedyzap (Feb 26, 2006)

Windows Update is not giving me the option for any time for install - i chose automatic updates in the updates system box when i tried to get it going. Normally i choose advise me first. In this case it just comes back after a break to try and download. I will time the interval next time. So I will have to keep a close eye on it. 
Windows updater is telling me it will restart my computer in about 14 mins > I then tel it "Restart Later"

Also, does the "_" symbol (at the bottom of commentary in the combofix scan run box) have to actually be blipping to tell me its scanning?
Whenever the windows advice box pops up on the screen the blips of the bar stop and then I tell windows update "restart later" the blipping bar is still not on screen. I comes back and blips on and off again after i touch the advice box on the right of the 'start symbol" in the start bar at the bottom of the screen. in the advice box it says "autoscan" (which is separate to the large autoscan combofix run box. In other words, do I have to touch that box near "Start" to keep combofix scanning?

the windows update box pops up about every 10 mins and tells me I've got about 15 mins before it restarts the PC.


----------



## kevinf80 (Mar 21, 2006)

I`m not sure about the symbol you mention, I never actually run CF on my own PC. The best way forward here is to stop CF and reboot the PC, let the windows updates complete. 
Once you have re-booted post the log from TDSSKiller, let me see what that scan produced. Also navigate to the following:

*C:\QooBox\ComboFix-quarantined-files.txt* check if there are any logs such as that, if so post that also....


----------



## speedyzap (Feb 26, 2006)

OK will stop CF and reboot


----------



## speedyzap (Feb 26, 2006)

Windows Updates are installing - will no doubt take some time. 

Edit: No! actually installed quickly. Installed


----------



## kevinf80 (Mar 21, 2006)

Can you let me see the TDSSKiller log?


----------



## speedyzap (Feb 26, 2006)

Are you saying that I should right click on th TDSS scan results box. If so, that box does not respnd to any mouse clicking

The scan results are the same for the 4 items (even though windows updates have installed) > two sus items and two skipped by user item. All unsigned etc.

I assume the log file you want is when I check the box (show information messages) and 619 objects come p in the same box. They all say OK except for those 4 already mentioned before. once again no amount of right or left clicking on that box does anything. All I can do is take a Print Screen image of abot 19 objects, scoll down 19 and take a screen print of the next 19


----------



## kevinf80 (Mar 21, 2006)

No i`m not saying that, you have to go to the log as instructed in the scan details. The log can be found here:

*C:\"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*

So you navigate start > my computer > C:\ When you double click on C:\ to open you can scroll to TDSSkiller file, It will be identified with version, date, time, and end with .txt if you right click on that file > select > send to > compressed (zipped) folder. The zip file will be saved right next to the log.
Attach that to the next reply....


----------



## speedyzap (Feb 26, 2006)

Tdss log under


----------



## kevinf80 (Mar 21, 2006)

TDSSKiller log is clean, the two flagged files are clean, MD5`s check out ok...

Can you continue with Combofix...


----------



## speedyzap (Feb 26, 2006)

Hopefully this is the log file of TDSS I took after Windows updated - not 100% sure as it asks me if I want to replace existing file. I took a new log arpound 2.29am 24 Jan 2013


----------



## speedyzap (Feb 26, 2006)

kevinf80 said:


> TDSSKiller log is clean, the two flagged files are clean, MD5`s check out ok...
> 
> Can you continue with Combofix...


As Combofix takes about 2 hours or more I'l have to do it in about 14 hours from now

Thanks for your good work and patience so far Kev


----------



## kevinf80 (Mar 21, 2006)

Ok, that is fine by me. Can you check on more thing before you go, Navigate start > my computer > C:\ Open C:\ is there a folder named *Qoobox* if so look inside for this file *ComboFix-quarantined-files.txt* maybe there from last cf run..


----------



## speedyzap (Feb 26, 2006)

Kev

Before I go, I have absolutely no idea why, because I did absolutely nothing, my IE and Firefox are connecting to the internet now on my PC. I can turn off my laptop now??

Great news!

Get back to you tomorrow while I consider why? (maybe Win updates? maybe a part Combofix) but I tried the internet not that long ago and nothing??


----------



## kevinf80 (Mar 21, 2006)

When Combofix is run it will take several actions, if it is crashed during that procedure certain actions can become corrupt. One of those was probably the internet connection.
Because CF was ended and the system rebooted those actions can be corrected. Did you check for Qoobox?


----------



## speedyzap (Feb 26, 2006)

There is a file Qoobox and in it: "BackEnv" "Quarantine" "TestC" "Last Run" "Test"

No specific File such as: "ComboFix-quarantined-files.txt "

I will check again in about half an hour and after that about 45mins for any other requests - then I'm gone

Thanks


----------



## kevinf80 (Mar 21, 2006)

OK, we can just leave things as they are for now, run Combofix when you`re ready and post that log.....


----------



## speedyzap (Feb 26, 2006)

kevinf80 said:


> OK, we can just leave things as they are for now, run Combofix when you`re ready and post that log.....


OK Kev
all the best


----------



## kevinf80 (Mar 21, 2006)

Okey dokey....


----------



## speedyzap (Feb 26, 2006)

*COMBOFIX LOG UNDER *(started scan 3.41pm > Finished 6.14pm = 2hrs 33min scan)

ComboFix 13-01-23.01 - PETER 01/24/2013 17:55:43.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.329 [GMT 11:00]
Running from: c:\documents and settings\PETER.PETER-OYOU4XROG\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\PETER.PETER-OYOU4XROG\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\PETER.PETER-OYOU4XROG\Application Data\Adobe\plugs
c:\documents and settings\PETER.PETER-OYOU4XROG\Application Data\Azcu
c:\documents and settings\PETER.PETER-OYOU4XROG\Application Data\Azcu\yqev.ynp
c:\documents and settings\PETER\WINDOWS
C:\nspr4.dll
C:\nss3.dll
C:\plc4.dll
C:\plds4.dll
C:\softokn3.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr70.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-24 to 2013-01-24 )))))))))))))))))))))))))))))))
.
.
2013-01-23 10:00 . 2012-11-01 12:17	521728	-c----w-	c:\windows\system32\dllcache\jsdbgui.dll
2013-01-23 02:43 . 2013-01-23 07:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVAST Software
2013-01-23 02:43 . 2013-01-23 02:43	--------	d-----w-	c:\program files\AVAST Software
2013-01-22 18:41 . 2013-01-22 19:04	181064	----a-w-	c:\windows\PSEXESVC.EXE
2013-01-22 18:41 . 2004-06-11 21:33	290304	----a-w-	C:\subinacl.exe
2013-01-22 18:35 . 2013-01-22 18:35	--------	d-----w-	c:\program files\Tweaking.com
2013-01-22 18:30 . 2013-01-22 19:04	--------	d-----w-	C:\Tweaking.com_Windows_Repair_Logs
2013-01-22 13:40 . 2008-11-25 11:42	30592	-c--a-w-	c:\windows\system32\dllcache\rndismpx.sys
2013-01-22 13:40 . 2008-11-25 11:42	30592	-c--a-w-	c:\windows\system32\dllcache\rndismp.sys
2013-01-22 11:10 . 2006-12-28 13:31	19569	----a-w-	c:\windows\002785_.tmp
2013-01-22 09:57 . 2008-04-13 18:41	33792	----a-w-	c:\program files\Messenger\custsat.dll
2013-01-22 09:57 . 2008-04-13 18:41	81920	----a-w-	c:\windows\system32\ieencode.dll
2013-01-22 09:55 . 2004-07-17 00:40	19528	----a-w-	c:\windows\004195_.tmp
2013-01-21 03:18 . 2013-01-21 03:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2013-01-20 11:41 . 2013-01-20 11:41	--------	d-----w-	C:\_OTL
2013-01-15 14:51 . 2013-01-15 14:51	--------	d-----w-	c:\documents and settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\WMTools Downloaded Files
2013-01-04 03:04 . 2013-01-04 03:06	--------	d-----w-	C:\400489b79493023d5f
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-23 15:01 . 2013-01-23 15:01	141738	----a-w-	C:\TDSSKiller.2.8.15.0_23.01.2013_21.25.23_log.zip
2013-01-13 02:35 . 2012-04-01 05:53	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-13 02:35 . 2011-05-15 04:24	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2001-08-18 12:00	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-14 05:49 . 2009-02-18 18:00	18800	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2001-08-18 12:00	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2008-09-17 00:44	1371648	----a-w-	c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2008-04-21 15:10	375296	----a-w-	c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2008-04-21 15:10	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-01 12:17 . 2008-04-21 15:10	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2008-04-21 15:10	916992	----a-w-	c:\windows\system32\wininet.dll
2012-11-01 00:35 . 2008-04-22 11:28	385024	----a-w-	c:\windows\system32\html.iec
2012-06-16 10:53 . 2011-11-10 06:41	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 08:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 08:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 08:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 08:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2012-09-10 436728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-27 417792]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-29 296056]
"SoundMan"="SOUNDMAN.EXE" [2006-11-16 577536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\DAN\Start Menu\Programs\Startup\
DirectDVD Update Manager.lnk - c:\program files\Orion Studios HD\UpdateHD.exe [2011-4-9 456192]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\config.msi\c2f98.rbf [2001-2-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-8 24633]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2012-09-10 08:17	436728	----a-w-	c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 02:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-01-23 04:43	247728	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\explorer.exe"= %windir%\explorer.exe
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [4/22/2008 2:28 AM 70528]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/27/2012 1:20 AM 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/19/2009 5:00 AM 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/19/2009 5:00 AM 18800]
S3 53292574;53292574; [x]
S3 cpuz134;cpuz134;\??\c:\docume~1\PETER~1.PET\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\PETER~1.PET\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 mbamchameleon;mbamchameleon;\??\c:\windows\system32\drivers\mbamchameleon.sys --> c:\windows\system32\drivers\mbamchameleon.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 02:35]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:36]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:36]
.
2013-01-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 08:21]
.
2013-01-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 08:21]
.
2013-01-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 08:21]
.
2013-01-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 08:21]
.
2013-01-23 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2001-08-18 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\documents and settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\
FF - prefs.js: browser.search.selectedEngine - Produtools Manuals 2.1 Customized Web Search
FF - ExtSQL: 2013-01-23 01:09; [email protected]; c:\documents and settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\extensions\[email protected]
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=99a8f3c47fba4ffe878c2547f7a45875&tu=10Go5006E2B000c&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 40277d930000000000000040f46681b1
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15727
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.160:49
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1042
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN24036601778088-1043
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISW - c:\program files\CheckPoint\ZAForceField\ForceField.exe
SafeBoot-13892486.sys
SafeBoot-26681414.sys
SafeBoot-77148412.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-MozillaMaintenanceService - c:\program files\Mozilla Maintenance Service\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-24 18:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-01-24 18:13:47
ComboFix-quarantined-files.txt 2013-01-24 07:13
.
Pre-Run: 68,487,086,080 bytes free
Post-Run: 68,682,498,048 bytes free
.
- - End Of File - - BEBF566A0FFBE88AC4C26ABB81F5CA53


----------



## speedyzap (Feb 26, 2006)

1] Some more Windows Update Files installed > mainly security fixes.

2] Then one update would NOT go in - Instruction as follows:

WINDOWS UPDATE INSTALLER
"Some updates could not be installed:
The following updates were not installed:
Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847)x86 "

I tried to install it 3 times but failed. It is still sitting in Updates wanting to install

See link for this Update: http://support.microsoft.com/kb/951847

3] A pop up message came up (bottom right corner) when Combofix was scanning and said something like: Windows virtual memory is too low.....(think it then said) ...windows is expanding your memory .........


----------



## speedyzap (Feb 26, 2006)

1]Tried to install MSE

unfortunately same error code as last time:

http://windows.microsoft.com/en-US/...p&v2h=win7tab1&v3h=winvistatab1&v4h=winxptab1

error code 0 X 80070643

2] Also a stysem restore point can still not be set


----------



## kevinf80 (Mar 21, 2006)

OK, do the following:

1. Close any open browsers.

2. *Close/disable all anti virus and anti malware programs* so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
ClearJavaCache::
FireFox::
FF - ProfilePath - c:\documents and settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=99a8f3c47fba4ffe878c2547f7a458 75&tu=10Go5006E2B000c&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 40277d930000000000000040f46681b1
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15727
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.160:49
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1042
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN24036601778088-1043
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

Next,

It is probably worthwhile try to flush the System Restore cache, see if that makes any difference. To do this "Turn off" System restore > Left click start > Right click My Computer > Left click Properties > Select System restore tab > put tick in Turn off System Restore box > apply > ok. To reverse as previous but remove the tick from Turn off System Restore > apply ok.

Create a new restore point > Start > all programs > accessories > system tools > system restore > create a restore point > In the Restore point description box give it a name for reference eg. Clean 1. The time and date are added automatically > then select create and follow the prompts.

Post CF log and let me know if System Restore worked....


----------



## speedyzap (Feb 26, 2006)

OK will do.

How long do you expect Combofix will run for as last scan took over 2 hours ?


----------



## kevinf80 (Mar 21, 2006)

I cannot estimate how long the CF scan will take, usually a script run will take less time than the full scan.


----------



## speedyzap (Feb 26, 2006)

OK Combofix script running

(on my laptop at present)


----------



## kevinf80 (Mar 21, 2006)

Okey dokey....


----------



## speedyzap (Feb 26, 2006)

*COMBOFIX SCRIPT LOG under:* (started 10.30pm > Finished 1.04am = 2hrs 34mins run time)

ComboFix 13-01-23.01 - PETER 01/25/2013 0:42.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.338 [GMT 11:00]
Running from: c:\documents and settings\PETER.PETER-OYOU4XROG\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PETER.PETER-OYOU4XROG\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-12-24 to 2013-01-24 )))))))))))))))))))))))))))))))
.
.
2013-01-23 10:00 . 2012-11-01 12:17	521728	-c----w-	c:\windows\system32\dllcache\jsdbgui.dll
2013-01-23 02:43 . 2013-01-23 07:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVAST Software
2013-01-23 02:43 . 2013-01-23 02:43	--------	d-----w-	c:\program files\AVAST Software
2013-01-22 18:41 . 2013-01-22 19:04	181064	----a-w-	c:\windows\PSEXESVC.EXE
2013-01-22 18:41 . 2004-06-11 21:33	290304	----a-w-	C:\subinacl.exe
2013-01-22 18:35 . 2013-01-22 18:35	--------	d-----w-	c:\program files\Tweaking.com
2013-01-22 18:30 . 2013-01-22 19:04	--------	d-----w-	C:\Tweaking.com_Windows_Repair_Logs
2013-01-22 13:40 . 2008-11-25 11:42	30592	-c--a-w-	c:\windows\system32\dllcache\rndismpx.sys
2013-01-22 13:40 . 2008-11-25 11:42	30592	-c--a-w-	c:\windows\system32\dllcache\rndismp.sys
2013-01-22 11:10 . 2006-12-28 13:31	19569	----a-w-	c:\windows\002785_.tmp
2013-01-22 09:57 . 2008-04-13 18:41	33792	----a-w-	c:\program files\Messenger\custsat.dll
2013-01-22 09:57 . 2008-04-13 18:41	81920	----a-w-	c:\windows\system32\ieencode.dll
2013-01-22 09:55 . 2004-07-17 00:40	19528	----a-w-	c:\windows\004195_.tmp
2013-01-21 03:18 . 2013-01-21 03:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2013-01-20 11:41 . 2013-01-20 11:41	--------	d-----w-	C:\_OTL
2013-01-15 14:51 . 2013-01-15 14:51	--------	d-----w-	c:\documents and settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\WMTools Downloaded Files
2013-01-04 03:04 . 2013-01-04 03:06	--------	d-----w-	C:\400489b79493023d5f
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-23 15:01 . 2013-01-23 15:01	141738	----a-w-	C:\TDSSKiller.2.8.15.0_23.01.2013_21.25.23_log.zip
2013-01-13 02:35 . 2012-04-01 05:53	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-13 02:35 . 2011-05-15 04:24	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2001-08-18 12:00	290560	----a-w-	c:\windows\system32\atmfd.dll
2012-12-14 05:49 . 2009-02-18 18:00	18800	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2001-08-18 12:00	1866368	----a-w-	c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2008-09-17 00:44	1371648	----a-w-	c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2008-04-21 15:10	375296	----a-w-	c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2008-04-21 15:10	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-01 12:17 . 2008-04-21 15:10	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2008-04-21 15:10	916992	----a-w-	c:\windows\system32\wininet.dll
2012-11-01 00:35 . 2008-04-22 11:28	385024	----a-w-	c:\windows\system32\html.iec
2012-06-16 10:53 . 2011-11-10 06:41	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 08:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 08:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 08:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 08:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2012-09-10 436728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-27 417792]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-29 296056]
"SoundMan"="SOUNDMAN.EXE" [2006-11-16 577536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\DAN\Start Menu\Programs\Startup\
DirectDVD Update Manager.lnk - c:\program files\Orion Studios HD\UpdateHD.exe [2011-4-9 456192]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\config.msi\c2f98.rbf [2001-2-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-8 24633]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2012-09-10 08:17	436728	----a-w-	c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 02:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-01-23 04:43	247728	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\explorer.exe"= %windir%\explorer.exe
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [4/22/2008 2:28 AM 70528]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/27/2012 1:20 AM 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/19/2009 5:00 AM 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/19/2009 5:00 AM 18800]
S3 53292574;53292574; [x]
S3 cpuz134;cpuz134;\??\c:\docume~1\PETER~1.PET\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\PETER~1.PET\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 mbamchameleon;mbamchameleon;\??\c:\windows\system32\drivers\mbamchameleon.sys --> c:\windows\system32\drivers\mbamchameleon.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 02:35]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:36]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 02:36]
.
2013-01-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 08:21]
.
2013-01-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 08:21]
.
2013-01-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 08:21]
.
2013-01-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 08:21]
.
2013-01-23 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2001-08-18 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\documents and settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\
FF - prefs.js: browser.search.selectedEngine - Produtools Manuals 2.1 Customized Web Search
FF - ExtSQL: 2013-01-23 01:09; [email protected]; c:\documents and settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\extensions\[email protected]
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-25 00:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2128)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-01-25 01:00:26
ComboFix-quarantined-files.txt 2013-01-24 14:00
ComboFix2.txt 2013-01-24 07:13
.
Pre-Run: 68,837,138,432 bytes free
Post-Run: 68,703,866,880 bytes free
.
- - End Of File - - A88618D03AF8637D070AD266E993E7E9


----------



## speedyzap (Feb 26, 2006)

1] System Restore Point now works and is set by me as: Clean1, 1.28am, 25 January 2013

2] Note: Another System Restore Point was added for: 1.24am 25 January 2013 'System Checkpoint'
Don't know how 'System Checkpoint' was done??

Now works > Well Done Kevin

Getting there....


----------



## speedyzap (Feb 26, 2006)

Still the following need your advice (without jumping the gun):

1] One update would NOT go in - Instruction as follows:
WINDOWS UPDATE INSTALLER
"Some updates could not be installed:
The following updates were not installed:
Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847)x86 "

I tried to install it 3 times but failed. It is still sitting in Updates wanting to install

See link for this Update: http://support.microsoft.com/kb/951847

Is the above a problem that needs fixing or is it because SP2 &SP3 installed so this is No longer reqd?

2] Tried MSE install attempt again and same error code

3] Possible DVD drive recovery?


----------



## kevinf80 (Mar 21, 2006)

Ok we can ignore the update for now, lets have a go at your CD/DVD drives. Go to the following link and run the "Fixit" see if that makes any difference..

http://support.microsoft.com/mats/cd_dvd_drive_problems/en

If that does get your CD/DVD going, use your Norton CD and try to get some security onboard..

Kevin...:up:


----------



## speedyzap (Feb 26, 2006)

OK will try


----------



## speedyzap (Feb 26, 2006)

Did the DVD check

I think MS Fixit is telling me to open up my desktop and play with the connections to see if they are physically installed correctly (a good pin connection)(after turning the PC off first off course)

Is that what you think too? (see upload of check)

EDIT: Looks like the upload did not attach

Copy and past under:

Troubleshoot CD/DVD Drives	Publisher details
Issues checked
Your CD/DVD class filter was not recognized
Checked	
Your CD/DVD device is not recognized
Checked	
Issues checked	Detection details
6
Your CD/DVD class filter was not recognized	Checked	
Your CD/DVD device may not be recognized when plugged into your computer. This problem may occur if upper and lower filters are being used in the registry.
6
Your CD/DVD device is not recognized	Checked	
Your CD/DVD device may not be recognized when plugged into your computer. This problem may occur if upper and lower filters are being used in the registry.
Detection details	

Publisher details


----------



## kevinf80 (Mar 21, 2006)

Wow, we`ve just gone over 100 replies in this thread...


----------



## speedyzap (Feb 26, 2006)

Fixit said Unplug removable device and plug into another port - to let driver recognise and install. I clicked on "No removable device > continue"

then recommended
Shut down>DVD device power cables and power connections uplugged and plugged back in to ensure proper connection. If a power switch turn it off and back on. If drive still not detected contact manufacturer

Edit: Kev, if I am overusing this thread, perhaps I better end it here?


----------



## kevinf80 (Mar 21, 2006)

Hey no, you`re not overusing the thread, it takes as long as it takes. I`m always here to help.... Its awhile since I worked on XPsystems so am a bit rusty...
I`ll have to think about the CD issue, I remember the issue with the upper/lower filters, just need to remember the fix....lol


----------



## speedyzap (Feb 26, 2006)

Whew! Thats good! See what we can do about the DVD

I suppose my main issue that needs resolving is the System Security (MSE/Norton?etc)

It doesn't seem like u think it is a physical good connection problem? Should I open my desktop and plug and unplug the connection leads a few times ?


----------



## kevinf80 (Mar 21, 2006)

Yes that is worth doing, Also check in Device Manager scroll to CD/DVD- Rom drives, expand tthat entry, are there any exclamation or question marks.....
You can also right click on the expanded entry and select "Update Driver software" then follow the prompts....

At present we need to get some security installed, if Norton is possible, we try that route...


----------



## speedyzap (Feb 26, 2006)

Firstly, I'll do the physical pin connections test much later today

Next, the device does have an exclamation point (pioneer DVD/R) - did the right click and Wizard said: "...could not find a better match than the software you have"

I actually have two DVD players in there - only one recognised


----------



## kevinf80 (Mar 21, 2006)

Go back to Device manager again, right click on the CD/DVD entry and select UNinstall, then re-boot. Windows should see the device and attribute a new driver....


----------



## speedyzap (Feb 26, 2006)

OK will try


----------



## speedyzap (Feb 26, 2006)

I uninstalled OK, then re-booted, just a balloon came up bottom right, I clicked on it and nothing happened. Installed a CD and nothing.

Went into device manager again and it was back there with an exclamation mark

Tried another update driver and no luck either

I put a DVD in DVD player and nothing, just a green light coming on briefly (which means power is connected)


----------



## speedyzap (Feb 26, 2006)

Gotta go! back later in about 10-12 hours. Will try the connections then too

Thanks Kev


----------



## kevinf80 (Mar 21, 2006)

OK, maybe worth checking make/model of the CD/DVD drives, go to manufacturer website and see if they have driver available, if those are quite old models windows may not have an applicable driver??

Catch up later,

Kevin


----------



## speedyzap (Feb 26, 2006)

Aren't the drivers built into the DVD unit itself?


----------



## kevinf80 (Mar 21, 2006)

No drivers are not built into the unit, Windows attributes its own driver. Worth trying to go to manf. web site see if they have there own driver available....
In your system now both are seen in device manager, both have correct drivers attributed. Maybe worth trying them in another PC, see if they work, or try another device in your own PC... Maybe they are just not working/defective???


----------



## speedyzap (Feb 26, 2006)

I spoke to a local computer shop. He said, 9 times out of ten if the DVD is more than 8 yo (as mine are), its usually that they need replacing.

I still have an IDE MB without SATA connections, so I would have to get an IDE DVD RW off eBay for $19 (2nd hand). Making sure it has driver updates with the Manufacturer

My Pioneer is Model DVD-R-mDW-117d and I could not find any drivers still on their support sie


----------



## speedyzap (Feb 26, 2006)

I just checked out my two DVD players inside my desktop:

The Pioneer DVD-R/RW Writer, even though Device Manager says its code is: DVR-117d, The correct code on the unit reads: DVR-115DKB

The second unit is actually only a Pioneer DVD ROM (not a writer/burner) and its correct code is: DVD-106S

I played with the connections on the DVD writer and turned it back on and that made no difference to the unit playing a disc

However, I now realised why the older DVD ROM never played, when I got the newer DVD writer, I tried to have them both playing, but both units need three connections to them (the power, the 24pin? connector, the little slim black 4 pin connector) and there is only one set of three of those. The second unit only has another 24 pin? connector and power, but not another slim black 4 pin connector.

Good News! So I connected the three set up to the old DVD ROM and guess what is works! Itried a couple of discs and they pop up on screen.Plays music CD's as well.

[Also, when I plugged the 24 pin connector and the power connector into the DVD writer (both units connected together) what happened was that device manager only regognised the Pioneer DVD writer (not the ROM unit). So I unplugged the writer and then device manager recognised the ROM unit only. It could be my MB is only designed to handle one DVD player?]

Kev, you suggested I run the Norton Security disc - should I now do it?

Any reason we needed the to do it by disc rather than an online download (any advantage)?


----------



## speedyzap (Feb 26, 2006)

Anyway, I downloaded Norton Internet Security:

Problems:
* It did not let me select any options before or during install
* It did not auto re-boot as these programs normally do, but I re-booted but to no avail
* When clicking on the Norton Icons (Norton Security Suite and Norton Live Updates) these do not open
* Now I have random inability to access IE and Firefox browsers - mostly don't work and partly do work. At the moment Firefox browser not working at all
* I clicked on Norton "Get Support" (PC based) and it checks Norton programs and tells you if there is anything wrong. Sometimes it tells me nothing is wrong?? Another couple of times it tells me it "has encountered an error" and tells me it is error: 8504, 104 Which autofix cannot fix and then it prompts you to press "Open Support Website" which off course does not connect to the server, (after a good number of attempts)

It may be that Norton is somehow blocking randomly attempts to gain access to internet. I don't know because its user page won't open up.

When opening up Windows Security Centre, it now says that I have Virus protection supplied by Norton and it is on, uptodate and virus scanning is on.

One thing I forgot to ask you - should I have turned Microsofts Firewal OFF before loading Norton? If so, I can't see how to turn it off anyway. MS Firewall says Norton Int Security is currently ON.

Perhaps I should un-install Norton and try again?

NOTE: I just clicked on a security icon at the start of the URL line and it says for a number of addresses: "This website does not supply ownership information" also it says "This website does not support encyption....."
This might give us a clue that it is a Norton icon. Perhaps in the auto setup Norton tweeks it settings for security way too high??
NOTE: Now Norton Autofix randomly pops up on screen and tells me it has detected that same eror: 8504, 104 and is serching for a fix and again tells me to go to their website and on pressing button it does not connect to server even though it tries. *This is the link it is trying to get*: https://www-secure.symantec.com/nor...-25-2013 15:56:26 PM GMT&curdefs=20111203.009 but never connects


----------



## speedyzap (Feb 26, 2006)

Fierfox browser not allowing any URL's

OE browser allows most URL's but not some (e.g., www.google.com) ??

off course allows Techguy

BTW: I used the Norton DVD disc to download the Norton Security Suite via the DVD ROM


----------



## speedyzap (Feb 26, 2006)

Mawarebytes not being allowed to update now. Mbytes error code: (0,0, I/Q error)

Norton stopping it ??


----------



## kevinf80 (Mar 21, 2006)

What version of Norton did you install from the DVD, I`d uninstall Norton, maybe install AVast or AVG just to see if the response is better....


----------



## speedyzap (Feb 26, 2006)

I un-installed Norton before checking the version. It doesn't matter because it automatically updates before installation, so it would be the latest (I trust) - with auto re-boot

I got both my browsers working fine now

But for some reason Windows Security Centre is still showing that Norton antivirus is connected and working
BUT in Firewal instead of saying Norton Security is working it only says "one of two Firewalls on this PC are working" I assume it would be the Windows Firewall. It also says that two Firewalls should not work together as they can conflict

So how do I turn Windows Firewall off before downloading a new Security supplier?

Not to mention, how do I correct the Windows Security saying Norton is anti-virus is still working?


----------



## speedyzap (Feb 26, 2006)

I think I call it quits for today and perhaps re-install Norton via their website and see how that goes. Because I installed Norton for my mother and it went fine, giving me options as the install proceeded. 

But I would like to know if Windows Firewall interferes and how to turn it off as well as turn virus Windows reading (that virus protection is on) off - as that may interfere with download too?

OK I just saw how I turn Windows Firewall off - you go to the Firewall icon below Security centre and it allows you to change the setting

but nothing on the Win Sec Centre advice on how to change the virus protection advice incorrectly saying its ON (and put it back to OFF)


----------



## kevinf80 (Mar 21, 2006)

Wait and see what happens when you`ve installed Norton again, we`ll take it from there....


----------



## speedyzap (Feb 26, 2006)

I installed Norton again, this time via their website and still the same problems:
Norton main program and update icons not working to open up program

Note: this time I turned off Windows Security Firewall on install

This time Norton error code 8504, 104 actually did bring me to the Symantec server and it instructed me to use Norton Removal Tool. Basically that removed any old dated Norton products and what seems most of the Norton download. Then it appeared to get stuck on "Processing MSI's by Product Code" but then finally said "Removal Completed - Restart"

I restarted only to find the same problems as before

I noted this time that after Norton Security said installation was complete, that upon clicking on the "Norton Downloader" Icon that it was still trying to download. I waited quite some time only to conclude that was an error and in conflict with Nortons main "black" screen saying download had completed.

Anyway, I uninstalled Norton again

Now, after trying to install Avast / Zone Alarm (before) and now Norton without success, is there there something missing (a registry?) or corrupted or virus infected in my XP OS that is the culprit in all of these failures to install effectively?

(I have turned Windows Firewall back on - even though Security Centre was saying one of two fiewalls was connected and working [wrong])


----------



## kevinf80 (Mar 21, 2006)

OK, something is not quite right with your system, we need to have another attempt with SP3. Go to the following link, download and save Service Pack 3 (SP3) to your Desktop.

http://www.microsoft.com/en-us/download/details.aspx?id=24

Now we continue, remove Norton also use their removal tool to ensure all remnants are gone.

Go to this link http://support.microsoft.com/kb/950249 follow the instructions to remove Service Pack 3 (SP3). When SP3 is removed, re-boot the PC.

Now continue with this:

Copy all the text in the code box that follows to Notepad.* Make sure you click on Notepad's Format menu and uncheck Word Wrap first.


```
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\BITS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\WUAUSERV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\BITS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\WUAUSERV]
@="Service"
```
Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to All Files.

Next navigate to your desktop, and enter the file name *fixme.reg*, and click Save.

You should now find a new file on your desktop named *fixme.reg*. Double click on *fixme.reg*. You will get a warning, agree to the merge, and then a message the file has been merged will immediately pop up.

Now boot the system to Safe Mode.* Once you are in Safe Mode, install SP3.

Finally reboot into regular Windows and let's see if things are working now.

If they are, do a Windows Update.* After that completes, reboot, and do Windows Update again, and so on, until there are no more to do, since even the updates have updates and updates of updates.

When that is finished, use the following to clean up the system....

Download







TFC to your desktop, from either of the following links
http://oldtimer.geekstogo.com/TFC.exe
http://itxassociates.com/OT-Tools/TFC.exe

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

Install Norton, see how it responds...

Kevin


----------



## speedyzap (Feb 26, 2006)

Hi Kev

Got as far as starting Windows Updates.....a number of security fixes etc updated on the first update try, then re-boot

On the second update install, unfortunately, I got that update that would not go in last time as follows:
"Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86"

Is this update actually required?
Is this update crucial to other updates going in? If so, how do we get it in?

Thanks Kev


----------



## speedyzap (Feb 26, 2006)

I found this link in a search which may be relevant: http://answers.microsoft.com/en-us/...d-family/e9499017-39bb-4e4d-ad61-f2db93030908

also: http://social.technet.microsoft.com/Forums/en/itproxpsp/thread/179029a4-7a87-4126-9a84-4721290b46bc

don't know if this one is any good: http://social.msdn.microsoft.com/Forums/en/netfxnetcom/thread/6b4c4052-4c09-4319-a822-d3b36b935cbe

also this one, scroll about 60-80% of way down: http://www.windowsbbs.com/windows-xp/85502-microsoft-update-failure.html
Comment post reads as follows for the above link: 
Hello Windows BBS
"Resolved" Evaluation of thread -- In my case what was the deciding factor of being able to have a successful download of this update .NET Framework 3.5 Family Update for Windows XP was I had a corrupt file with the 2.0 .NET Framework I say this in believing when Arie had send me a link to remove this 2.0 file from my computer and then immediately restarted the computer then and only then when I went back into the Microsoft Update Utility and tried once again to reinstall the family pack 3.5 everything fell back into place with a successful download. I have to hand it to this gentleman (Arie) in my opinion is right sharp in resolving issues that come up with repairing what ever the issue might be. I be truthful in the beginning here I was thinking I'm going to have to reinstall my XP installation to get it back to where it would successfully download the update never thinking I had a corrupt file on my system. That proves to me there's other ways in solving issues without going to the extreme to solve problems that might arise. Windows BBS is lucky to have his expertise among his team of helpers as well.
Garry"

*I have really no idea - leave it with you Kev*


----------



## kevinf80 (Mar 21, 2006)

What is the state of play now, has the .net framework update worked? are all available updates complete. Where are at with security install?


----------



## speedyzap (Feb 26, 2006)

No! .NET Framework has not installed

Although I put up some links, I did not think it a good idea to follow any of them up without your advice

and I have not done the following because .NET Framework 3.5 not in yet:

" ......do Windows Update again, and so on, until there are no more to do, since even the updates have updates and updates of updates.

When that is finished, use the following to clean up the system....

Download TFC to your desktop, from either of the following links
http://oldtimer.geekstogo.com/TFC.exe
http://itxassociates.com/OT-Tools/TFC.exe
•Save any open work. TFC will close all open application windows.
•Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
•If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

Install Norton, see how it responds..."


----------



## kevinf80 (Mar 21, 2006)

If the guy Arie has given you a solution please take it, that is what i`d recommend. If you do not agree with Arie let me know...

Thanks,

Kevin...


----------



## speedyzap (Feb 26, 2006)

The way I read Arie's advice to gwiner7041 on link: http://www.windowsbbs.com/windows-xp/85502-microsoft-update-failure.html is that nothing worked till he removed .NET Framework 2 with dotnetfx_cleanup_tool and then re-installed .NET Framework 2 via Windows Update (now uncorrupted) then download .NET Framework 3.5 again via Windows Update (and that it now installed for gwiner7041)

Firstly the link for dotnetfx_cleanup_tool : http://astebner.sts.winisp.net/Tools/dotnetfx_cleanup_tool.zip does not actually link now (I can't get the webpage to open) but I guess we could try and find the new link

Next, I can't even see that I have .NET Framework 2 even installed yet in my add / remove programs. I have .NET Framework 2.0 Service Pack 2 (I assume they are *not* the same thing). Please see my add remove program list for Windows programes in the two links as under:

Also, I recall that before we uninstalled Service Pack 3 and reinstalled Service Pack 3 (in safe mode) that my add remove programs had quite a few security fix updates in it which do not show up now in add / remove programs. I wonder why - why did they not update like last time?

So I assume I can't uninstall (remove) a program I haven't even got installed yet. If my reasoning is right where do we go to from here to get all updates in and working?


----------



## kevinf80 (Mar 21, 2006)

Go to this link, http://blogs.msdn.com/b/astebner/archive/2008/08/28/8904493.aspx use that uninstall tool remove all versions of .net framework back to version one.
Re-boot your PC, Run TFC then re-boot again. Run windows updates and see how it progresses...


----------



## speedyzap (Feb 26, 2006)

OK will try it
Note: I downloaded TFC but accidentally ran it as well before using the uninstall tool. Hope that won't cause any probs


----------



## kevinf80 (Mar 21, 2006)

A run with TFC will have made no difference....


----------



## speedyzap (Feb 26, 2006)

Did the .Network uninstalls (I have saved the logs if you want it?)
re-booted
Did the TFC claen
rebooted

then, found there is NO windows update icon working in bottom right hand corner of my homepage screen

so, went to link: http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
and I think it scanned my PC and gave me the following updates:
see attachment add remove list for whats now in add remove programs (after uninstall) part 1: "add remove 3"
see attachment add remove list for whats now in add remove programs (after uninstall) part 2: "add remove 4"
see attachment for windows update list of "optional software updates" 
I note that there are NO high priority updates
I note there is also an update Microsoft .NET Framework 4 Client Profile for Windows XP x86 (KB982670)
>I take it that I don't install that .NET ...4, till later?

Are these the updates you wanted? If so should I check all the boxes in "optional software updates" and install them?


----------



## speedyzap (Feb 26, 2006)

I also notice these 4 updates are available if I click on "software Optional (13)" on same update page
- should I try and install them as well?

Microsoft Bing Desktop
Bing Desktop v1.1
Download size: 2 MB , less than 1 minute 
Make the Bing homepage image your desktop wallpaper. The nature photographs on the Bing homepage aspire to highlight the beauty of our world and spark our curiosity, giving us something to talk about and connect with. With Bing Desktop, the high resolution homepage image can be your Windows desktop background, automatically updated daily. In addition, Bing Desktop marries the beauty of Bing's daily homepage with a quick and convenient search interface that can start a search before opening a browser, allowing you to get the information you need and get on your way faster than ever. Details... 
Don't show this update again

Microsoft Security Essentials Free Antivirus
Microsoft Security Essentials - KB2754295
Download size: 11.6 MB , less than 1 minute 
You may not be running an anti-malware solution and this may leave your PC vulnerable to viruses, spyware and other malicious software. Microsoft Security Essentials is a free anti-malware software offered to Windows users who have purchased a Genuine copy of Windows. Microsoft Security Essentials is licensed for use on home PCs and by small businesses with 10 or fewer PCs. You can download alternative languages directly from www.microsoft.com/security_essentials with the "more information" link below. Details... 
Don't show this update again

Microsoft Silverlight
Microsoft Silverlight (KB2636927)
Download size: 6.6 MB , less than 1 minute 
Microsoft Silverlight is a Web browser plug-in for Windows and Mac OS X that delivers high quality video/audio, animation, and richer Website experiences in popular Web browsers. Details... 
Don't show this update again

Microsoft Windows Live
Windows Live Essentials
Download size: 1.1 MB , less than 1 minute 
Windows Live Essentials provides a set of free programs that help you stay in touch with the people you care about most, edit and share your photos and memories, and even help you keep your kids safer online. Programs include Windows Live Messenger, Mail, Writer, Photo Gallery, Family Safety, Toolbar, and Movie Maker. Details... 
Don't show this update again


----------



## kevinf80 (Mar 21, 2006)

I`d say yes to the .net framework update 4, as far as i`m aware if offered it will be OK.

Yes to Microsoft Security Essentials

No to Bing and Windows Live, Silverlight is up to you, I see nothing wrong with it....


----------



## speedyzap (Feb 26, 2006)

OK, so I tried to download the 8 x "optional" updates
They all went in except for:
"Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86"

so I thought I'll do another re-boot and see if any other updates come in and there was .NET Framework 3.5 again, it was there, so I tried to install again and then it actually said it was installed OK (I watched the green install lines installing for about 10 mins)

*and here is the strange thing,* I said great! I'll do another re-boot and see what other update come up and there was that rotten .NET Frame work 3.5 again. I thought it was installed??? I went to add / remove programs and could not find it in the list. I then tried to re-install it again but it failed !!! I really hate it when windows plays sill games like that - why did it say it installed but then really didn't?

See attachment Windows Update page 2 (for update still needing install and update failed)

See attachment Add Remove list 5 (for current windows .NET etc) Note: SP3 in but not in attacment pic > lower down
Note: SP 2 appears back in again in now

Don't know what to to now - any ideas?


----------



## speedyzap (Feb 26, 2006)

Now you can see that I am not having you on about that .NET FRAME 3.5 supposedly installing and then not being installed by looking at the two attachments under of pics of Windows Update History:


----------



## kevinf80 (Mar 21, 2006)

I would not have updated with the optional ones, i`d have left them out and just gone for the priority/essential ones. Use the removal tool and remove .net framework back to 1. Re-boot. 
Try to install MSE as per the available update, see how that goes.. if .net framework is offered again as a priority only, try that. do not install optionals..


----------



## speedyzap (Feb 26, 2006)

OK will do


----------



## kevinf80 (Mar 21, 2006)

Okey dokey...


----------



## speedyzap (Feb 26, 2006)

No .NET Framework 3.5 still did not install

No MSE also did not install

See attachment summary (summary done after MSE install try but NET 3.5 tried twice after removal tool & re-boot )

I've run our of ideas besides doing a search tomorrow - maybe re-install .NET Frameworks, except for Framework 2 and re-try?


----------



## speedyzap (Feb 26, 2006)

One thought that crossed my mind was, maybe .NET 3.5 needs the earlier .NET Frameworks 1 and 2 installed first (possibly even with their updates, if they had any?) before .NET Framework 3.5 can go in?

In other words, maybe one of the original .NET Frameworks 1 and 2, etc, were corrupted and if we re-install them separately and clean, before 3.5, then 3.5 may take?


----------



## kevinf80 (Mar 21, 2006)

Yes you`re probably correct, maybe best to remove all versions and start again fresh... Let me know how you progess...


----------



## speedyzap (Feb 26, 2006)

We removed all the .NET Frameworks in post 141 didn't we? Or should we use the removal tool again just to be sure?

How do I re-install all the .NET Frameworks one by one - is there a link? If so should I do updates after each link is installed (as there might be patches or updates for each Framework)?

Am I correct in saying the Frameworks that need re-installing before trying 3.5 again, are Frameworks 1, 2 and 3 ?


----------



## kevinf80 (Mar 21, 2006)

.NET is an integral part of many applications running on Windows, many applications require different versions to enable them to run correctly. If you still have problems with the later versions I`d say to remove them once again back to the base level 1. Use of the removal tool is definitely recommended as it uninstalls them fully.
When that is complete run TFC to help with the clean up up action. Then check through Windows updates and let it decide what you need.
Have installed any security yet?

If you want a d/l site go here http://www.microsoft.com/net/download/earlier-versions I do have XP Professional running that has all versions from 1.0 through to 4.0, same with my versions of Vista and Windows 7....


----------



## speedyzap (Feb 26, 2006)

OK I'll run the removal tool again, 
The removal tool is: dotnetfx_cleanup_tool.zip - ZIP archive, unpacked size 314,151 bytes is that the correct one? Then click on the box cleapup_tool.exe > is that right?

then TFC as well

No *no *security (namely recently MSE) has installed, even though tried several times

I don't recall Windows updater wanting to install all the frameworks after the above was done last time. Thats why I suggested install the Frameworks as under in order lowest to highest as under using the link you provided http://www.microsoft.com/net/download/earlier-versions :
Install earlier versions of .NET
•.NET Framework 3.5 (SP1 latest) ›
(Note: This version is also installed by Windows 7.) 
•.NET Framework 3.0 (SP2 latest) ›
(Note: This version is also installed by Windows Vista and Windows Server 2008.) 
•.NET Framework 2.0 (SP2 latest) ›
•.NET Framework 1.1 (SP1 latest) ›
•.NET Framework 1.0 (SP3 latest) ›
(Note: This is how to obtain the latest .NET Framework 1.0 service

so should istall the above one by one and not windows updater?

I assume the removal tool has removed all the above automatically (except 3.5) and I now have to re-install them one by one manually using the separate install options in your link, is that right?


----------



## kevinf80 (Mar 21, 2006)

In reality you do not need .net framwork on your system, for now remove them all. Re-boot when complete. Start using your system as normal, if you have any applications installed that need .net framework you will be promted if the application does not work. 
If possible can you try to install your Norton security, Norton does not require .net framework....


----------



## speedyzap (Feb 26, 2006)

I'll remove them (another go with removal tool) > then TFC > then Norton attempt

will get back to you then

(you appear hesitant for me to install the frameworks one by one manually - do you envisage problems doing that?)


----------



## speedyzap (Feb 26, 2006)

Kev
I note that the Framework clean up utility even after two runs and two re-boots, still shows:
.NET Framework 1.1 installed with no service packs
.NET Framework 2.0 installed with Service Pack 2

It shows the other service packs as not installed, but I thought if clean up did its job that 1.1 and 2.0 (with SP2) should have been removed? Did something go wrong? Please advise?

Thanks

See first part (only) of the log file under where you can see the two frameworks are still installed ??

======================================================================
[01/28/13,04:12:02] Beginning of new cleanup utility session
[01/28/13,04:12:02] Build created on August 3, 2012
[01/28/13,04:12:02] Detected operating system: Windows XP (x86)
[01/28/13,04:12:02] Install state for .NET Framework 1.0: not installed.
[01/28/13,04:12:02] Install state for .NET Framework 1.1: installed with no service packs.
[01/28/13,04:12:02] Install state for .NET Framework 2.0: installed with service pack 2.
[01/28/13,04:12:02] Install state for .NET Framework 3.0: not installed.
[01/28/13,04:12:02] Install state for .NET Framework 3.5: not installed.
[01/28/13,04:12:02] Install state for .NET Framework 4 Client: not installed.
[01/28/13,04:12:02] Install state for .NET Framework 4 Full: not installed.
[01/28/13,04:12:02] Install state for .NET Framework 4.5: not installed.
[01/28/13,04:12:02] Not adding product '.NET Framework - All Versions (Tablet PC and Media Center)' because the OS condition does not match
[01/28/13,04:12:02] Not adding product '.NET Framework - All Versions (Windows Server 2003)' because the OS condition does not match
[01/28/13,04:12:02] Not adding product '.NET Framework - All Versions (Windows Vista and Windows Server 2008)' because the OS condition does not match
[01/28/13,04:12:02] Not adding product '.NET Framework - All Versions (Windows 7)' because the OS condition does not match
[01/28/13,04:12:02] Not adding product '.NET Framework - All Versions (Windows 8)' because the OS condition does not match
[01/28/13,04:12:09] Starting cleanup for product .NET Framework - All Versions
[01/28/13,04:12:09] Section [Stop Services - .NET Framework Common] - start parsing entries
[01/28/13,04:12:09] Found entry msiserver, performing action now
[01/28/13,04:12:09] Attempting to stop the service 'msiserver'
[01/28/13,04:12:09] The service 'msiserver' was already stopped
[01/28/13,04:12:09] Found entry httpfilter, performing action now
[01/28/13,04:12:09] Attempting to stop the service 'httpfilter'
[01/28/13,04:12:09] The service 'httpfilter' was already stopped

*Doing TFC next, then Norton*


----------



## speedyzap (Feb 26, 2006)

I did TFC and re-booted

Then tried Norton install again, no luck, same problem as last time. Icons do not give access to Norton program and access to internet restricted. Accordingly, I unistalled Norton using Norton removal tool. Then deleted all Norton icons, except for the removal tool. There must be a logical reason why 3 X 
security install programs failed. Remembering that other programs like adobe XI did install after the service packs went in?

Could you also respond on my questions in my previous post re the Frameworks?


----------



## kevinf80 (Mar 21, 2006)

I`m really unsure what is at fault with .net framework, If those versions came preinstalled with the OS maybe that is why they do not UNinstall. Do they actually show in Add/Remove Programs list? Can they be removed from there....

Also the issue with installation of Security is very odd, especially if the likes of Adobe install ok..

Right d/l and save an installer for either Avast, AVG or MSE. a standard free version, they are available from FileHippo at this link:

http://www.filehippo.com/

Then I want you to boot your system into Safe mode and try to install the security from that state... See if that makes any difference whatsoever.

If we make no headway with this it maybe that there is still an infection on your system, we may have to look at that again. Also a re-format and re-install could be the only way forward, that would also mean updating SP`s again.... Sigh...


----------



## speedyzap (Feb 26, 2006)

kevinf80 said:


> I`m really unsure what is at fault with .net framework, If those versions came preinstalled with the OS maybe that is why they do not UNinstall. Do they actually show in Add/Remove Programs list? Can they be removed from there...
> 
> See attachments A & B for a PrtScn of that part of add / remove programs under:
> 
> ...


----------



## speedyzap (Feb 26, 2006)

"Also the issue with installation of Security is very odd, especially if the likes of Adobe install ok.." 

Remember that Adobe reader XI finally installed after we got SP2 & SP3 to finally install

Note: I just tried to install my Office Professional Edition 2003 and it would not go install, saying it could not gain an access path to my Office disc (DVD) (even though it was in my DVD player and allowing display of programs to install)

Have we partly dismantled SP2 & SP3 with Framework clean up, because I certainly can't see SP2 in there in any form any more? It was there before removal clean up did its job.


----------



## kevinf80 (Mar 21, 2006)

.net framework removal should not effect SP2 and SP3 service packs, have you tried to install a security program in safe mode?


----------



## speedyzap (Feb 26, 2006)

I've just downloaded Avast (not installed) and have its exe icon on desktop ready to go when I get in to safe mode

Will do shortly

Why don't I see SP 2 in there now after the Framework clean up? Was there before that

Remember I have not done any Windows Update yet since latest Framework clean up


----------



## speedyzap (Feb 26, 2006)

I'm in safe mode now and supossedly Avast is doing a "quick scan". It is also telling me the installation is complete.
I'll believe that when I re-boot and see. It supposedly has finished the scan but no data or report provided.

I will re-boot back into normal mode and see what happens


----------



## speedyzap (Feb 26, 2006)

Avast is not working out of safe mode
and
In safe mode it appears to work very awkwardly. For example in safe mode you can do a manual scan, but if you pause and vary from that page, you can't pick the scan again, likely it aborts when you move away from that page.. I didn't have the patience to see what might have happened if I waitted for the scan to finish in safe mode

See attachment of Avast Summary Current Status in normal mode - it says unsecured, stopped and inconsistent. The "Fix Now" button does nothing. This samesummary reading is not evident in safe mode.


----------



## speedyzap (Feb 26, 2006)

Here is an attachment pic of Avast Summary Current Status page

It appears to be working - why the difference in safe mode


----------



## speedyzap (Feb 26, 2006)

See attachment of avast scanning for viruses *in safe mode*
doing a quick scan this time - shocker of a security system

might wait for it to finish this time


----------



## speedyzap (Feb 26, 2006)

Kev
I only did 3% scan in safe mode with Avast because after 3% it was registering that it had found some viruses. So I wanted to see the nature of them and stopped the scan for a readout. The readout said that I think 3 or 5 HIGH level bugs were found. So I pressed the action button which I think basically quarantined those bugs (used different terminolgy though). It then recommended a boot scan to be scheduled which I agreed to. Unfortunately, the boot scan didn't take because I didn't go back into safe mode on reboot. So I went back into reboot and scxheduled another boot scan and rebooted. The bootscan run page (as in start "run"> that black box] just seemed to kick off and do nothing. Didn't have the time to wait so I rebooted back into safe mode to do a normal longer scan and it automatically went into boot scan mode again. So I rebooted and went back into normal mode. Please don't think I am too impatient, because Avast is super slow in safe mode

From the above only 3% virus scan finding high priority bugs I have a feeling that that viruses, malware, etc may be a factor in all this that at least needs looking into. I would take it that these initial bugs found may not be remedied because it was done in safe mode and back in normal mode it may not hold those bugs, but there may be more. These bugs appeared to be found in some my music files

Just another point, when I try and do an Avast scan in normal mode Avast says, " Unable to start scan. There are no more end points available from the end point mapper". (whatever that means)

Do you have any appropriate software tools to do a really good search of my hard drive for bugs ? Malware bytes doesn't seem to find many.
OR
Will Avast's actions in safe mode keep those actions to deal with the bugs after going back into normal mode??

See attachment of Avast security report taken in normal mode under:


----------



## kevinf80 (Mar 21, 2006)

Run the following and post the log, be back shortly.....

Please download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.


 Quit all running programs
 Please disconnect any USB or external drives from the computer before you run this scan!
 For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
 Wait until Prescan has finished...
 The following EULA will appear, please select accept










 Ensure MBR scan, Check faked and AntiRootkit are checked
 Select Scan










 When the scan completes select Report, copy and paste that to your reply.










 The log should be found in RKreport[?].txt on your Desktop
 Exit/Close RogueKiller


----------



## speedyzap (Feb 26, 2006)

I kicked over Avast again in safe mode and this time is scanned 10% of files (very slow-took 1 hour)

Got some more results - it did not seem to duplicate the other bugs picked up last time. Once agin they seem to be old music downloads.

See scan results (one page) then second page

I did NOT take any action this time to remove or "move to chest" (quarantine) bugs as I see you want me to kick over rogue killer and I have no idea how Avast deals with the viruses when out of safe mode. Can always do another Avast scan later if you think it works in and out of safe mode

I will have to leave rogue killer and your recommendations till about 12 hours from now as totally out of time

Thanks Kev for sticking with me


----------



## kevinf80 (Mar 21, 2006)

Avast is a great security program, I just wanted to run RK so I can see what it makes of the MBR. Post back anytime you`re ready, we`ll get to the bottom of this eventually...


----------



## speedyzap (Feb 26, 2006)

*Log Rogue Killer under (only one item found):*

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : PETER [Admin rights]
Mode : Scan -- Date : 01/29/2013 20:18:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620A +++++
--- User ---
[MBR] b0285b0f9c99bd8cba028ad7ecba41b6
[BSP] 7780679cf48b7d1b4d2c1b4073c7bd20 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131061 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01292013_02d2018.txt >>
RKreport[1]_S_01292013_02d2018.txt


----------



## kevinf80 (Mar 21, 2006)

Quit all programs that you may have started.


 Please disconnect any USB or external drives from the computer before you run this scan!
 For Vista or Windows 7, right-click and select "Run as Administrator" to start
 For Windows XP, double-click to start.
 Wait until Prescan has finished ...
 Then Click on "Scan" button
 Wait until the Status box shows "Scan Finished"
 click on "delete"
 Wait until the Status box shows "Deleting Finished"
 Click on "Report" and copy/paste the content of the Notepad into your next reply.
 The log should be found in RKreport[?].txt on your Desktop
 Exit/Close RogueKiller

Next,

Run Eset Online Scanner - This is a very thorough scan so may take several hours....

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.


 Turn off the real time scanner of any existing antivirus program while performing the online scan
 click on the Run ESET Online Scanner button
 Tick the box next to YES, I accept the Terms of Use.
*Click Start*
 When asked, allow the add/on to be installed
*Click Start*
 Make sure that the option Remove found threats is unticked
 Click on Advanced Settings, ensure the options
 Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
*Click Scan*
 wait for the virus definitions to be downloaded
 Wait for the scan to finish
*When the scan is complete*


 If no threats were found
 put a checkmark in "Uninstall application on close"
 close program
 report to me that nothing was found
*If threats were found*


 click on "list of threats found"
 click on "export to text file" and save it as ESET SCAN and save to the desktop
 Click on back
 put a checkmark in "Uninstall application on close"
 click on finish
*close program*
*copy and paste the report here*

Post both logs...


----------



## speedyzap (Feb 26, 2006)

*Rogue Killer delete log under: *

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : PETER [Admin rights]
Mode : Remove -- Date : 01/29/2013 21:45:48
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620A +++++
--- User ---
[MBR] b0285b0f9c99bd8cba028ad7ecba41b6
[BSP] 7780679cf48b7d1b4d2c1b4073c7bd20 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131061 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_01292013_02d2145.txt >>
RKreport[1]_S_01292013_02d2018.txt ; RKreport[2]_S_01292013_02d2145.txt ; RKreport[3]_D_01292013_02d2145.txt

*Doing Eset next*


----------



## kevinf80 (Mar 21, 2006)

Ok.....


----------



## speedyzap (Feb 26, 2006)

I noticed the one threat found so far (37% complete) on eset: it description is: "JS/Security Disabler.A.Gen application"

Interesting!


----------



## speedyzap (Feb 26, 2006)

*ESET LOG FILE UNDER:* (SCAN TOOK 2HRS 15MINS)

C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\user.js	JS/SecurityDisabler.A.Gen application
C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Downloads\LimeWireWin.exe	multiple threats
C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\LimeWireWin.exe	multiple threats
C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\registrybooster.exe	a variant of Win32/RegistryBooster application
C:\Program Files\LimeWire\.NetworkShare\LimeWireWin5.5.14.exe	multiple threats


----------



## kevinf80 (Mar 21, 2006)

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe

Double click *OTM.exe* to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....


*Copy* the text from the code box belowbelow to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
ipconfig /flushdns /c
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\user.js
C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Downloads\LimeWireWin.exe
C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\LimeWireWin.exe
C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\registrybooster.exe
C:\Program Files\LimeWire\.NetworkShare\LimeWireWin5.5.14.exe
:Commands
[EmptyTemp]
```

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.

Kevin....


----------



## speedyzap (Feb 26, 2006)

*ANOTHER ISSUE - NOW MY LAPTOP*

Before doing the above on my desktop, I just realised my laptop must have some viruses, because it is now going very slow. Also the laptop won't let me upgrade its existing Zone Alarm Security either.. I also have malware bytes on my laptop and it took over 7 hours to do a quick scan and found nothing. Also Zone Alarm is way out of date and a scan found nothing.

It is possible that perhaps one or two things put these bugs on my laptop > while my wife can't use our desktop that we are working on, she plays scrabble and bubble blitz games on facebook on the laptop. The other being, I put 2 memory sticks in the laptop (with those downloaded music in question on them) to see what was on there.

So, I did a Rogue Killer scan and the report is under:

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Peter [Admin rights]
Mode : Scan -- Date : 01/30/2013 14:37:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST910021A +++++
--- User ---
[MBR] bc221233144a38340fae65a92c4246cf
[BSP] beefda5da16a93740a28fbca42d0601b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 95393 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01302013_02d1437.txt >>
RKreport[1]_S_01302013_02d1437.txt


----------



## kevinf80 (Mar 21, 2006)

Quit all programs that you may have started.


 Please disconnect any USB or external drives from the computer before you run this scan!
 For Vista or Windows 7, right-click and select "Run as Administrator" to start
 For Windows XP, double-click to start.
 Wait until Prescan has finished ...
 Then Click on "Scan" button
 Wait until the Status box shows "Scan Finished"
 click on "delete"
 Wait until the Status box shows "Deleting Finished"
 Click on "Report" and copy/paste the content of the Notepad into your next reply.
 The log should be found in RKreport[?].txt on your Desktop
 Exit/Close RogueKiller

Create and run the following Recue CD on the Desktop PC,

*STEP A:*

*Download and create a bootable Kaspersky Rescue Disk CD*

1. Download the Kaspersky Rescue Disk ISOimage from below.
*KASPERSKY RESCUE DISK DOWNLOAD LINK* (This link will open a new page from where you can download Kaspersky Rescue Disk ISO)
2. Download ImgBurn, a software that will help us create this bootable disk.
*IMGBURN DOWNLOAD LINK* (This link will open a new page from where you can download ImgBurn)
3. You can now insert your blank DVD/CD in your burner.
4. Install ImgBurn by following the prompts and then start this program.
5. Click on the Write image file to disc button.










6. Under Source click on the Browse for file button, then browse to the location where you previously saved the Kaspersky Rescue Disk ISO file.(kav_rescue_10.iso)










7. Click on the big Write button.










8. The disc creation process will now start and it will take around 5-10 minutes to complete.

*STEP B:*

*Configure the computer to boot from CD-ROM*

On some machines,if you restart the computer and repeatedly tap the F11 key it should bring up the Boot Menu, from there you can select to boot from the CD.
IF this doesnt happen then youll need to configure your computer to boot for a CD like youll see below.

Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:

1. Use the Delete or F2 keys, to load the BIOS menu.Information how to enter the BIOS menu is displayed on the screen at the start of the OS boot:










2. In your PC BIOS settings select the Boot menu and set CD/DVD-ROM as a primary boot device.










3. Insert your Kaspersky Rescue Disk and restart your computer.

*STEP C:*

*Boot your computer from Kaspersky Rescue Disk*

1. Your computer will now boot from the Kaspersky Rescue Disk,and youll be asked to press any key to proceed with this process










2. In the start up wizard window that will open, select your language using the cursor moving keys. Press the ENTER key on the keyboard.










3. On the next screen, select Kaspersky Rescue Disk. Graphic Mode then press ENTER.










4. The End User License Agreement of Kaspersky Rescue Disk will be displayed on the screen. Read carefully the agreement then press the C button on your keyboard.










5. Once the actions described above have been performed, the Kasprsky operating system will start.

*STEP D:*

*Launch Kaspersky WindowsUnlocker to remove the malicious registry changes*

This ransomware trojan has modified your Windows system registry so that when youre trying to boot your computer it will instead launch his lock screen.To remove this malicious registry changes we need to use the Kasersky WindowsUnlocker from Kaspersky Rescue Disk.

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky WindowsUnlocker.










IF you cant find the WindowsUnlocker button, you can select Terminal and in the command prompt type windowsunlocker and then press Enter on the keyboard.

2. A white colored console window will appear and will automatically start loading the registry files for scanning and disinfection. The whole process will take only a couple of seconds and after this process you should be able to boot your computer in normal mode.










*STEP E:*

*Scan your system with Kaspersky Rescue Disk*

1. Click on the Start button located in the left bottom corner of the screen and select the Kaspersky Rescue Disk then click on My Update Center and press Start update.










2. When the update process has completed, the light at the top of the window will turn green, and the databases release date will be updated.










3. Click on the Objects Scan tab, then click Start Objects Scanto begin the scan.










4. If any malicious items are found, the default settings are to prompt you for action with a red popup window on the bottom right. Delete is the recommended action in most cases but we strongly recommend that you try first to disinfect , and if it doesnt work chose to quarantine the infected files just to be on the safe side.










5. When all detected items have been processed and removed, the light in the window will turn green and the scan will show as completed.










6. When done you can close the Kaspersky Rescue Disk window and use the Start Menu to Restart the computer.

7. When booted back into Windows Navigate > Start > Computer > C:\Kaspersky Rescue Disck 10.0 Open the folder, inside is log from KRD run named "ScanObject" copy/paste that file to your reply.

If you have concerns for the USB sticks it is best to vaccinate them with tool available at Panda Security, available here:

http://www.pandasecurity.com/homeusers/downloads/usbvaccine/

Kevin


----------



## speedyzap (Feb 26, 2006)

Hi Kev

1] - sorry for the delay I've been busy saving as many files from the different accounts on my desktop HD as possible. Had to go out and buy some memory sticks and a small external HD. I transfered just about all my desktop music and video files to two memory sticks to increase my chances of a clean OS in the end. That is I deleted as many music and video files as possible after transferring them to memory stick. I also tried to save "clean" important items onto the new external 320GB HD.

2] I replying to your post 173 please find the following OTM Results log under (this is the log that came up on the screen after auto-reboot by OTM):

3] Just to be 100% sure, I take it you wanted me to go ahead with Kapersky Rescue Disc as in your above post 175 even though you have not read the results of the OTM process yet?

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\cmd.txt deleted successfully.
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\user.js moved successfully.
C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Downloads\LimeWireWin.exe moved successfully.
C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\LimeWireWin.exe moved successfully.
C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\registrybooster.exe moved successfully.
C:\Program Files\LimeWire\.NetworkShare\LimeWireWin5.5.14.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Temp folder emptied: 0 bytes

User: BEC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DIANE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: PETER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: PETER.PETER-OYOU4XROG
->Temp folder emptied: 26679737 bytes
->Temporary Internet Files folder emptied: 55651632 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 69725511 bytes
->Google Chrome cache emptied: 6988774 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: PETER.PETER-OYOU4XROG.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: TIM

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3888054 bytes

Total Files Cleaned = 155.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 01312013_015141

Files moved on Reboot...

Registry entries deleted on Reboot...


----------



## speedyzap (Feb 26, 2006)

Kev
I just noticed that to do the Kapersy Rescue, I have to burn a disc. Remember that my desktop DVD burner does not work (probably packed it in ages ago) so I connected my old DVD ROM which has *no* burner.

Would it work OK if I burned it on my laptop (which is now also playing up) or my sons laptop which is new and has a burner?? I would have to access your IMGBURN download link via one of the laptops.


----------



## speedyzap (Feb 26, 2006)

I just noticed you wanted me to do another Rogue Killer Run with the view to delete any bad processes (namely the one?) we found last run. This scan showed nothing, most likely because I deleted a huge number of the downloaded music and video files. See Rogue scan result under:

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : PETER [Admin rights]
Mode : Remove -- Date : 01/31/2013 02:54:59
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620A +++++
--- User ---
[MBR] b0285b0f9c99bd8cba028ad7ecba41b6
[BSP] 7780679cf48b7d1b4d2c1b4073c7bd20 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131061 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[7]_D_01312013_02d0254.txt >>
RKreport[1]_S_01292013_02d2018.txt ; RKreport[2]_S_01292013_02d2145.txt ; RKreport[3]_D_01292013_02d2145.txt ; RKreport[4]_S_01312013_02d0252.txt ; RKreport[5]_S_01312013_02d0253.txt ; 
RKreport[6]_S_01312013_02d0254.txt ; RKreport[7]_D_01312013_02d0254.txt


----------



## speedyzap (Feb 26, 2006)

I assume the IMGburn DVD burner software is the item on your link to the left of the page called "Free CD/DVD burner" and on clicking on that the link it looks like the prtScn under:

If so, I have downloaded that - is this the correct one?

Edit: I don't think it was the right one so I deleted it. Can you give me more specific directions for the IMGBURN download off that link?

Edit: I found it - just got confused by the "mirrors 1-7"

*Note well: *The install of the incorrect DVD burner by I think "Kyoto" called "Free CD/DVD burner" has left me with some sort of malware / addware taking over my internet home page tab URL in "internet properties" . When I re-type in the the correct URL I went in my home page tab and press apply and OK, then I click on IE, then a pop up comes up from Malware Bytes saying " successfully blocked access to potentially malicious website (207.232.22.60). The URL that tries to load instead of www.google.com is "www.searchnu.com/421" Also when trying to get on the intenet via Firefox a message comes up saying " another program on your computer would like to modify Firefox with the following add on - search toolbar 1.0.0.12" So much for unistalling it. Also after uninstalling I noticed the Search Kyoto toolbar on IE. It had an "x" out option, so I clicked on that but betya its still hiding somewhere. Malware prompted a quick scan search but found nothing.
I guess we had better get rid of this bug/s before anything else


----------



## kevinf80 (Mar 21, 2006)

You`ve lost me off here, what application gave the browser issues. Is that one of the links for imgburn?

Run the following to remove bad toolbars and browser hi jackers etc:

Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.


 Please close all open programs and internet browsers.
 Double click on *Adwcleaner.exe* to run the tool.
 Click on *Delete*.
 Confirm each time with OK.
 Your computer will be rebooted automatically. A text file will open after the restart.
 Please post the content of that logfile in your reply.
 You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.


----------



## speedyzap (Feb 26, 2006)

Hi Kev
AdwCleaner got rid od the Kyoto bug off IE, but not off Mozilla Firefox browswer

I gave it another clean and auto re-boot but it didn't change anything with firefox browser

Old log said it cleaned IE and Firefox (3 items) but new log under says all OK it seems

Edit: Google Chrome also still not fixed with that same searchnu/ URL on it

# AdwCleaner v2.109 - Logfile created 01/31/2013 at 07:44:49
# Updated 26/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : PETER - PETER-OYOU4XROG
# Boot Mode : Normal
# Running from : C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

-\\ Google Chrome v20.0.1132.57

*************************

AdwCleaner[R1].txt - [2697 octets] - [20/01/2013 18:25:20]
AdwCleaner[R2].txt - [2757 octets] - [20/01/2013 18:42:05]
AdwCleaner[R3].txt - [3302 octets] - [31/01/2013 07:36:38]
AdwCleaner[R4].txt - [1054 octets] - [31/01/2013 07:44:16]
AdwCleaner[S1].txt - [2722 octets] - [20/01/2013 18:42:31]
AdwCleaner[S2].txt - [3271 octets] - [31/01/2013 07:37:24]
AdwCleaner[S3].txt - [987 octets] - [31/01/2013 07:44:49]

########## EOF - C:\AdwCleaner[S3].txt - [1046 octets] ##########

PS Will have to call it quits for today very shortly - have put a lot of hours in this today with all the back up filing


----------



## kevinf80 (Mar 21, 2006)

Can you run Firefox with addons disabled, does that make a difference?


----------



## speedyzap (Feb 26, 2006)

No I went to the options bar and turned the navigation tool bar and add on tool bar off and it still would not go to the google URL

However if I click on show address arrow and pick one of the common addresses or if I type a new address in, it works OK then

But Malware Bytes still says it blocks the www.searchnu/421 URL

Catch you on the next shift Kev


----------



## kevinf80 (Mar 21, 2006)

Run the following and post logs when you return...

OTL by Oldtimer
Download *OTL* from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)


 When the window appears, underneath *Output* at the top, make sure *Standard output* is selected.
 Select *Scan all users*
 Under the *Extra Registry* section, check *Use SafeList*
 In the lower right corner, checkmark *"LOP Check"* and checkmark *"Purity Check".*
 Click *Run Scan* and let the program run uninterrupted.
 When the scan is complete, two text files will be created on your Desktop.
 *OTL.Txt* <- this one will be opened
 *Extras.txt* <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply.


----------



## speedyzap (Feb 26, 2006)

I found this koyotes one at the bottom of the OTL.Txt Log:
[2013/01/31 03:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\koyotesofttoolbarnew

*OTL.Txt log under:*

OTL logfile created on: 1/31/2013 11:34:54 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.48 Mb Total Physical Memory | 251.19 Mb Available Physical Memory | 32.73% Memory free
1.83 Gb Paging File | 1.25 Gb Available in Paging File | 68.33% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 73.54 Gb Free Space | 57.46% Space Free | Partition Type: NTFS

Computer Name: PETER-OYOU4XROG | User Name: PETER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/20 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/10 19:17:48 | 000,436,728 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2012/05/30 04:12:49 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/04 18:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 06:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

========== Modules (No Company Name) ==========

MOD - [2012/09/10 19:17:56 | 000,025,592 | ---- | M] () -- C:\Program Files\MyTomTom 3\DeviceDetection.dll
MOD - [2012/09/10 19:17:52 | 000,254,968 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2012/09/10 19:17:50 | 000,073,720 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/13 13:35:03 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/31 09:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PETER~1.PET\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PETER~1.PET\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [File_System | Auto | Stopped] -- aswFsBlk.sys -- (aswFsBlk)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (53292574)
DRV - [2012/12/14 16:49:28 | 000,018,800 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/31 09:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/31 09:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/31 09:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/31 09:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/31 09:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/31 09:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/14 05:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/08 15:34:46 | 004,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2001/11/22 16:08:06 | 000,070,528 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttrak.sys -- (fasttrak)
DRV - [2001/08/18 00:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 23:12:02 | 000,063,208 | ---- | M] (Intel Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc21x4.sys -- (DC21x4)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/421"
FF - prefs.js..extensions.enabledAddons: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
FF - prefs.js..extensions.enabledAddons: [email protected]:2.2.5.1213
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&apn_uid=6492560933454541&o=APN10649&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/30 04:14:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 21:53:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/22 23:12:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/30 04:13:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/01/22 23:12:08 | 000,000,000 | ---D | M]

[2013/01/31 03:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions
[2012/04/20 01:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions\[email protected]
[2010/08/11 03:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions\[email protected]
[2013/01/31 07:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\extensions
[2013/01/31 03:49:52 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\extensions\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}
[2013/01/23 01:09:06 | 000,000,000 | ---D | M] (ZoneAlarm Do Not Track) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\extensions\[email protected]
[2013/01/23 00:49:19 | 000,007,919 | ---- | M] () (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2013/01/18 17:19:27 | 000,001,100 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\searchplugins\produtools-manuals-21-customized-web-search.xml
[2013/01/31 03:49:15 | 000,002,687 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\searchplugins\Search_Results.xml
[2013/01/31 07:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/30 04:14:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/06/16 21:53:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/30 04:13:07 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/11/05 14:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/05 14:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/421
CHR - default_search_provider: Search Results ()
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=6492560933454541&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.searchnu.com/421
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16299 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/24 18:10:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search-Results Toolbar) - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1659004503-362288127-839522115-1004..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Config.Msi\c2f98.rbf (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\DAN\Start Menu\Programs\Startup\DirectDVD Update Manager.lnk = C:\Program Files\Orion Studios HD\UpdateHD.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\PartyPoker\RunApp.exe ()
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/downl...75-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} https://video.manheim.com/lib/LiveSound.dll (lgbplay Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {447F8438-8124-4369-905B-A249E13CBBFC} http://pickles.liveblockauctions.com/install/new/lgbkc.cab (LgbContent Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208852273484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1358857466468 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98A06A82-F53F-444E-B6B9-11259873A459}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL) - C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/22 01:48:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/31 05:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\ImgBurn
[2013/01/31 05:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2013/01/31 05:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2013/01/31 04:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\kav_rescue_10
[2013/01/31 04:33:55 | 006,118,990 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\SetupImgBurn_2.5.7.0.exe
[2013/01/31 03:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\AppData
[2013/01/31 03:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\searchresultstb
[2013/01/31 03:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Wincert
[2013/01/31 03:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\koyotesofttoolbarnew
[2013/01/31 03:49:17 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll
[2013/01/31 03:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\FreeBurner
[2013/01/31 03:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy CD DVD Burner
[2013/01/31 01:51:41 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/01/31 01:50:33 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTM.exe
[2013/01/29 20:16:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\RK_Quarantine
[2013/01/29 00:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/01/29 00:35:39 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/01/29 00:35:39 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/01/29 00:35:38 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/01/29 00:35:38 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/01/29 00:35:37 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/01/29 00:35:37 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2013/01/29 00:35:37 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2013/01/29 00:35:36 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2013/01/29 00:34:49 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/01/29 00:34:47 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/01/28 21:54:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2013/01/28 21:54:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1402010.016
[2013/01/28 02:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2013/01/28 02:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Windows Search
[2013/01/28 02:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Windows Desktop Search
[2013/01/28 02:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2013/01/28 02:39:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/01/28 02:37:47 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2013/01/28 02:37:47 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2013/01/28 02:37:47 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2013/01/28 00:13:03 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\TFC.exe
[2013/01/26 23:16:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/01/26 22:57:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013/01/26 17:22:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/26 15:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2013/01/26 01:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2013/01/26 01:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2013/01/26 01:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2013/01/25 07:55:41 | 002,013,672 | ---- | C] (Driver Manager) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\DriverManager.exe
[2013/01/25 03:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DVD Check Result Report_files
[2013/01/25 03:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\ElevatedDiagnostics
[2013/01/25 03:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/01/25 03:01:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/01/25 01:00:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/01/23 23:12:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/23 23:12:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/23 23:12:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/23 23:12:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/23 23:12:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2013/01/23 23:11:39 | 005,026,296 | R--- | C] (Swearware) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\ComboFix.exe
[2013/01/23 21:00:57 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\tdsskiller.exe
[2013/01/23 21:00:55 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/01/23 15:45:35 | 000,350,915 | ---- | C] (Farbar) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\FSS.exe
[2013/01/23 13:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
[2013/01/23 13:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/23 13:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/01/23 06:04:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/01/23 05:41:20 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/01/23 05:41:13 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2013/01/23 05:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2013/01/23 05:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/01/23 05:30:16 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2013/01/23 05:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\tweaking.com_windows_repair_aio
[2013/01/23 03:42:53 | 011,088,872 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\mseinstall.exe
[2013/01/23 00:40:16 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismp.sys
[2013/01/22 22:08:59 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2013/01/22 22:08:59 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2013/01/22 22:08:59 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2013/01/22 22:08:59 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2013/01/22 22:08:59 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2013/01/22 22:08:59 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2013/01/22 22:08:59 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2013/01/22 22:08:59 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2013/01/22 22:08:59 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2013/01/22 22:08:59 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2013/01/22 22:08:59 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2013/01/22 22:08:59 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2013/01/22 22:08:59 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2013/01/22 22:08:59 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2013/01/22 22:08:59 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2013/01/22 21:58:25 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2013/01/22 20:57:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2013/01/22 20:39:58 | 278,927,592 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\WindowsXP-KB835935-SP2-ENU.exe
[2013/01/21 14:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2013/01/21 14:17:38 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\MGADiag.exe
[2013/01/20 22:41:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/20 19:58:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
[2013/01/20 00:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp_files
[2013/01/18 19:09:54 | 003,362,744 | ---- | C] (http://www.maxuninstaller.com/ ) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MaxUninstaller_Setup.exe
[2013/01/16 01:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\WMTools Downloaded Files
[2013/01/15 00:54:05 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit.wu.FISC.156281598502540974.3.1.Run.exe
[2013/01/04 14:04:47 | 000,000,000 | ---D | C] -- C:\400489b79493023d5f

========== Files - Modified Within 30 Days ==========

[2013/01/31 11:28:44 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1004.job
[2013/01/31 11:28:39 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/31 11:28:39 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/31 11:28:39 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1005.job
[2013/01/31 11:27:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/31 11:26:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/31 08:05:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/31 07:35:02 | 000,580,235 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
[2013/01/31 06:28:31 | 296,022,016 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\kav_rescue_10.iso
[2013/01/31 05:05:37 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2013/01/31 05:05:37 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2013/01/31 04:33:55 | 006,118,990 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\SetupImgBurn_2.5.7.0.exe
[2013/01/31 01:50:38 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTM.exe
[2013/01/31 01:46:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Windows Update.job
[2013/01/30 05:15:02 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/30 03:58:30 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1004.job
[2013/01/29 00:35:40 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/01/29 00:35:37 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/01/29 00:22:54 | 097,565,024 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\avast_free_antivirus_setup.exe
[2013/01/28 21:56:26 | 000,709,677 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1402010.016\Cat.DB
[2013/01/28 21:03:22 | 000,506,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/28 21:03:22 | 000,088,078 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/28 04:57:20 | 000,001,954 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/01/28 04:56:59 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/28 02:46:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/28 02:39:42 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/01/28 00:26:51 | 000,265,598 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\dotnetfx_cleanup_tool.zip
[2013/01/28 00:13:06 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\TFC.exe
[2013/01/26 22:11:38 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\fixme.reg
[2013/01/26 22:02:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/01/26 22:02:18 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/01/26 21:23:20 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2013/01/26 16:15:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1005.job
[2013/01/26 15:36:51 | 000,866,592 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\Norton_Removal_Tool.exe
[2013/01/25 17:53:31 | 000,178,770 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\PIF IMF Update to Group Members 25 Jan 2013.pdf
[2013/01/25 07:55:56 | 002,013,672 | ---- | M] (Driver Manager) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\DriverManager.exe
[2013/01/25 03:09:42 | 000,036,706 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DVD Check Result Report.htm
[2013/01/24 18:10:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/24 02:01:37 | 000,141,738 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_23.01.2013_21.25.23_log.zip
[2013/01/24 01:19:25 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/23 23:11:47 | 005,026,296 | R--- | M] (Swearware) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\ComboFix.exe
[2013/01/23 21:19:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\tdsskiller.exe
[2013/01/23 15:45:39 | 000,350,915 | ---- | M] (Farbar) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\FSS.exe
[2013/01/23 06:36:50 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2013/01/23 06:04:46 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/01/23 05:35:23 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/01/23 05:16:23 | 003,293,002 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\tweaking.com_windows_repair_aio.zip
[2013/01/23 03:59:32 | 011,088,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\mseinstall.exe
[2013/01/22 23:12:08 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/01/22 20:58:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/01/22 20:49:33 | 278,927,592 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\WindowsXP-KB835935-SP2-ENU.exe
[2013/01/21 14:17:43 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\MGADiag.exe
[2013/01/20 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
[2013/01/20 00:50:25 | 000,052,195 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp.htm
[2013/01/18 19:10:09 | 003,362,744 | ---- | M] (http://www.maxuninstaller.com/ ) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MaxUninstaller_Setup.exe
[2013/01/18 01:52:29 | 001,615,449 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DELONGHI PAC W150 ECO USER MANUAL GB-5751018800.pdf
[2013/01/15 00:54:10 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit.wu.FISC.156281598502540974.3.1.Run.exe
[2013/01/14 20:16:30 | 000,983,040 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit50777.msi
[2013/01/13 13:35:02 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/13 13:35:02 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/12 01:37:51 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\WindowsXP-KB942288-v3-x86.exe
[2013/01/06 16:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/01/03 01:52:10 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/03 01:52:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2013/01/31 05:05:37 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2013/01/31 05:05:37 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2013/01/31 03:33:51 | 296,022,016 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\kav_rescue_10.iso
[2013/01/29 00:35:40 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/01/29 00:35:37 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/29 00:22:49 | 097,565,024 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\avast_free_antivirus_setup.exe
[2013/01/28 21:55:42 | 000,709,677 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1402010.016\Cat.DB
[2013/01/28 02:39:42 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2013/01/28 02:39:42 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/01/28 02:35:44 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013/01/28 00:26:43 | 000,265,598 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\dotnetfx_cleanup_tool.zip
[2013/01/26 22:11:38 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\fixme.reg
[2013/01/26 15:36:29 | 000,866,592 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\Norton_Removal_Tool.exe
[2013/01/25 17:53:31 | 000,178,770 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\PIF IMF Update to Group Members 25 Jan 2013.pdf
[2013/01/25 03:09:41 | 000,036,706 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DVD Check Result Report.htm
[2013/01/24 02:01:36 | 000,141,738 | ---- | C] () -- C:\TDSSKiller.2.8.15.0_23.01.2013_21.25.23_log.zip
[2013/01/23 23:12:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/23 23:12:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/23 23:12:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/23 23:12:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/23 23:12:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/23 05:35:23 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/01/23 05:12:05 | 003,293,002 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\tweaking.com_windows_repair_aio.zip
[2013/01/23 03:47:33 | 000,001,954 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/01/22 23:12:08 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/22 23:12:08 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/01/20 18:24:54 | 000,580,235 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
[2013/01/20 00:50:24 | 000,052,195 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp.htm
[2013/01/18 01:52:28 | 001,615,449 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DELONGHI PAC W150 ECO USER MANUAL GB-5751018800.pdf
[2013/01/15 01:37:12 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Windows Update.job
[2013/01/14 20:16:25 | 000,983,040 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit50777.msi
[2013/01/12 01:35:56 | 003,327,000 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\WindowsXP-KB942288-v3-x86.exe
[2012/11/22 14:36:35 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\.backup.dm
[2012/07/21 16:44:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/07/21 16:44:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/07/21 16:43:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012/03/11 13:14:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/05 23:52:30 | 000,081,321 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2011/10/05 00:32:22 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2011/10/05 00:32:22 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2011/10/05 00:32:22 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2009/01/27 21:26:08 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/04/22 02:18:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/06/24 23:10:44 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 23:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 11:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/29 00:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/04/22 04:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/12/12 01:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/11/07 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/09/20 19:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2008/04/22 07:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/07/17 06:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2008/04/22 03:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/10/26 18:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyVirtualHome
[2010/07/25 13:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/04/20 01:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2013/01/31 03:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wincert
[2009/02/19 04:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2008/10/20 20:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\Canon
[2008/04/22 09:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\Grisoft
[2009/07/17 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\LimeWire
[2008/07/16 15:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\MailFrontier
[2008/09/23 13:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\SharePod
[2012/01/13 13:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Canon
[2008/04/23 22:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Grisoft
[2008/07/21 18:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\MailFrontier
[2010/05/30 11:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\NCH Swift Sound
[2010/05/30 11:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Recordpad
[2010/07/11 13:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\SharePod
[2010/07/24 13:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Babylon
[2012/06/20 15:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Canon
[2010/05/29 19:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\FreeAudioPack
[2008/04/22 16:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Grisoft
[2009/09/03 17:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\LimeWire
[2008/07/19 13:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\MailFrontier
[2010/07/25 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\NCH Swift Sound
[2008/07/12 18:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\PowerChallenge
[2010/05/30 08:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Recordpad
[2009/07/27 13:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\SharePod
[2009/01/21 10:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Thunderbird
[2010/07/24 23:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\uTorrent
[2009/11/24 12:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Xtranormal
[2008/06/24 18:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Grisoft
[2008/11/07 13:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\MailFrontier
[2008/04/25 03:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Canon
[2008/04/22 07:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Grisoft
[2008/05/31 04:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\LimeWire
[2008/04/22 03:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\MailFrontier
[2008/04/23 00:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Thunderbird
[2011/11/07 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Canon
[2011/10/05 01:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\CheckPoint
[2013/01/25 03:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\ElevatedDiagnostics
[2013/01/31 04:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\FreeBurner
[2012/12/11 20:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Ifcaeb
[2013/01/31 05:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\ImgBurn
[2013/01/31 03:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\koyotesofttoolbarnew
[2012/11/23 11:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\LimeWire
[2011/10/06 00:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\MailFrontier
[2009/10/26 19:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\MyVirtualHome
[2010/05/29 23:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\NCH Swift Sound
[2010/05/29 23:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Recordpad
[2012/07/31 02:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Reec
[2013/01/31 03:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\searchresultstb
[2010/05/07 22:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\SharePod
[2008/06/12 18:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Thunderbird
[2012/04/20 01:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\TomTom
[2012/07/31 01:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Uplui
[2012/12/11 02:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\WinBatch
[2013/01/28 02:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Windows Desktop Search
[2013/01/28 02:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Windows Search
[2010/12/16 14:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\WinPatrol
[2012/12/11 15:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Yqih

========== Purity Check ==========

< End of report >


----------



## speedyzap (Feb 26, 2006)

I found this koyotes line under:
koyotesofttoolbarnew" = Search-Results Toolbar

*Extras.Txt log under:*

OTL Extras logfile created on: 1/31/2013 11:34:54 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.48 Mb Total Physical Memory | 251.19 Mb Available Physical Memory | 32.73% Memory free
1.83 Gb Paging File | 1.25 Gb Available in Paging File | 68.33% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 73.54 Gb Free Space | 57.46% Space Free | Partition Type: NTFS

Computer Name: PETER-OYOU4XROG | User Name: PETER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe" = C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe:*:Enabled:Search-Results Toolbar DTX Broker

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40589552-3892-409E-B92C-9F5032A4B2F0}" = Safari
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{901B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{919F3D91-8374-410F-932B-A126F2C85426}" = e-tax 2009
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}" = e-tax 2012
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6BEB5BC-5386-4AF9-ADF2-8451BEB2A48B}" = Video Piggy
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AlphaBrowser v.1.3" = AlphaBrowser v.1.3
"ArcSoft PhotoBase" = ArcSoft PhotoBase
"audcle" = Plus! MP3 Audio Converter LE
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon ScanGear Toolbox 3.1" = Canon ScanGear Toolbox 3.1
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP6e.DLL" = Canon PIXMA iP1000
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DBX Viewer Free_is1" = DBX Viewer Free 1.0
"DirectDVD 6 HD" = DirectDVD 6 HD
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"Easy Outlook Express Repair_is1" = Easy Outlook Express Repair 1.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"e-tax 2008" = e-tax 2008
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Kernel for Outlook Express Evaluation Version_is1" = Kernel for Outlook Express Evaluation ver 9.04.01
"koyotesofttoolbarnew" = Search-Results Toolbar
"LimeWire" = LimeWire 5.5.14
"Mah Jong Quest_is1" = Mah Jong Quest
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyTomTom" = MyTomTom 3.2.0.802
"Outlook Express Backup Wizard_is1" = Outlook Express Backup Wizard version 1.1
"PhotoRecord" = Canon PhotoRecord
"PowerShell" = Windows PowerShell(TM) 1.0
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.90
"SCRABBLE - Journey" = SCRABBLE - Journey
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"UT2004-Demo" = Unreal Tournament 2004 Demo
"wa2wmp" = Windows Media Player Skin Importer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2013 7:50:30 AM | Computer Name = PETER-OYOU4XROG | Source = MsiInstaller | ID = 11303
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1303.
Setup cannot access the folder C:\Program Files\Microsoft Office. Verify that 
the folder exists in your system and that you have sufficient permissions to update
it.

Error - 1/28/2013 7:50:32 AM | Computer Name = PETER-OYOU4XROG | Source = MsiInstaller | ID = 11303
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1303.
Setup cannot access the folder C:\Program Files\Microsoft Office. Verify that 
the folder exists in your system and that you have sufficient permissions to update
it.

Error - 1/28/2013 7:57:38 AM | Computer Name = PETER-OYOU4XROG | Source = MsiInstaller | ID = 11303
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1303.
Setup cannot access the folder C:\Program Files\Microsoft Office. Verify that 
the folder exists in your system and that you have sufficient permissions to update
it.

Error - 1/28/2013 7:57:40 AM | Computer Name = PETER-OYOU4XROG | Source = MsiInstaller | ID = 11303
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1303.
Setup cannot access the folder C:\Program Files\Microsoft Office. Verify that 
the folder exists in your system and that you have sufficient permissions to update
it.

Error - 1/29/2013 9:58:34 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/29/2013 10:17:32 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/29/2013 10:31:30 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/29/2013 10:37:10 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/29/2013 12:52:18 PM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/29/2013 2:38:53 PM | Computer Name = PETER-OYOU4XROG | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 11.0.1.36, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/30/2013 4:46:55 PM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon iP4200 failed to initialize because a suitable Canon
iP4200 driver could not be found.

Error - 1/30/2013 4:46:55 PM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon PIXMA iP1000 failed to initialize because a suitable
Canon PIXMA iP1000 driver could not be found.

Error - 1/30/2013 4:46:55 PM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 1/30/2013 4:47:00 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2

Error - 1/30/2013 4:47:00 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following 
error: %%5

Error - 1/30/2013 8:26:49 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2

Error - 1/30/2013 8:26:49 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following 
error: %%5

Error - 1/30/2013 8:28:38 PM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon iP4200 failed to initialize because a suitable Canon
iP4200 driver could not be found.

Error - 1/30/2013 8:28:38 PM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon PIXMA iP1000 failed to initialize because a suitable
Canon PIXMA iP1000 driver could not be found.

Error - 1/30/2013 8:28:38 PM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

< End of report >


----------



## kevinf80 (Mar 21, 2006)

Re-Run







by double left click, Vista and Widows 7 users accept UAC alert.

Under the







box at the bottom, paste in the following


```
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PETER~1.PET\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PETER~1.PET\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (53292574)
[2013/01/31 03:49:52 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\extensions\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}
[2013/01/23 01:09:06 | 000,000,000 | ---D | M] (ZoneAlarm Do Not Track) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\extensions\[email protected]
CHR - homepage: http://www.searchnu.com/421
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=AP N10649&apn_uid=6492560933454541&q={searchTerms}
O2 - BHO: (Search-Results Toolbar) - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
[2013/01/28 21:54:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2013/01/28 21:54:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1402010.016
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"koyotesofttoolbarnew"=-
:Files
ipconfig /flushdns /c
C:\Documents and Settings\DIANE\Application Data\Babylon
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\koyotesofttoolbarnew
C:\Program Files\Searchqu Toolbar
[emptytemp]
[CREATERESTOREPOINT]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

Post that log, can you run Kaspersky rescue disc? Also let me know where we`re at now with this system,

Kevin..


----------



## speedyzap (Feb 26, 2006)

I don't now whats happened with techguy posts - I posted my update about an hour ago, I come back and its not here??
TRY AGAIN
"Where are we at with the system?'

1] I downloaded IMGBurn on to my laptop because I do not have a DVD burner on my desktop only a DVD ROM (burner died some time ago)
2] I downloaded Kapersky on to my desktop and my laptop. I will have to read your instructions carefully for the rescue disc. Can I burn the disc on my laptop and bring the disc over to my desktop to rescue my files? I note Kapersky downloads an icon on my home page called "kav_rescue_10.iso" - is that the correct download?
3]Unfortunately, only on firefox, the OTL kill run did not remove the "koyote" "www.searchnu.com/421" URL trying to load for outgoing access. Malware Bytes still has to block it. Little bugger!!! Also, I posted the OTL log about an hour ago, but it vanished when editing (some kind of TechGuy server problem coming up occasionally saying "delays.... ". So I had to do the OTL kill run again - hope that won't mess you up

*OTL 2nd kill log run under: *

All processes killed
========== OTL ==========
Error: No service named aspnet_state was found to stop!
Service\Driver key aspnet_state not found.
File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe not found.
Error: No service named AppMgmt was found to stop!
Service\Driver key AppMgmt not found.
File %SystemRoot%\System32\appmgmts.dll not found.
Error: No service named WDICA was found to stop!
Service\Driver key WDICA not found.
Error: No service named PDRFRAME was found to stop!
Service\Driver key PDRFRAME not found.
Error: No service named PDRELI was found to stop!
Service\Driver key PDRELI not found.
Error: No service named PDFRAME was found to stop!
Service\Driver key PDFRAME not found.
Error: No service named PDCOMP was found to stop!
Service\Driver key PDCOMP not found.
Error: No service named PCIDump was found to stop!
Service\Driver key PCIDump not found.
Error: No service named lbrtfdc was found to stop!
Service\Driver key lbrtfdc not found.
Error: No service named mbamchameleon was found to stop!
Service\Driver key mbamchameleon not found.
File C:\WINDOWS\system32\drivers\mbamchameleon.sys not found.
Error: No service named i2omgmt was found to stop!
Service\Driver key i2omgmt not found.
Error: No service named cpuz134 was found to stop!
Service\Driver key cpuz134 not found.
File C:\DOCUME~1\PETER~1.PET\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys not found.
Error: No service named Changer was found to stop!
Service\Driver key Changer not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\DOCUME~1\PETER~1.PET\LOCALS~1\Temp\catchme.sys not found.
Error: No service named 53292574 was found to stop!
Service\Driver key 53292574 not found.
Folder C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\extensions\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}\ not found.
Folder C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\extensions\[email protected]\ not found.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/octet-stream\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-complus\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-msdownload\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\ not found.
Folder C:\WINDOWS\System32\drivers\NIS\ not found.
Folder C:\WINDOWS\System32\drivers\NIS\1402010.016\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\koyotesofttoolbarnew not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\DIANE\Application Data\Babylon not found.
File\Folder C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\koyotesofttoolbarnew not found.
File\Folder C:\Program Files\Searchqu Toolbar not found.
File\Folder [emptytemp] not found.
File\Folder [CREATERESTOREPOINT] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 01312013_231903

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## speedyzap (Feb 26, 2006)

Update Note: I have burned the "kav_rescue_10.iso" disc on my* laptop*

Will it work on my* desktop *to do the job if I bring it over and put it in my desktop DVD ROM?

I checked on doing a test F11 on boot up, it does give me the option to boot the rescue disc via the DVD ROM

Also on reading Rescue instructions we come to Step E, point 4: which gives one the options of disinfecting, deleting, quarantining and skipping. Which one should I pick or will the process recommend a move on each malicious item?

Note: I will NOT run the rescue disc until the Kyotes, "search.com/421" bugs are fixed unless you advise otherwise

Thanks


----------



## kevinf80 (Mar 21, 2006)

Run OTL one more time, I want to see a full log again. Apologies for the lack of replies, i`m very busy this week...

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)


 When the window appears, underneath *Output* at the top, make sure *Standard output* is selected.
 Select *Scan all users*
 Under the *Extra Registry* section, check *Use SafeList*
 In the lower right corner, checkmark *"LOP Check"* and checkmark *"Purity Check".*
 Click *Run Scan* and let the program run uninterrupted.
 When the scan is complete, two text files will be created on your Desktop.
 *OTL.Txt* <- this one will be opened
 *Extras.txt* <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply.

Kevin


----------



## speedyzap (Feb 26, 2006)

*OTL.Txt log:*

OTL logfile created on: 2/1/2013 1:49:30 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.48 Mb Total Physical Memory | 263.73 Mb Available Physical Memory | 34.36% Memory free
1.83 Gb Paging File | 1.36 Gb Available in Paging File | 74.17% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 73.48 Gb Free Space | 57.41% Space Free | Partition Type: NTFS

Computer Name: PETER-OYOU4XROG | User Name: PETER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/20 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/10 19:17:48 | 000,436,728 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2012/05/30 04:12:49 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/04 18:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 06:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

========== Modules (No Company Name) ==========

MOD - [2012/09/10 19:17:56 | 000,025,592 | ---- | M] () -- C:\Program Files\MyTomTom 3\DeviceDetection.dll
MOD - [2012/09/10 19:17:52 | 000,254,968 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2012/09/10 19:17:50 | 000,073,720 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll

========== Services (SafeList) ==========

SRV - [2013/01/13 13:35:03 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/31 09:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Auto | Stopped] -- aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/12/14 16:49:28 | 000,018,800 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/31 09:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/31 09:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/31 09:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/31 09:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/31 09:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/31 09:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/14 05:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/08 15:34:46 | 004,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2001/11/22 16:08:06 | 000,070,528 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttrak.sys -- (fasttrak)
DRV - [2001/08/18 00:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 23:12:02 | 000,063,208 | ---- | M] (Intel Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc21x4.sys -- (DC21x4)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/421"
FF - prefs.js..extensions.enabledAddons: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&apn_uid=6492560933454541&o=APN10649&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/30 04:14:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 21:53:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/22 23:12:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/30 04:13:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/01/22 23:12:08 | 000,000,000 | ---D | M]

[2013/01/31 03:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions
[2012/04/20 01:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions\[email protected]
[2010/08/11 03:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions\[email protected]
[2013/01/31 22:19:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\extensions
[2013/01/18 17:19:27 | 000,001,100 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\searchplugins\produtools-manuals-21-customized-web-search.xml
[2013/01/31 03:49:15 | 000,002,687 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\searchplugins\Search_Results.xml
[2013/01/31 07:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/30 04:14:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/06/16 21:53:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/30 04:13:07 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/11/05 14:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/05 14:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/421
CHR - default_search_provider: Search Results ()
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=6492560933454541&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.searchnu.com/421
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16299 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/24 18:10:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1659004503-362288127-839522115-1004..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Config.Msi\c2f98.rbf (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\DAN\Start Menu\Programs\Startup\DirectDVD Update Manager.lnk = C:\Program Files\Orion Studios HD\UpdateHD.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\PartyPoker\RunApp.exe ()
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/downl...75-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} https://video.manheim.com/lib/LiveSound.dll (lgbplay Class)
O16 - DPF: {447F8438-8124-4369-905B-A249E13CBBFC} http://pickles.liveblockauctions.com/install/new/lgbkc.cab (LgbContent Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208852273484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1358857466468 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98A06A82-F53F-444E-B6B9-11259873A459}: DhcpNameServer = 10.1.1.1
O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL) - C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/22 01:48:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/31 05:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\ImgBurn
[2013/01/31 05:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2013/01/31 05:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2013/01/31 04:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\kav_rescue_10
[2013/01/31 04:33:55 | 006,118,990 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\SetupImgBurn_2.5.7.0.exe
[2013/01/31 03:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\AppData
[2013/01/31 03:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\searchresultstb
[2013/01/31 03:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Wincert
[2013/01/31 03:49:17 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll
[2013/01/31 03:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\FreeBurner
[2013/01/31 03:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy CD DVD Burner
[2013/01/31 01:51:41 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/01/31 01:50:33 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTM.exe
[2013/01/29 20:16:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\RK_Quarantine
[2013/01/29 00:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/01/29 00:35:39 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/01/29 00:35:39 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/01/29 00:35:38 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/01/29 00:35:38 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/01/29 00:35:37 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/01/29 00:35:37 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2013/01/29 00:35:37 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2013/01/29 00:35:36 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2013/01/29 00:34:49 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/01/29 00:34:47 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/01/28 02:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2013/01/28 02:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Windows Search
[2013/01/28 02:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Windows Desktop Search
[2013/01/28 02:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2013/01/28 02:39:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/01/28 02:37:47 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2013/01/28 02:37:47 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2013/01/28 02:37:47 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2013/01/28 00:13:03 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\TFC.exe
[2013/01/26 23:16:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/01/26 22:57:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013/01/26 17:22:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/26 15:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2013/01/26 01:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2013/01/26 01:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2013/01/26 01:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2013/01/25 07:55:41 | 002,013,672 | ---- | C] (Driver Manager) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\DriverManager.exe
[2013/01/25 03:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DVD Check Result Report_files
[2013/01/25 03:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\ElevatedDiagnostics
[2013/01/25 03:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/01/25 03:01:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/01/25 01:00:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/01/23 23:12:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/23 23:12:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/23 23:12:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/23 23:12:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/23 23:12:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2013/01/23 23:11:39 | 005,026,296 | R--- | C] (Swearware) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\ComboFix.exe
[2013/01/23 21:00:57 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\tdsskiller.exe
[2013/01/23 21:00:55 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/01/23 15:45:35 | 000,350,915 | ---- | C] (Farbar) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\FSS.exe
[2013/01/23 13:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
[2013/01/23 13:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/23 13:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/01/23 06:04:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/01/23 05:41:20 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/01/23 05:41:13 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2013/01/23 05:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2013/01/23 05:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/01/23 05:30:16 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2013/01/23 05:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\tweaking.com_windows_repair_aio
[2013/01/23 03:42:53 | 011,088,872 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\mseinstall.exe
[2013/01/23 00:40:16 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismp.sys
[2013/01/22 22:08:59 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2013/01/22 22:08:59 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2013/01/22 22:08:59 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2013/01/22 22:08:59 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2013/01/22 22:08:59 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2013/01/22 22:08:59 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2013/01/22 22:08:59 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2013/01/22 22:08:59 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2013/01/22 22:08:59 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2013/01/22 22:08:59 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2013/01/22 22:08:59 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2013/01/22 22:08:59 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2013/01/22 22:08:59 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2013/01/22 22:08:59 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2013/01/22 22:08:59 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2013/01/22 21:58:25 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2013/01/22 20:57:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2013/01/22 20:39:58 | 278,927,592 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\WindowsXP-KB835935-SP2-ENU.exe
[2013/01/21 14:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2013/01/21 14:17:38 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\MGADiag.exe
[2013/01/20 22:41:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/20 19:58:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
[2013/01/20 00:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp_files
[2013/01/18 19:09:54 | 003,362,744 | ---- | C] (http://www.maxuninstaller.com/ ) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MaxUninstaller_Setup.exe
[2013/01/16 01:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\WMTools Downloaded Files
[2013/01/15 00:54:05 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit.wu.FISC.156281598502540974.3.1.Run.exe
[2013/01/04 14:04:47 | 000,000,000 | ---D | C] -- C:\400489b79493023d5f

========== Files - Modified Within 30 Days ==========

[2013/02/01 01:46:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Windows Update.job
[2013/02/01 01:27:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/01 01:05:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/01 00:35:00 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/02/01 00:09:24 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1004.job
[2013/02/01 00:09:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/01 00:09:19 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1005.job
[2013/02/01 00:03:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/31 18:39:52 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2013/01/31 07:35:02 | 000,580,235 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
[2013/01/31 06:28:31 | 296,022,016 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\kav_rescue_10.iso
[2013/01/31 05:05:37 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2013/01/31 05:05:37 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2013/01/31 04:33:55 | 006,118,990 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\SetupImgBurn_2.5.7.0.exe
[2013/01/31 01:50:38 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTM.exe
[2013/01/30 05:15:02 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/30 03:58:30 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1004.job
[2013/01/29 00:35:40 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/01/29 00:35:37 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/01/29 00:22:54 | 097,565,024 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\avast_free_antivirus_setup.exe
[2013/01/28 21:03:22 | 000,506,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/28 21:03:22 | 000,088,078 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/28 04:57:20 | 000,001,954 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/01/28 04:56:59 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/28 02:46:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/28 02:39:42 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/01/28 00:26:51 | 000,265,598 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\dotnetfx_cleanup_tool.zip
[2013/01/28 00:13:06 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\TFC.exe
[2013/01/26 22:11:38 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\fixme.reg
[2013/01/26 22:02:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/01/26 22:02:18 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/01/26 21:23:20 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2013/01/26 16:15:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1005.job
[2013/01/26 15:36:51 | 000,866,592 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\Norton_Removal_Tool.exe
[2013/01/25 17:53:31 | 000,178,770 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\PIF IMF Update to Group Members 25 Jan 2013.pdf
[2013/01/25 07:55:56 | 002,013,672 | ---- | M] (Driver Manager) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\DriverManager.exe
[2013/01/25 03:09:42 | 000,036,706 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DVD Check Result Report.htm
[2013/01/24 18:10:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/24 02:01:37 | 000,141,738 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_23.01.2013_21.25.23_log.zip
[2013/01/24 01:19:25 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/23 23:11:47 | 005,026,296 | R--- | M] (Swearware) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\ComboFix.exe
[2013/01/23 21:19:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\tdsskiller.exe
[2013/01/23 15:45:39 | 000,350,915 | ---- | M] (Farbar) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\FSS.exe
[2013/01/23 06:04:46 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/01/23 05:35:23 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/01/23 05:16:23 | 003,293,002 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\tweaking.com_windows_repair_aio.zip
[2013/01/23 03:59:32 | 011,088,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\mseinstall.exe
[2013/01/22 23:12:08 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/01/22 20:58:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/01/22 20:49:33 | 278,927,592 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\WindowsXP-KB835935-SP2-ENU.exe
[2013/01/21 14:17:43 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\MGADiag.exe
[2013/01/20 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
[2013/01/20 01:40:24 | 004,279,751 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Russia & the Jews.pdf
[2013/01/20 00:50:25 | 000,052,195 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp.htm
[2013/01/18 19:10:09 | 003,362,744 | ---- | M] (http://www.maxuninstaller.com/ ) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MaxUninstaller_Setup.exe
[2013/01/18 01:52:29 | 001,615,449 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DELONGHI PAC W150 ECO USER MANUAL GB-5751018800.pdf
[2013/01/15 00:54:10 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit.wu.FISC.156281598502540974.3.1.Run.exe
[2013/01/14 20:16:30 | 000,983,040 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit50777.msi
[2013/01/13 13:35:02 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/13 13:35:02 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/12 01:37:51 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\WindowsXP-KB942288-v3-x86.exe
[2013/01/06 16:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/01/03 01:52:10 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/03 01:52:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2013/01/31 05:05:37 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2013/01/31 05:05:37 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2013/01/31 03:33:51 | 296,022,016 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\kav_rescue_10.iso
[2013/01/29 00:35:40 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/01/29 00:35:37 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/29 00:22:49 | 097,565,024 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\avast_free_antivirus_setup.exe
[2013/01/28 02:39:42 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2013/01/28 02:39:42 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/01/28 02:35:44 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013/01/28 00:26:43 | 000,265,598 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\dotnetfx_cleanup_tool.zip
[2013/01/26 22:11:38 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\fixme.reg
[2013/01/26 15:36:29 | 000,866,592 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\Norton_Removal_Tool.exe
[2013/01/25 17:53:31 | 000,178,770 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\PIF IMF Update to Group Members 25 Jan 2013.pdf
[2013/01/25 03:09:41 | 000,036,706 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DVD Check Result Report.htm
[2013/01/24 02:01:36 | 000,141,738 | ---- | C] () -- C:\TDSSKiller.2.8.15.0_23.01.2013_21.25.23_log.zip
[2013/01/23 23:12:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/23 23:12:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/23 23:12:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/23 23:12:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/23 23:12:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/23 05:35:23 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/01/23 05:12:05 | 003,293,002 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\tweaking.com_windows_repair_aio.zip
[2013/01/23 03:47:33 | 000,001,954 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/01/22 23:12:08 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/22 23:12:08 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/01/20 18:24:54 | 000,580,235 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
[2013/01/20 01:40:07 | 004,279,751 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\Russia & the Jews.pdf
[2013/01/20 00:50:24 | 000,052,195 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp.htm
[2013/01/18 01:52:28 | 001,615,449 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DELONGHI PAC W150 ECO USER MANUAL GB-5751018800.pdf
[2013/01/15 01:37:12 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Windows Update.job
[2013/01/14 20:16:25 | 000,983,040 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit50777.msi
[2013/01/12 01:35:56 | 003,327,000 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\WindowsXP-KB942288-v3-x86.exe
[2012/11/22 14:36:35 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\.backup.dm
[2012/07/21 16:44:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/07/21 16:44:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/07/21 16:43:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012/03/11 13:14:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/05 23:52:30 | 000,081,321 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2011/10/05 00:32:22 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2011/10/05 00:32:22 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2011/10/05 00:32:22 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2009/01/27 21:26:08 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/04/22 02:18:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/06/24 23:10:44 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 23:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 11:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/29 00:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/04/22 04:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/12/12 01:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/11/07 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/09/20 19:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2008/04/22 07:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/07/17 06:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2008/04/22 03:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/10/26 18:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyVirtualHome
[2010/07/25 13:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/04/20 01:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2013/01/31 03:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wincert
[2009/02/19 04:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2008/10/20 20:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\Canon
[2008/04/22 09:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\Grisoft
[2009/07/17 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\LimeWire
[2008/07/16 15:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\MailFrontier
[2008/09/23 13:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\SharePod
[2012/01/13 13:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Canon
[2008/04/23 22:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Grisoft
[2008/07/21 18:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\MailFrontier
[2010/05/30 11:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\NCH Swift Sound
[2010/05/30 11:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Recordpad
[2010/07/11 13:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\SharePod
[2012/06/20 15:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Canon
[2010/05/29 19:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\FreeAudioPack
[2008/04/22 16:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Grisoft
[2009/09/03 17:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\LimeWire
[2008/07/19 13:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\MailFrontier
[2010/07/25 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\NCH Swift Sound
[2008/07/12 18:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\PowerChallenge
[2010/05/30 08:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Recordpad
[2009/07/27 13:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\SharePod
[2009/01/21 10:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Thunderbird
[2010/07/24 23:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\uTorrent
[2009/11/24 12:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Xtranormal
[2008/06/24 18:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Grisoft
[2008/11/07 13:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\MailFrontier
[2008/04/25 03:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Canon
[2008/04/22 07:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Grisoft
[2008/05/31 04:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\LimeWire
[2008/04/22 03:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\MailFrontier
[2008/04/23 00:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Thunderbird
[2011/11/07 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Canon
[2011/10/05 01:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\CheckPoint
[2013/01/25 03:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\ElevatedDiagnostics
[2013/01/31 04:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\FreeBurner
[2012/12/11 20:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Ifcaeb
[2013/01/31 05:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\ImgBurn
[2012/11/23 11:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\LimeWire
[2011/10/06 00:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\MailFrontier
[2009/10/26 19:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\MyVirtualHome
[2010/05/29 23:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\NCH Swift Sound
[2010/05/29 23:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Recordpad
[2012/07/31 02:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Reec
[2013/01/31 03:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\searchresultstb
[2010/05/07 22:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\SharePod
[2008/06/12 18:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Thunderbird
[2012/04/20 01:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\TomTom
[2012/07/31 01:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Uplui
[2012/12/11 02:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\WinBatch
[2013/01/28 02:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Windows Desktop Search
[2013/01/28 02:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Windows Search
[2010/12/16 14:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\WinPatrol
[2012/12/11 15:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Yqih

========== Purity Check ==========

< End of report >


----------



## speedyzap (Feb 26, 2006)

*Extras Txt log:*

OTL Extras logfile created on: 2/1/2013 1:49:30 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.48 Mb Total Physical Memory | 263.73 Mb Available Physical Memory | 34.36% Memory free
1.83 Gb Paging File | 1.36 Gb Available in Paging File | 74.17% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 73.48 Gb Free Space | 57.41% Space Free | Partition Type: NTFS

Computer Name: PETER-OYOU4XROG | User Name: PETER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe" = C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe:*:Enabled:Search-Results Toolbar DTX Broker

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40589552-3892-409E-B92C-9F5032A4B2F0}" = Safari
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{901B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{919F3D91-8374-410F-932B-A126F2C85426}" = e-tax 2009
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}" = e-tax 2012
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6BEB5BC-5386-4AF9-ADF2-8451BEB2A48B}" = Video Piggy
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AlphaBrowser v.1.3" = AlphaBrowser v.1.3
"ArcSoft PhotoBase" = ArcSoft PhotoBase
"audcle" = Plus! MP3 Audio Converter LE
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon ScanGear Toolbox 3.1" = Canon ScanGear Toolbox 3.1
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP6e.DLL" = Canon PIXMA iP1000
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DBX Viewer Free_is1" = DBX Viewer Free 1.0
"DirectDVD 6 HD" = DirectDVD 6 HD
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"Easy Outlook Express Repair_is1" = Easy Outlook Express Repair 1.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"e-tax 2008" = e-tax 2008
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Kernel for Outlook Express Evaluation Version_is1" = Kernel for Outlook Express Evaluation ver 9.04.01
"koyotesofttoolbarnew" = Search-Results Toolbar
"LimeWire" = LimeWire 5.5.14
"Mah Jong Quest_is1" = Mah Jong Quest
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyTomTom" = MyTomTom 3.2.0.802
"Outlook Express Backup Wizard_is1" = Outlook Express Backup Wizard version 1.1
"PhotoRecord" = Canon PhotoRecord
"PowerShell" = Windows PowerShell(TM) 1.0
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.90
"SCRABBLE  Journey" = SCRABBLE  Journey
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"UT2004-Demo" = Unreal Tournament 2004 Demo
"wa2wmp" = Windows Media Player Skin Importer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2013 7:50:30 AM | Computer Name = PETER-OYOU4XROG | Source = MsiInstaller | ID = 11303
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1303.
Setup cannot access the folder C:\Program Files\Microsoft Office. Verify that 
the folder exists in your system and that you have sufficient permissions to update
it.

Error - 1/28/2013 7:50:32 AM | Computer Name = PETER-OYOU4XROG | Source = MsiInstaller | ID = 11303
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1303.
Setup cannot access the folder C:\Program Files\Microsoft Office. Verify that 
the folder exists in your system and that you have sufficient permissions to update
it.

Error - 1/28/2013 7:57:38 AM | Computer Name = PETER-OYOU4XROG | Source = MsiInstaller | ID = 11303
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1303.
Setup cannot access the folder C:\Program Files\Microsoft Office. Verify that 
the folder exists in your system and that you have sufficient permissions to update
it.

Error - 1/28/2013 7:57:40 AM | Computer Name = PETER-OYOU4XROG | Source = MsiInstaller | ID = 11303
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1303.
Setup cannot access the folder C:\Program Files\Microsoft Office. Verify that 
the folder exists in your system and that you have sufficient permissions to update
it.

Error - 1/29/2013 9:58:34 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/29/2013 10:17:32 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/29/2013 10:31:30 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/29/2013 10:37:10 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/29/2013 12:52:18 PM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/29/2013 2:38:53 PM | Computer Name = PETER-OYOU4XROG | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 11.0.1.36, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/31/2013 8:44:05 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2

Error - 1/31/2013 8:44:05 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following 
error: %%5

Error - 1/31/2013 8:46:01 AM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon iP4200 failed to initialize because a suitable Canon
iP4200 driver could not be found.

Error - 1/31/2013 8:46:01 AM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon PIXMA iP1000 failed to initialize because a suitable
Canon PIXMA iP1000 driver could not be found.

Error - 1/31/2013 8:46:01 AM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 1/31/2013 9:03:28 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2

Error - 1/31/2013 9:03:28 AM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following 
error: %%5

Error - 1/31/2013 9:05:16 AM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon iP4200 failed to initialize because a suitable Canon
iP4200 driver could not be found.

Error - 1/31/2013 9:05:16 AM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon PIXMA iP1000 failed to initialize because a suitable
Canon PIXMA iP1000 driver could not be found.

Error - 1/31/2013 9:05:16 AM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

< End of report >


----------



## speedyzap (Feb 26, 2006)

I noticed these two under "files created in last 30 days": (they are the koyotes brand burner incorrectly downloaded by me)
[2013/01/31 03:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\FreeBurner
[2013/01/31 03:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy CD DVD Burner


----------



## kevinf80 (Mar 21, 2006)

Re-Run







by double left click, Vista and Widows 7 users accept UAC alert.

Under the







box at the bottom, paste in the following


```
:OTL
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/421"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&apn_ uid=6492560933454541&o=APN10649&q="
FF - user.js - File not found
[2013/01/18 17:19:27 | 000,001,100 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\searchplugins\produtools-manuals-21-customized-web-search.xml
[2013/01/31 03:49:15 | 000,002,687 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\searchplugins\Search_Results .xml
[2011/11/05 14:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/05 14:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
CHR - homepage: http://www.searchnu.com/421
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=AP N10649&apn_uid=6492560933454541&q={searchTerms}
Files
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\FreeBurner
C:\Program Files\Free Easy CD DVD Burner
C:\Documents and Settings\All Users\Application Data\Norton
C:\Documents and Settings\All Users\Application Data\NortonInstaller
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\BEC\Application Data\Grisoft
C:\Documents and Settings\DAN\Application Data\Grisoft
C:\Documents and Settings\DIANE\Application Data\Grisoft
C:\Documents and Settings\Guest\Application Data\Grisoft
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\FreeBurner
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Yqih
C:\Program Files\Searchqu Toolbar
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"koyotesofttoolbarnew"=-
:Commands
[Emptytemp]
[resethosts]
[createrestorepoint]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

Thanks...


----------



## speedyzap (Feb 26, 2006)

Kev

Ya got it mate! The bugs are gone as best as I can see. I only had to go into firefox options and re-set the home URL from home blank to google

That was a hard one and *well done!* I appreciate that you managed to do this despite your pressing schedule.

Would you be kind enough to answer my questions in my post 189 and if its astisfactory, I'll go for the Kaspersky Rescue boot in about 12 hours from now

Sooo... appreciate your good work!

*OTL kill log:*

All processes killed
========== OTL ==========
Prefs.js: "http://www.searchnu.com/421" removed from browser.startup.homepage
Prefs.js: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&apn_ uid=6492560933454541&o=APN10649&q=" removed from keyword.URL
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\searchplugins\produtools-manuals-21-customized-web-search.xml moved successfully.
File C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\searchplugins\Search_Results .xml not found.
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\koyotesofttoolbarnew not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Temp folder emptied: 0 bytes

User: BEC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DAN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DIANE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: PETER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: PETER.PETER-OYOU4XROG
->Temp folder emptied: 10291972 bytes
->Temporary Internet Files folder emptied: 314284396 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35838900 bytes
->Google Chrome cache emptied: 6251717 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: PETER.PETER-OYOU4XROG.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: TIM

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4279751 bytes

Total Files Cleaned = 354.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 02012013_035224

Files\Folders moved on Reboot...
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Temporary Internet Files\Content.IE5\T2IKZIF3\aclk[3].htm moved successfully.
C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Temporary Internet Files\Content.IE5\1M7ULTMC\1085772-uninstall-fixio-pc-cleaner-13[1].html moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## speedyzap (Feb 26, 2006)

Oh No!

Just checked google chrome and its still got the same firefox problem > http://www.searchnu.com/421 URL and malware bytes blocking outward !

I was hoping to give you a break for a while

IE and Firefox OK though


----------



## kevinf80 (Mar 21, 2006)

Regarding Chrome, open and run, then open new tab, type in *Chrome://extensions/* tap enter. Check through the extensions, if any that don`t need to be there hit the little dustbin on the right, that will remove it.
Change the home page to Google or similar.... If the issue is still there let me know..

Yes you can run Kaspersky Rescue Disk on the PC, see no reason why not...

Regarding section E question 4 in Kaspersky rescue disk, it looks self explanitory...

4. If any malicious items are found, the default settings are to prompt you for action with a red popup window on the bottom right. Delete is the recommended action in most cases but we strongly recommend that you try first to disinfect , and if it doesn't work chose to quarantine the infected files just to be on the safe side.
Instead of delete you choose disinfect, if that does not work choose quarantine. Delete is final, no way back!!

***Edit, what version of Chrome to you have??

Kevin....:up:


----------



## speedyzap (Feb 26, 2006)

!] You got google chrome working. I set the home page to google and strangley enough that got rid of the other tool bar> now all three browsers working :up:

2] I have Version 24.0.1312.57 m [chrome]

3] Will do rescue disc when I have time

Thanks cobber


----------



## kevinf80 (Mar 21, 2006)

Chrome have a new version 25 available, it is in Beta at present but does work very well (If you like Chrome, Yuk) One of the biggest problems with Chrome has been hidden addons to extensions. These legitimate extensions are installed but do come with a malignant addon that is unseen and very difficult to find. This problem is supposedly cured with the release of version 25. As far as I know it is still in Beta and not available as a public update.

I did d/l and install that version from here http://fileforum.betanews.com/detail/Google-Chrome-v25/1220379960/10 I must admit up to now I have not used it, you maybe able to get it direct from Chrome shortly....

Let me know how you get on with Kaspersky rescue disk.... If we are still stuck with issues I think maybe best to remove all of the tools we`ve used up to know, start again from a clean sheet....

Been a bit of a journey but i`m sure we`ll get there in the end....

Kevin...:up:


----------



## speedyzap (Feb 26, 2006)

The Kaspersy scan has been running for about over an hour now, but each half hour or so I come back, the estimated finish time for the scan bumps up an hour or more??? Started saying estimate was about 3 hours, now saying 6 hours to finish scan. I find that hard to believe? Will keep looking in on the scan from time to time.

I checked the C:/ drive box to be included in scan. In Step D:, nothing in writing about that, but only advised in pic

Also, I noticed that in Step D: 1] that this window pic did not come up and neither did the 'white coloured consol window" pic in Step D: 2]. It just automatically jumped to Step E: 1] with the green Kapersky rescue Disc / My update Centre window. All seems to be scanning well so far ..... but unsually long in scan time estimate 6-7 hours?? No warning in directions it might take that long in "Objects bScan". No malicious objects found so far (after about one and a half hours into scan). I thought they should pop up one by one as the scan progressed??

Edit: Its now saying 27% of objects scanned and 7 hours to finish scan. No objects popped up yet for deleting or disinfecting, etc

Edit: I accidentally stopped the scan clicking on the time delay estimate and it then upgraded the box saying "no threats found" then it gave me the option "to resume where it stopped" I clicked on that and it is continuing on without going back to the start of scan. I note the estimated time to finish now says unknown. i'd estimate that if it took about an hour and a quarter to do 25% then it should take another 3-4 hours or so.

Edit: the objects scan is now saying "Finish in 1 Day" - something got to be wrong here? Any comment?

(The scan% is going from 27% to 26% and back to 27% now. I note the scan bar is ticking over files being scanned quickly)

(this post via my laptop)


----------



## kevinf80 (Mar 21, 2006)

The scan takes as long as it takes, I cannot give estimates. All I can say is make sure you do not interact with the PC as Kaspersky runs, try to let it run uninterrupted


----------



## speedyzap (Feb 26, 2006)

OK will try and be patient. 

Its now saying 32% scanned and finish in 7 hours. Obviously a poorly designed estimator.

Surprised no objects have been found after 30% scanned ? Could it be because I deleted nearly all of the downloaded music and REAL Player video files the other day (about 20 GB's worth)? Never know how many bugs I got rid of doing that!

Edit; Appears 3 objects found so far and one message saying something was password protected. But no requests for any action (deletion, etc) on my part. Scan contiues....


----------



## kevinf80 (Mar 21, 2006)

Okey dokey...


----------



## speedyzap (Feb 26, 2006)

Rescue Disc Finished its run after about 8 hours

I "quarantined" 2 objects

*Here is the "ScanObject' log as under:*

Objects Scan: completed <1 minute ago (events: 13, objects: 705238, time: 05:25:22)	
2/2/13 5:49 AM	Task completed 
2/2/13 5:46 AM	Detected: HEUR:Trojan.Win32.Generic	C:/Documents and Settings/PETER.PETER-OYOU4XROG/My Documents/spyware doctor sdsetup.exe/data0193 
2/2/13 5:41 AM	Detected: HEUR:Trojan.Win32.Generic	C:/Documents and Settings/PETER.PETER-OYOU4XROG/My Documents/sdsetup.exe/data0254 
2/2/13 3:03 AM	Untreated: HEUR:Trojan.Win32.Generic	C:/Documents and Settings/PETER.PETER-OYOU4XROG/My Documents/sdsetup.exe/data0254	Postponed	
2/2/13 3:03 AM	Detected: HEUR:Trojan.Win32.Generic	C:/Documents and Settings/PETER.PETER-OYOU4XROG/My Documents/sdsetup.exe/data0254 
2/2/13 3:02 AM	Processing error	C:/Documents and Settings/PETER.PETER-OYOU4XROG/My Documents/fuu_-win-mg5300-1_0-ea7.exe	Read error	
2/2/13 3:02 AM	Processing error	C:/Documents and Settings/PETER.PETER-OYOU4XROG/My Documents/OEBackup5-11-2010.oeb	Read error	
2/2/13 3:02 AM	Processing error	C:/Documents and Settings/PETER.PETER-OYOU4XROG/My Documents/OEBackup5-11-2010.oeb/{24E90574-EB22-4DEA-9484-65D680F578C4}/Inbox.dbx	Read error	
2/2/13 2:56 AM	Untreated: HEUR:Trojan.Win32.Generic	C:/Documents and Settings/PETER.PETER-OYOU4XROG/My Documents/spyware doctor sdsetup.exe/data0193	Postponed	
2/2/13 2:56 AM	Detected: HEUR:Trojan.Win32.Generic	C:/Documents and Settings/PETER.PETER-OYOU4XROG/My Documents/spyware doctor sdsetup.exe/data0193 
2/2/13 12:23 AM	Task started 
2/2/13 12:23 AM	Task stopped 
2/1/13 9:37 PM	Task started

*Get your next response in about 10 hours (thanks so far...)*


----------



## kevinf80 (Mar 21, 2006)

When you`re ready run OTL and post fresh logs, slight difference on te script this time:

Download







*OTL* from any of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTL.exe
http://itxassociates.com/OT-Tools/OTL.com
http://www.itxassociates.com/OT-Tools/OTL.scr

 Double click on the icon







to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
 When the window appears, underneath *Output* at the top, make sure *Standard output* is selected.
 Select *Scan all users*
 Under the *Extra Registry* section, check *Use SafeList*
 In the lower right corner, checkmark *"LOP Check"* and checkmark *"Purity Check".*
 Under the Custom Scan box paste this in:


```
netsvcs
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
msconfig
%SYSTEMDRIVE%\*.exe
%LOCALAPPDATA%\*.exe
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
```

 Click the







button. Do not change any settings unless otherwise told to do so. The scan wont take long.
 When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
 Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Kevin...


----------



## speedyzap (Feb 26, 2006)

*OTL.Txt log:*

OTL logfile created on: 2/2/2013 12:49:45 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.48 Mb Total Physical Memory | 318.23 Mb Available Physical Memory | 41.46% Memory free
1.83 Gb Paging File | 1.42 Gb Available in Paging File | 77.12% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 73.57 Gb Free Space | 57.48% Space Free | Partition Type: NTFS

Computer Name: PETER-OYOU4XROG | User Name: PETER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/20 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/10 19:17:48 | 000,436,728 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2012/05/30 04:12:49 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/04 18:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 06:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

========== Modules (No Company Name) ==========

MOD - [2012/09/10 19:17:56 | 000,025,592 | ---- | M] () -- C:\Program Files\MyTomTom 3\DeviceDetection.dll
MOD - [2012/09/10 19:17:52 | 000,254,968 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2012/09/10 19:17:50 | 000,073,720 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll

========== Services (SafeList) ==========

SRV - [2013/01/13 13:35:03 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/31 09:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Auto | Stopped] -- aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/12/14 16:49:28 | 000,018,800 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/31 09:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/31 09:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/31 09:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/31 09:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/31 09:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/31 09:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/14 05:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/03/08 15:34:46 | 004,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2001/11/22 16:08:06 | 000,070,528 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttrak.sys -- (fasttrak)
DRV - [2001/08/18 00:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 23:12:02 | 000,063,208 | ---- | M] (Intel Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc21x4.sys -- (DC21x4)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1659004503-362288127-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledAddons: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&apn_uid=6492560933454541&o=APN10649&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/30 04:14:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 21:53:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/22 23:12:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/30 04:13:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/01/22 23:12:08 | 000,000,000 | ---D | M]

[2013/01/31 03:49:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions
[2012/04/20 01:38:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions\[email protected]
[2010/08/11 03:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Extensions\[email protected]
[2013/01/31 22:19:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\extensions
[2013/01/31 03:49:15 | 000,002,687 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Mozilla\Firefox\Profiles\8a03imtq.default\searchplugins\Search_Results.xml
[2013/01/31 07:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/30 04:14:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/06/16 21:53:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/30 04:13:07 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/421
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=6492560933454541&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.searchnu.com/421
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16299 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/01 03:52:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1659004503-362288127-839522115-1004..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Config.Msi\c2f98.rbf (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\DAN\Start Menu\Programs\Startup\DirectDVD Update Manager.lnk = C:\Program Files\Orion Studios HD\UpdateHD.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\\PartyPoker\RunApp.exe ()
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/downl...75-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} https://video.manheim.com/lib/LiveSound.dll (lgbplay Class)
O16 - DPF: {447F8438-8124-4369-905B-A249E13CBBFC} http://pickles.liveblockauctions.com/install/new/lgbkc.cab (LgbContent Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1208852273484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1358857466468 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98A06A82-F53F-444E-B6B9-11259873A459}: DhcpNameServer = 10.1.1.1
O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL) - C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/22 01:48:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: *Adobe ARM* - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: *MyTomTomSA.exe* - hkey= - key= - C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
MsConfig - StartUpReg: *SunJavaUpdateSched* - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: *TomTomHOME.exe* - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/02 08:06:33 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/01/31 05:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\ImgBurn
[2013/01/31 05:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2013/01/31 05:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2013/01/31 04:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\kav_rescue_10
[2013/01/31 04:33:55 | 006,118,990 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\SetupImgBurn_2.5.7.0.exe
[2013/01/31 03:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\AppData
[2013/01/31 03:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\searchresultstb
[2013/01/31 03:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Wincert
[2013/01/31 03:49:17 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll
[2013/01/31 03:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\FreeBurner
[2013/01/31 03:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy CD DVD Burner
[2013/01/31 01:51:41 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/01/31 01:50:33 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTM.exe
[2013/01/29 20:16:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\RK_Quarantine
[2013/01/29 00:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/01/29 00:35:39 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/01/29 00:35:39 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/01/29 00:35:38 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/01/29 00:35:38 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/01/29 00:35:37 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/01/29 00:35:37 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2013/01/29 00:35:37 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2013/01/29 00:35:36 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2013/01/29 00:34:49 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/01/29 00:34:47 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/01/28 02:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2013/01/28 02:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Windows Search
[2013/01/28 02:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Windows Desktop Search
[2013/01/28 02:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2013/01/28 02:39:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/01/28 02:37:47 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2013/01/28 02:37:47 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2013/01/28 02:37:47 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2013/01/28 00:13:03 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\TFC.exe
[2013/01/26 23:16:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/01/26 22:57:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013/01/26 17:22:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/26 15:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2013/01/26 01:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2013/01/26 01:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2013/01/26 01:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2013/01/25 07:55:41 | 002,013,672 | ---- | C] (Driver Manager) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\DriverManager.exe
[2013/01/25 03:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DVD Check Result Report_files
[2013/01/25 03:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\ElevatedDiagnostics
[2013/01/25 03:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2013/01/25 03:01:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2013/01/25 01:00:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/01/23 23:12:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/23 23:12:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/23 23:12:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/23 23:12:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/23 23:12:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2013/01/23 23:11:39 | 005,026,296 | R--- | C] (Swearware) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\ComboFix.exe
[2013/01/23 21:00:57 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\tdsskiller.exe
[2013/01/23 21:00:55 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/01/23 15:45:35 | 000,350,915 | ---- | C] (Farbar) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\FSS.exe
[2013/01/23 13:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
[2013/01/23 13:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/23 13:43:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/01/23 06:04:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/01/23 05:41:20 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/01/23 05:41:13 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2013/01/23 05:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2013/01/23 05:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/01/23 05:30:16 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2013/01/23 05:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\tweaking.com_windows_repair_aio
[2013/01/23 03:42:53 | 011,088,872 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\mseinstall.exe
[2013/01/23 00:40:16 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismp.sys
[2013/01/22 22:08:59 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2013/01/22 22:08:59 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2013/01/22 22:08:59 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2013/01/22 22:08:59 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2013/01/22 22:08:59 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2013/01/22 22:08:59 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2013/01/22 22:08:59 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2013/01/22 22:08:59 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2013/01/22 22:08:59 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2013/01/22 22:08:59 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2013/01/22 22:08:59 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2013/01/22 22:08:59 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2013/01/22 22:08:59 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2013/01/22 22:08:59 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2013/01/22 22:08:59 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2013/01/22 21:58:25 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2013/01/22 20:57:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2013/01/22 20:39:58 | 278,927,592 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\WindowsXP-KB835935-SP2-ENU.exe
[2013/01/21 14:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2013/01/21 14:17:38 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\MGADiag.exe
[2013/01/20 22:41:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/20 19:58:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
[2013/01/20 00:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp_files
[2013/01/18 19:09:54 | 003,362,744 | ---- | C] (http://www.maxuninstaller.com/ ) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MaxUninstaller_Setup.exe
[2013/01/16 01:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\WMTools Downloaded Files
[2013/01/15 00:54:05 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit.wu.FISC.156281598502540974.3.1.Run.exe
[2013/01/04 14:04:47 | 000,000,000 | ---D | C] -- C:\400489b79493023d5f

========== Files - Modified Within 30 Days ==========

[2013/02/02 12:35:00 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/02/02 12:34:30 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1004.job
[2013/02/02 12:34:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/02 12:34:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-362288127-839522115-1005.job
[2013/02/02 12:33:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/02 06:27:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/02 06:05:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/01 18:06:47 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1004.job
[2013/02/01 17:35:32 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/01 08:14:44 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/02/01 03:52:54 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/02/01 01:46:00 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Windows Update.job
[2013/01/31 18:39:52 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2013/01/31 07:35:02 | 000,580,235 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
[2013/01/31 06:28:31 | 296,022,016 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\kav_rescue_10.iso
[2013/01/31 05:05:37 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2013/01/31 05:05:37 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2013/01/31 04:33:55 | 006,118,990 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\SetupImgBurn_2.5.7.0.exe
[2013/01/31 01:50:38 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTM.exe
[2013/01/30 05:15:02 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/29 00:35:40 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/01/29 00:35:37 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/01/29 00:22:54 | 097,565,024 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\avast_free_antivirus_setup.exe
[2013/01/28 21:03:22 | 000,506,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/28 21:03:22 | 000,088,078 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/28 04:57:20 | 000,001,954 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/01/28 04:56:59 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/28 02:46:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/28 02:39:42 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/01/28 00:26:51 | 000,265,598 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\dotnetfx_cleanup_tool.zip
[2013/01/28 00:13:06 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\TFC.exe
[2013/01/26 22:11:38 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\fixme.reg
[2013/01/26 22:02:18 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/01/26 22:02:18 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/01/26 21:23:20 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2013/01/26 16:15:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-362288127-839522115-1005.job
[2013/01/26 15:36:51 | 000,866,592 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\Norton_Removal_Tool.exe
[2013/01/25 17:53:31 | 000,178,770 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\PIF IMF Update to Group Members 25 Jan 2013.pdf
[2013/01/25 07:55:56 | 002,013,672 | ---- | M] (Driver Manager) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\DriverManager.exe
[2013/01/25 03:09:42 | 000,036,706 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DVD Check Result Report.htm
[2013/01/24 02:01:37 | 000,141,738 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_23.01.2013_21.25.23_log.zip
[2013/01/24 01:19:25 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/23 23:11:47 | 005,026,296 | R--- | M] (Swearware) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\ComboFix.exe
[2013/01/23 21:19:01 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\tdsskiller.exe
[2013/01/23 15:45:39 | 000,350,915 | ---- | M] (Farbar) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\FSS.exe
[2013/01/23 06:04:46 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/01/23 05:35:23 | 000,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/01/23 05:16:23 | 003,293,002 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\tweaking.com_windows_repair_aio.zip
[2013/01/23 03:59:32 | 011,088,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\mseinstall.exe
[2013/01/22 23:12:08 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/01/22 20:58:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/01/22 20:49:33 | 278,927,592 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\WindowsXP-KB835935-SP2-ENU.exe
[2013/01/21 14:17:43 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\MGADiag.exe
[2013/01/20 19:58:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\OTL.com
[2013/01/20 00:50:25 | 000,052,195 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp.htm
[2013/01/18 19:10:09 | 003,362,744 | ---- | M] (http://www.maxuninstaller.com/ ) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MaxUninstaller_Setup.exe
[2013/01/18 01:52:29 | 001,615,449 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DELONGHI PAC W150 ECO USER MANUAL GB-5751018800.pdf
[2013/01/15 00:54:10 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit.wu.FISC.156281598502540974.3.1.Run.exe
[2013/01/14 20:16:30 | 000,983,040 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit50777.msi
[2013/01/13 13:35:02 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/13 13:35:02 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/12 01:37:51 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\WindowsXP-KB942288-v3-x86.exe
[2013/01/06 16:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

========== Files Created - No Company Name ==========

[2013/01/31 05:05:37 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2013/01/31 05:05:37 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2013/01/31 03:33:51 | 296,022,016 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\kav_rescue_10.iso
[2013/01/29 00:35:40 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/01/29 00:35:37 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/29 00:22:49 | 097,565,024 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\avast_free_antivirus_setup.exe
[2013/01/28 02:39:42 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2013/01/28 02:39:42 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/01/28 02:35:44 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013/01/28 00:26:43 | 000,265,598 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\dotnetfx_cleanup_tool.zip
[2013/01/26 22:11:38 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\fixme.reg
[2013/01/26 15:36:29 | 000,866,592 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\Norton_Removal_Tool.exe
[2013/01/25 17:53:31 | 000,178,770 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\PIF IMF Update to Group Members 25 Jan 2013.pdf
[2013/01/25 03:09:41 | 000,036,706 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DVD Check Result Report.htm
[2013/01/24 02:01:36 | 000,141,738 | ---- | C] () -- C:\TDSSKiller.2.8.15.0_23.01.2013_21.25.23_log.zip
[2013/01/23 23:12:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/23 23:12:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/23 23:12:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/23 23:12:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/23 23:12:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/23 05:35:23 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/01/23 05:12:05 | 003,293,002 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\tweaking.com_windows_repair_aio.zip
[2013/01/23 03:47:33 | 000,001,954 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/01/22 23:12:08 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/22 23:12:08 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/01/20 18:24:54 | 000,580,235 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop\adwcleaner.exe
[2013/01/20 00:50:24 | 000,052,195 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\article.asp.htm
[2013/01/18 01:52:28 | 001,615,449 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\DELONGHI PAC W150 ECO USER MANUAL GB-5751018800.pdf
[2013/01/15 01:37:12 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Windows Update.job
[2013/01/14 20:16:25 | 000,983,040 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\MicrosoftFixit50777.msi
[2013/01/12 01:35:56 | 003,327,000 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\My Documents\WindowsXP-KB942288-v3-x86.exe
[2012/11/22 14:36:35 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\.backup.dm
[2012/07/21 16:44:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/07/21 16:44:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/07/21 16:43:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2012/03/11 13:14:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/05 23:52:30 | 000,081,321 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2011/10/05 00:32:22 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2011/10/05 00:32:22 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2011/10/05 00:32:22 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2009/01/27 21:26:08 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/04/22 02:18:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/06/24 23:10:44 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 23:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 11:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/29 00:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2008/04/22 04:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/12/12 01:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/11/07 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/09/20 19:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2008/04/22 07:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/07/17 06:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2008/04/22 03:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/10/26 18:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyVirtualHome
[2010/07/25 13:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/04/20 01:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2013/01/31 03:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wincert
[2009/02/19 04:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2008/10/20 20:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\Canon
[2008/04/22 09:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\Grisoft
[2009/07/17 17:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\LimeWire
[2008/07/16 15:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\MailFrontier
[2008/09/23 13:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BEC\Application Data\SharePod
[2012/01/13 13:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Canon
[2008/04/23 22:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Grisoft
[2008/07/21 18:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\MailFrontier
[2010/05/30 11:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\NCH Swift Sound
[2010/05/30 11:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\Recordpad
[2010/07/11 13:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DAN\Application Data\SharePod
[2012/06/20 15:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Canon
[2010/05/29 19:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\FreeAudioPack
[2008/04/22 16:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Grisoft
[2009/09/03 17:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\LimeWire
[2008/07/19 13:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\MailFrontier
[2010/07/25 13:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\NCH Swift Sound
[2008/07/12 18:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\PowerChallenge
[2010/05/30 08:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Recordpad
[2009/07/27 13:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\SharePod
[2009/01/21 10:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Thunderbird
[2010/07/24 23:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\uTorrent
[2009/11/24 12:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DIANE\Application Data\Xtranormal
[2008/06/24 18:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Grisoft
[2008/11/07 13:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\MailFrontier
[2008/04/25 03:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Canon
[2008/04/22 07:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Grisoft
[2008/05/31 04:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\LimeWire
[2008/04/22 03:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\MailFrontier
[2008/04/23 00:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER\Application Data\Thunderbird
[2011/11/07 16:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Canon
[2011/10/05 01:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\CheckPoint
[2013/01/25 03:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\ElevatedDiagnostics
[2013/01/31 04:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\FreeBurner
[2012/12/11 20:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Ifcaeb
[2013/01/31 05:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\ImgBurn
[2012/11/23 11:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\LimeWire
[2011/10/06 00:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\MailFrontier
[2009/10/26 19:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\MyVirtualHome
[2010/05/29 23:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\NCH Swift Sound
[2010/05/29 23:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Recordpad
[2012/07/31 02:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Reec
[2013/01/31 03:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\searchresultstb
[2010/05/07 22:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\SharePod
[2008/06/12 18:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Thunderbird
[2012/04/20 01:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\TomTom
[2012/07/31 01:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Uplui
[2012/12/11 02:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\WinBatch
[2013/01/28 02:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Windows Desktop Search
[2013/01/28 02:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Windows Search
[2010/12/16 14:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\WinPatrol
[2012/12/11 15:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PETER.PETER-OYOU4XROG\Application Data\Yqih

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %SYSTEMDRIVE%\*.exe >
[2010/09/14 13:43:14 | 012,954,624 | ---- | M] () -- C:\etax2010.exe
[2010/09/14 13:45:36 | 000,729,600 | ---- | M] () -- C:\etaxHelp.exe
[2009/08/07 00:06:54 | 001,740,913 | ---- | M] () -- C:\PartyGaming.exe
[2010/03/15 11:26:53 | 000,378,880 | ---- | M] () -- C:\Rar.exe
[2010/03/15 11:28:23 | 000,045,056 | ---- | M] () -- C:\RarExtLoader.exe
[2004/06/12 08:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe
[2010/03/15 11:26:53 | 000,246,272 | ---- | M] () -- C:\UnRAR.exe
[2006/05/06 19:46:34 | 000,093,184 | ---- | M] () -- C:\vlc.exe
[2010/01/30 00:41:14 | 000,112,640 | ---- | M] () -- C:\vlccfg.exe
Invalid Environment Variable: LOCALAPPDATA

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< MD5 for: EXPLORER.EXE >
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 22:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 11:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 11:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 11:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >


----------



## speedyzap (Feb 26, 2006)

*Extras.Txt log:*

OTL Extras logfile created on: 2/2/2013 12:49:45 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\PETER.PETER-OYOU4XROG\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.48 Mb Total Physical Memory | 318.23 Mb Available Physical Memory | 41.46% Memory free
1.83 Gb Paging File | 1.42 Gb Available in Paging File | 77.12% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 73.57 Gb Free Space | 57.48% Space Free | Partition Type: NTFS

Computer Name: PETER-OYOU4XROG | User Name: PETER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe" = C:\Program Files\Searchqu Toolbar\Datamngr\SRTOOL~1\dtUser.exe:*:Enabled:Search-Results Toolbar DTX Broker

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40589552-3892-409E-B92C-9F5032A4B2F0}" = Safari
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{901B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{919F3D91-8374-410F-932B-A126F2C85426}" = e-tax 2009
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}" = e-tax 2012
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6BEB5BC-5386-4AF9-ADF2-8451BEB2A48B}" = Video Piggy
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AlphaBrowser v.1.3" = AlphaBrowser v.1.3
"ArcSoft PhotoBase" = ArcSoft PhotoBase
"audcle" = Plus! MP3 Audio Converter LE
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon ScanGear Toolbox 3.1" = Canon ScanGear Toolbox 3.1
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP6e.DLL" = Canon PIXMA iP1000
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DBX Viewer Free_is1" = DBX Viewer Free 1.0
"DirectDVD 6 HD" = DirectDVD 6 HD
"drmtool.inf" = Personal License Update Wizard for Windows Media Player
"Easy Outlook Express Repair_is1" = Easy Outlook Express Repair 1.2
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"e-tax 2008" = e-tax 2008
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Kernel for Outlook Express Evaluation Version_is1" = Kernel for Outlook Express Evaluation ver 9.04.01
"koyotesofttoolbarnew" = Search-Results Toolbar
"LimeWire" = LimeWire 5.5.14
"Mah Jong Quest_is1" = Mah Jong Quest
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyTomTom" = MyTomTom 3.2.0.802
"Outlook Express Backup Wizard_is1" = Outlook Express Backup Wizard version 1.1
"PhotoRecord" = Canon PhotoRecord
"PowerShell" = Windows PowerShell(TM) 1.0
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.90
"SCRABBLE  Journey" = SCRABBLE  Journey
"TomTom HOME" = TomTom HOME 2.8.3.2499
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"UT2004-Demo" = Unreal Tournament 2004 Demo
"wa2wmp" = Windows Media Player Skin Importer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1659004503-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2013 7:50:32 AM | Computer Name = PETER-OYOU4XROG | Source = MsiInstaller | ID = 11303
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1303.
Setup cannot access the folder C:\Program Files\Microsoft Office. Verify that 
the folder exists in your system and that you have sufficient permissions to update
it.

Error - 1/28/2013 7:57:38 AM | Computer Name = PETER-OYOU4XROG | Source = MsiInstaller | ID = 11303
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1303.
Setup cannot access the folder C:\Program Files\Microsoft Office. Verify that 
the folder exists in your system and that you have sufficient permissions to update
it.

Error - 1/28/2013 7:57:40 AM | Computer Name = PETER-OYOU4XROG | Source = MsiInstaller | ID = 11303
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1303.
Setup cannot access the folder C:\Program Files\Microsoft Office. Verify that 
the folder exists in your system and that you have sufficient permissions to update
it.

Error - 1/29/2013 9:58:34 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/29/2013 10:17:32 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/29/2013 10:31:30 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/29/2013 10:37:10 AM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/29/2013 12:52:18 PM | Computer Name = PETER-OYOU4XROG | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 7.6.2.9, faulting module 
unknown, version 0.0.0.0, fault address 0x10001040.

Error - 1/29/2013 2:38:53 PM | Computer Name = PETER-OYOU4XROG | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 11.0.1.36, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/1/2013 3:20:12 PM | Computer Name = PETER-OYOU4XROG | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/1/2013 3:04:31 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2

Error - 2/1/2013 3:04:31 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following 
error: %%5

Error - 2/1/2013 3:05:53 PM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon iP4200 failed to initialize because a suitable Canon
iP4200 driver could not be found.

Error - 2/1/2013 3:05:53 PM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon PIXMA iP1000 failed to initialize because a suitable
Canon PIXMA iP1000 driver could not be found.

Error - 2/1/2013 3:05:53 PM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

Error - 2/1/2013 9:33:22 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The aswFsBlk service failed to start due to the following error: %%2

Error - 2/1/2013 9:33:22 PM | Computer Name = PETER-OYOU4XROG | Source = Service Control Manager | ID = 7000
Description = The avast! Antivirus service failed to start due to the following 
error: %%5

Error - 2/1/2013 9:35:15 PM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon iP4200 failed to initialize because a suitable Canon
iP4200 driver could not be found.

Error - 2/1/2013 9:35:15 PM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Canon PIXMA iP1000 failed to initialize because a suitable
Canon PIXMA iP1000 driver could not be found.

Error - 2/1/2013 9:35:15 PM | Computer Name = PETER-OYOU4XROG | Source = Print | ID = 23
Description = Printer Microsoft XPS Document Writer failed to initialize because
a suitable Microsoft XPS Document Writer driver could not be found.

< End of report >


----------



## kevinf80 (Mar 21, 2006)

What is the current status of your system? That log indicates that Chrome (yuk) has incorrect home page again...

Click the Chrome menu icon on the browser toolbar (Stack of Plates, top righthand corner).
Select Settings. In the new page click "Show advanced settings" at the bottom of the page.
In the On startup section, choose the options below:

*Open a New Tab page:* then *"Set Pages"*

In the new window clear the current setting by selecting the *X* on that line.
Set this URL. *http://www.google.co.??* then OK that setting....
Put your country letters in place of *??* United Kingdom is UK, Australia is AU.....

Next,

Open a new tab, Type the following into the address box and hit Enter:

*chrome://extensions*

In the new page check and remove any unwanted/unfamiliar extensions. (Click on recycle bin)

Do the same for:

*chrome://plugins*

In the new page check and disable any unwanted/unfamiliar plugins

Next:

Click the wrench or stack of plates (Top righthand corner), In the box that opens:-

Go to Settings > Show advanced settings........ (at the bottom)

Under "Privacy" open "Clear browsing data" put check mark in the following :-


 Clear browsing history
 Clear download history
 Empty the cache
 Delete Cookies and other site plug-in data
 Set the delete time to maximum by using the dropdown in "Obliterate the following items from:"
 Then Click "Clear Browsing Data"

Next:

Click the wrench or stack of plates (Top righthand corner), In the box that opens Click on "About Google Chrome"

If an update is available it will be downloaded and installed....

Let me know if that helps with Chrome,


----------



## speedyzap (Feb 26, 2006)

Hi Kev
My home page (google) is actually coming up alright when I click on the chrome icon

I'll have to get back to you on the state of play as I'm not well today

I guess whats next, is I try and install one of the Security systems - is that what you were thinkinkg?

Remember the Frameworks and Windows updates have not been re-attempted again yet. I suppose trying the security system is next

If I'm feeling better to morrow I'll try fiddling with chrome as per your advice


----------



## kevinf80 (Mar 21, 2006)

OK, hope you get well quickly. Regarding security, AVast is showing as installed, is that working, e.g. updating realtime protection active etc etc....
Regarding windows updates, I thought they were working OK?


----------



## speedyzap (Feb 26, 2006)

Avast is still not working (says stopped). Updates not working (says Avast not running). Scanner not working (says no endpoints)? . Remember, it does work in safe mode which is strange. Avast does not show up in add /remove programs, only in Start / All Programs. Also I'll need a removal tool for it because there is no uninstall option given
Should I uninstall it and try another security system?

Didn't say Windows updates were not working, only said have not tried to update since the last lot of scans and deletions of Framework. Wondering if to wait to try to install another Security Sytem before updating?


----------



## kevinf80 (Mar 21, 2006)

Removal Utility for Avast available here: http://www.avast.com/uninstall-utility Personally I feel the best way forward with your system is to Reformat the HD then re-install XP, when that is complete you would need the service packs d/l and updating. 
There appears to be to many errors that we`ve been unable to fix, possibly registry damage from all of the attempts we`ve made. At present we are just chasing our tails and not making any real progress.
Let me know your thoughts on that suggestion...

Kevin...


----------



## speedyzap (Feb 26, 2006)

Yep I was thinking along similar lines Kev

I have always had a problem with re-formating (otherwise I would have done it ages ago) because I am involved with an action group that has approx 1000 investor members trying to get some of our money back from a failed investment. As this group started slowly with 10 members, 20, 100, etc...and now 1000, I made the mistake (not knowing how large the group would grow) of putting all my group emails in Outlook Express and all my data left in OE inbox, drafts and sent. A hell of a lot of legal, business and evidence data.

I would need to be able to save all those files (bak, email groups, etc) first before I could do a reformat. Hence, why I have gone to so much trouble with you to save the OS mainly for its precious OE data. Note: these files are vital because we have engaged in a class action for millions of dollars against our investment funds former managers. I have saved all of "My Documents" and "My Pictures" where some of these files are kept also.

Are you adept at saving OE files?
If I can save these OE files (drafts, inbox, sent) - would I be able to re-install them into the new (reformated) OE?
I suppose I could try and install them into my laptop OE to experiment first.
I remind, it appears my laptop has been compromised by some viruses or curruptions as well. But I think its worth the experiment to ensure that a reformated OE would accept these OE files/data

If it cannot be done, it may be best for me to simply install a new IDE HD in my desktop and take the compromised existing HD out, and use the new HD and newly re-formatted OS install for day to day use and the simply connect my old compromised HD when I need it for its precious data.

I am also at the stage of getting a new quality computer, with capacity for numerous HD's. Someone told me that its possible my old OE data can actually be installed on the new Windows 7 mail system. is that right??

Any comments?


----------



## kevinf80 (Mar 21, 2006)

I don`t use or have experience with Outlook Express, I believe the information you require can be found here:

http://office.microsoft.com/en-gb/outlook-help/back-up-outlook-e-mail-messages-HA001103081.aspx

The backed up info can be transferred to a new system, does that help you?

Also I did not realize this was such an important system we are dealing with, Protocol here at TSG is to work on personal systems only, we do not work on company/business systems of any type or form.

The intention of this forum is not to replace a company's IT department or outsource staff, nor can we anticipate alterations or configurations that may have been made to a business machine, or how it will interact with the tools commonly used in the removal of malware.

I suppose if your Laptop is used as a similar company/business system we have the same problem...

Kevin...


----------



## speedyzap (Feb 26, 2006)

1] No! This is definitely not a company PC. I am simply a private investor who's volunteer job it is to keep the data of other private investors and their attempts to retrieve their lost investment, so that it can be utilised whenever needed to advance our claims. My laptop is fully private as well. 

I have at one time brought my PC to a computer tech to help resolve some issues, but they were only partly resolved because of lack of time, etc. That tech saved the OE & My Documents data onto a thumb drive. Unfortunately that thumb drive lost the backup data for what reason I do not know. And the temp data back up the tech kept for me was some time ago and was wiped as they only keep temp back up for a few weeks. The tech backed up my OE wab, bak, etc files then, but have been lost since then. When I recently checked that memory stick (flash drive) it was empty, saying a format was required. Obviously, some fault with the stick or came to close to an electrical field, who knows

2] The Avast removal tool did not work in safe mode (as recommended), probably because I ran the uninstall without entering a path. It says: 
"To uninstall Avast enter path to folder where the selected product is installed. Make sure contains products program files. All files from the folder will be deleted.
What path should I install into the space. It appears to have a browser tool to search for a path?

3] I'll have a look at the OE link you gave me


----------



## kevinf80 (Mar 21, 2006)

What about running a repair install of the operating system. That will basically only rewrite XP system from your installation CD over the top of the already installed version. All other files, folders, data etc will supposedly be left intact.
Personally I would back up anything crucial just incase anything went wrong.
The rewrite will put the system back to original version as per the CD, therefore SP2 and SP3 would have to be d/l and the system updated.
Here are the instructions, have a look at them and tell me what you think.....

Repair install Windows XP

I dont want you to do a recovery or full install but a repair install and see if that gets you up and running.
1.
Place your XP CD in the tray and re-boot, you should see the following image as it boots:










When the Press any key to boot from CD message is displayed on your screen, press a key to start your computer from the Windows XP CD. If you do not see that image you will have to change the boot order in the bios..
2.
Press ENTER when you see the message To setup Windows XP now, and then press ENTER displayed on the Welcome to Setup screen.
3.
*Do NOT choose the option to press R to use the Recovery Console.*
4.
In the Windows XP Licensing Agreement, press F8 to agree to the license agreement.
5.
Make sure that your current installation of Windows XP is selected in the box, and then press R to repair Windows XP.
6.
Follow the instructions on the screen to complete Setup.

This will install your OS over the top of the original, No data should be lost that way. It is always prudent to back up any importent data before you begin.

Kevin


----------



## speedyzap (Feb 26, 2006)

G'day Kev

What I did was, I put the Win XP disc in the drive and hit F11 till it comes up and gives you the option to scroll down to DVD drive and hit any key to run disc in boot mode. You have to do it quick or it loads into normal mode. I got the full black screen, but I did not proceed to Windows repair as I want to make sure I back up all OE files in my account and another account users OE on same desktop

Just another point: I tried to do a repair in normal mode as an exericise while posting with you the other day. XP said, that it could not repair because the XP system on the HD was a later version (paraphrase). Did I understand your instructions in your last post to say that I would have to delete Service Pack 2 and Service Pack 3 before attmpting the boot disc repair?

Will get back to you when I have sorted out the OE backup > that may take a day or two


----------



## kevinf80 (Mar 21, 2006)

No need to uninstall SP2 or SP3, also you do not do the repair from Normal mode. You actually boot direct from the CD, just follow the instructions as I posted them. As you state it will be very beneficial to back up any critical data before the repair/install is started.....

Any problems just post back and let me know...

Kevin....


----------



## speedyzap (Feb 26, 2006)

OK and thanks again


----------



## kevinf80 (Mar 21, 2006)

I`ll always help if I can, also if we get stuck I can also ask other guys to help us both.... lol...


----------



## speedyzap (Feb 26, 2006)

Hi Kev

Not getting much response to my thread in techguy WEB EMAIL section for OE questions

One thing you may be able to help me with...

When we did all our clean ups in the above thread one of them must have deleted all (except for three) of my OE address book email addresses and numerous group emails (thats hundreds of emails). Normally this would have been a disaster, but fortunately I saved two copies of my OE address book WAB files on to a memory stick and my external HD. How do I get it back into my desktop OE ?

Also fortunately I have over half my total of group emails on gmail

(I just checked my wifes address book and that seems to be intact)


----------



## kevinf80 (Mar 21, 2006)

I dont personally use Outlook Express, got the following off my daughter, she has a limited knowledge on the subject...

To import the WAB file from the memory stick to the Windows Address Book on the target computer follow these steps:
1. Open Outlook Express on the target computer.
2. Click on the address book button located on the toolbar or click on the Address book found in the Tools menu.
3. With the Address Book open click on the File menu and hover on Import and then click Address Book (WAB).
4. In the "Select Address Book File to Import from" dialog box, click on the dropdown for "Look in" and select the memory stick drive location in the dropdown menu. Click to select theBackupWAB" file or what ever the name was you assigned the file when exported. Click the Open button to complete the import process.

Your address book contacts should now be listed in the Outlook Express address book on the target computer..

Does that help....


----------



## speedyzap (Feb 26, 2006)

i'm sure that will help - can't try it now - will try later

say thanks to your daughter


----------



## kevinf80 (Mar 21, 2006)

Okey dokey....:up:


----------



## speedyzap (Feb 26, 2006)

Hi Kev

That method for importing the address book file worked perfect. Your daughter will be on here as a TechGuy specialist before you know it

Pass on my thanks

I'm now going to save my wifes address book file 

One thing that puzzles me is that whenever you search for the OE address folder (has an open book image) it usually comes associated with another folder simply called a WAB-File (has a notepad image on it). The one you import is address folder (with the open book image). Do I just ignore the other folder or do I try an import that somehow?

(see attachment for images)


----------



## kevinf80 (Mar 21, 2006)

I would expect the second file to be ignored....


----------



## speedyzap (Feb 26, 2006)

Hi Kev

Just an update

Last we spoke, you thought maybe I should try a windows xp repair on boot up as our last try before a re-format. So I think I said I want to make sure I can save all my OE folders files and hidden files. I saved as much as I could, but am convinced that because of corruptions and multiple account further corruptions that I have quite a few hidden OE folders and may only ever get access to them by preserving my existing corrupt HD. To do that I thought copy the whole HD onto another HD. But that I find requires me to clone the old HD onto another HD - I have several unused IDE HD's I can use for that purpose. Once I have worked out how to clone the original. I can try the boot up windows repair on the clone. If that works great! If not, I can keep the original and clone as back-ups (plug them in my desktop when I need their OE data) and then use another third IDE HD I have spare also as my main HD on the desktop (after installing XP on it)

In the meantime, in jumping between my desktop (with original HD without virus protection) and my laptop for internet use (mainly laptop) I have probably got another virus on my desktop HD. It won't let me gain access to mozilla Firefox browser (google). My Interenet Explorer browser works but firefox won't open up. Can you help there?

After that, I also want to just give my old corrupted desktop HD one more general virus clean up before I try and clone it or boot up repair it.

After I clone it and install a clean third HD with XP - I should be out of your hair for a while
Thanks


----------



## speedyzap (Feb 26, 2006)

Kev

"bump"

In the meantime, in jumping between my desktop (with original HD without virus protection) and my laptop for internet use (mainly laptop) I have probably got another virus on my desktop HD. It won't let me gain access to mozilla Firefox browser (google). My Interenet Explorer browser works but firefox won't open up. Can you help there?

After that, I also want to just give my old corrupted desktop HD one more general virus clean up before I try and clone it or boot up repair it.

Thanks


----------

