# Can't uninstall 'Error Tech'



## django47 (Jun 29, 2010)

Quite a while ago i had 'samsung pc studio3 installed but recently i was unable to close it unless i pressed ctrl-alt-delete and used the task manager to close it. Anyhow i had the bright idea of uninstalling it then reinstall it again.
I googled a site that i could download it from and thats when my troubles began. I managed to sort out most of the problems but the thing i'm stuck with is, when i connect to the internet, I then click on the internet explorer icon and I get "*internet explorrer cannot display the webpage'*, or words to that affect. The only way i can get my igoogle home page is to click on the 'broadband home' link on the 3 connection mamager which puts the 3 homepage on the screen and then if i click the little google icon on the favourites toolbar, thats the only(roundabout) way i can get my browser homepage.
When i tried to download the samsung pc suite i actually downloaded something called *'error teck'* and I tried to uninstall it from the, 'programs and features' list but i got this thing on the screen with a red X and it said something like, "it doesn't exist, cannot be uninstalled" ever since that has been there, all the trouble started and i've run out of ideas.
I came to this forum once before and one of the chaps was really helpful, i hope i'm as lucky this time.


----------



## pip22 (Nov 21, 2004)

Can't find any helpful references to _Error Tech_ or _Error Tek_ software, so it could be malware that you've unwittingly installed. You'll need to post on the malware forum as we aren't allowed to help with malware detection or removal on the windows forums. Malware forum is here: http://forums.techguy.org/54-virus-other-malware-removal/

Please note, I'm only suggesting it may be malware since I can find no information on it. You may not have malware on your system but it needs checking out to be certain.


----------



## django47 (Jun 29, 2010)

pip22 said:


> Can't find any helpful references to _Error Tech_ or _Error Tek_ software, so it could be malware that you've unwittingly installed. You'll need to post on the malware forum as we aren't allowed to help with malware detection or removal on the windows forums. Malware forum is here: http://forums.techguy.org/54-virus-other-malware-removal/
> 
> Please note, I'm only suggesting it may be malware since I can find no information on it. You may not have malware on your system but it needs checking out to be certain.


Thank you for your input. Actually I found the Error Teck web site when I was looking for anything that might help, and I emailed them. They wasn't very helpful, they were more concerned that I should want to uninstall their program, or whatever it's called, and error teck is suppose to repair registry errors and suchlike.

Whether they are above board or not, the fact remains that it will not uninstall in the normal way, and my troubles started right after downloading it.

How I accidentlly downloaded it was, I googled the samsung pc studio suite so I can connect my mobile, but when I found one that looked okay but it had 4 download links, but I didn't actually know which one was for the pc suite. I hovered the curser over each but it didn't help so I chose the one I thought most likely and chose the wrong one.
In the programs and features list, it is listed as *Error Teck 1.4* and the publisher is *Solid Quest Inc'.*
It is very possible that i unwittingly did something that didn't look important at the time, and messed up some settings, but I've gone over it in my head and can't remember exactly what I did.
I have also tried loads of things recomended from help forums such as Microsoft, but nothing helped.


----------



## Ent (Apr 11, 2009)

It is quite common for registry cleaner software to be promoted alongside the software that you actually want to download, and it is often quite difficult to tell exactly which button you need to press. Most people on this forum advise against using registry cleaners at all; they cause huge numbers of problems and they don't bring the benefits they promise either. Still, I don't think I have to convince you not to use registry cleaners.


From installing ErrorTeck in a sandboxed environment on my own machine, I can tell you the following:

The installer creates shortcuts to the software in their usual places on the desktop or start menu.
The program itself is stored in the folder you specified on installation, by default this is C:\Program Files\ErrorTeck
It also modifies a number of files in the Windows directory.
I cannot detect what changes it makes to the registry, though it does make some changes.

There is an uninstaller, located in (by default)
C:\Program Files\ErrorTeck\unins000.exe
You can run this (by navigating to it and doubleclicking on it) even if you can't uninstall through the standard Add/Remove programs interface. It does seem to remove the program, though without knowing exactly what changes the installer made I can't be certain.


Hopefully this will resolve the issues you were having; if not we'll have to see where we can go from here.


----------



## django47 (Jun 29, 2010)

Ent said:


> It is quite common for registry cleaner software to be promoted alongside the software that you actually want to download, and it is often quite difficult to tell exactly which button you need to press. Most people on this forum advise against using registry cleaners at all; they cause huge numbers of problems and they don't bring the benefits they promise either. Still, I don't think I have to convince you not to use registry cleaners.
> 
> From installing ErrorTeck in a sandboxed environment on my own machine, I can tell you the following:
> 
> ...


Thank you for taking the time to help me with this problem. I tried your suggestion but in the end I get the same message as when I try to uninstall it from 'programs'. I kept an image with the 'snipping tool' but I couldn't send it as an attachment, but I'll try and describe it. A red circle with a whiteX on the left side and it says, *File"c:\Program Files\Error Teck\Unins000.dat"does not exist.Cannot uninstall.*
When I click, I nernet Explorer, I get "Internet Explorer cannot display the webpage". I get round it by, when I select '*connect*' on the 3connection manager, I set it to automatically display their home page. That gives me the favourites toolbar, on which I can select, amongst other things, the igoogle icon which brings up my usual _home_ _page._ I did check internet options and igoogle is still listed as my home page.
You are absolutely right about the 'download' buttons, in fact there were 4 of them, but I admit that their were 2 main ones that stuck out, bigger than the others, so I had to choose, and, sods law, I picked the wrong one. I have tried several times to find the download for the samsung pc suite but they are all the same.I believe thats why the download is free, they probably get paid to bring them unwitting customers who download their stuff thats always connected to advertising somewhere along the line. The trouble is, it's impossible to know which is the correct button to select, and in doing so, theirs no knowing what trouble we bring upon ourselves with unknown entities.(sorry I ran a bit off track there).


----------



## Ent (Apr 11, 2009)

I too am struggling to find an official download source for PC studio on the Samsung website. Part of the problem is that there are actually different versions of the software for different phones, so making sure that a download site is not only legitimate but also compatible with your phone is no easy matter.

I'll ask if the malware team would take this one on. Whether or not it is this ErrorTeck, some of what you're describing sounds very much like the effects of malware.

For the record, you can find instructions on how to upload a screenshot in this library article. 
http://library.techguy.org/wiki/TSG_Posting_a_Screenshot


----------



## eddie5659 (Mar 19, 2001)

Hiya

Lets see if anything stands out as malware related 

Can you run this for me:

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


If it looks dodgy, I'll move it to the Malware forum 

eddie


----------



## captainron276 (Sep 11, 2010)

You could try Revo to get rid of your program. I have used this when my Windows uninstaller failed to work. Use the Freeware version.

http://www.revouninstaller.com/revo_uninstaller_free_download.html

I would also do what Eddy5659 has suggested.


----------



## django47 (Jun 29, 2010)

eddie5659 said:


> Hiya
> 
> Lets see if anything stands out as malware related
> 
> ...


Hi,
I clicked on the OTL link on your message and a warning came on the screen which said, *OTL.exe is not* *commonly downloaded and could harm your computer*. So I didn't take any chances, I've done enough damage already by unwittingly trying to fix things I don't really understand.
This Error Teck that I cant uninstall, is on the start menu>all programs and when I click it , it opens 3 sub menu's, 1. Error Teck. 2. Error Teck on the web. 3. Error Teck uninstall. Number 3 brings up the same warning as trying to uninstall the other ways I tried to. number 2 I was going to try and send a screen image of what happens but when I click on, Manage Attachments, nothing happens. But if I select number 2, I get two windows. The largest is black with nothing on it except along the top of the white border and it says,* c:\Progra~2*\*micros~1\Windows\STARTM~1\programs\ERRORT~1.pif.* The smaller window is white with the same wording plus it also says, *Invalid program file name, please check your pif file.* The two windows come one on top of the other but can be dragged seperately. I don't know what it means, "check pif file". If I select the main Error Teck(no1) I get a bright burnt orange window with a SCAN button. I haven't chanced clicking on the SCAN button in case. I still can't select Internet Explorer without, Internet Explorer cannot display the web page.


----------



## Ent (Apr 11, 2009)

django47 said:


> Hi,
> I clicked on the OTL link on your message and a warning came on the screen which said, *OTL.exe is not* *commonly downloaded and could harm your computer*. So I didn't take any chances, I've done enough damage already by unwittingly trying to fix things I don't really understand.


And such caution is always advisable. 
:up:

However, that message is just a generic one by Internet Explorer, which has no virus scanning capacity, about any program since any program from the net could be malicious and could harm your computer. In this case OTL is a tool developed by one of the most resepected representatives of the antimalware community. 
It runs a quick scan and create a log of various facts about your machine. For example it will record which programs are set to start up with your computer. Clearly most of these will be legitimate, but malware will also have to start up. A trained antimalware helper like eddie can interpret the log and distinguish what's good from what's bad. OTL makes this log in a simple text file that you can post here for eddie to look at.
Unless given specific scripted instructions to repair an infection, OTL makes no changes whatsoever to your computer beyond saving this text file. It doesn't even need to be installed, but runs straight from your desktop. Once the issues are all resolved, OTL is the easiest thing in the world to remove. 

You are understandably nervous about messing where you don't understand, but all the antimalware helpers are very good at explaining exactly what to do to get the machine up and running again. Now, since this is being treated as a malware issue I'll get my nose out of it. I'm not yet trained to deal with such issues.


----------



## eddie5659 (Mar 19, 2001)

Thanks for explaining Ent :up:

Yep, as Ent has mentioned above, this is a tool that everybody in the malware removal community uses, so there is no problems with downloading it.

I still get that message some times, I think its because the tool is updated a lot during the weeks, so it can keep changing in the download details.

Just download it, ignore the message, just click OK.

Then run it as above 

----------------

Also, can you run this for me:

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

And post all logs created by the two programs 

eddie


----------



## django47 (Jun 29, 2010)

I'm having a bit of a problem with this OTL, when I try and run it I get a choice of actions, one is delete and the other is actions so I select actions and a dialog box gives me two choices, delete this program or don't run this program. What am I doing wrong, I tried it 4 times and got same results every time,


----------



## eddie5659 (Mar 19, 2001)

Is that when you're downloading it? Looking at the actual program, there is nothing that says Actions.

Are you downloading directly to the desktop, or trying to run from the internet? If the latter, just download directly to the desktop.

When you get this message popping up:

OTL.exe is not commonly downloaded and could harm your computer

Just carry on downloading, but make sure its not the Download folder, which I think is default for most things, but the actual desktop


----------



## django47 (Jun 29, 2010)

You have probably realised by now that I'm no tech guy so unless it's something I have already done successfuly, I tread with great trepidation and sometimes make the wrong move. 
Anyway, I clicked on the link 'OTL' in your earlier post then at the bottom of the screen (whatever I'm doing at the time) a yellow strip that first says scanning then after a few seconds, Run-Save-Cancel. I select-Run. Then the message changes to the 'commonly downloaded' warning I described earlier with choices, Delete-Actions-View downloads.Oh yea, in the left side of the strip/box a red shield with a white cross. Anyway I select Actions and it produces a box with two choices, Delete or Don't run this program. That is what happens exactly. What am I doing wrong?


----------



## django47 (Jun 29, 2010)

I know you must think I'm a bit of a dork, but things that come as second nature to you, totally baffle me. Is it because I tried to download OTL directly from the link on one of your posts when you first told me about it. I thought that was it because the OTL was in bold red underlined, I assumed that was what I was suppose to do. Or do I look it up on the internet and download it. Also, I'm sorry but I'm not too sure what you mean by, "Downloading it directly to my desktop". 
I really do feel like an idiot, but I'm learning as I go along and this is one of the things I've not come across before and all my Vista books only cover the basics.
In the meantime I'm going to see what I can learn on the internet. I truely am 100% self taught.


----------



## django47 (Jun 29, 2010)

I looked on the internet for, mbam-setup.exe, but their was so many different web addresses for it, I didn't know which one to pick in case I selected a different one to whichever you recomend.
Anyway I will continue trying and experimenting and keep my fingers crossed and hope for the best. Thanks for all your help and patience and sorry I'm so inexperienced and I hope you don't think I've wasted too much of your time(I probably have though). Everything I learn from you goes into an exercise book for future reference.


----------



## eddie5659 (Mar 19, 2001)

Ah, I see now. Its okay, I know that there are many levels of computer users out there, so I can help you through all of it, and trust me, learning computer stuff is great when its self taught, as you have said as well. Feels a great achievement 

So, when you get the yellow strip that first says scanning then after a few seconds, Run-Save-Cancel, click on the Save and there should be a section to say Save As. Save it to the desktop.

If you do click Save, it normally goes to the default place, which is the Download folder. But, you can then drag it to the desktop after, in Windows Explorer.

Yep, you just click on the link to download it, its a trusted location. 

I'll stay on from now on till 7ish, (its 3.50pm now) so any problems/questions, just ask 

eddie


----------



## eddie5659 (Mar 19, 2001)

For the MBAM, in the post above, I have posted a link:

http://www.malwarebytes.org/mbam-download.php

This is their official site, so best to get it from there


----------



## eddie5659 (Mar 19, 2001)

As for wasting my time, you haven't 

This is my hobby, so helping anyone is what I enjoy


----------



## django47 (Jun 29, 2010)

Thanks a million for still helpinng me. You must have the patience of a saint.
By the way, you asked about the yellow strip at the foot of the page. If you can go back to my post #14, it describes exactly what it says etc. In the meantime, I shall try that link for mbam in your post #18. I did look for it on the internet but there were so many to choose from and in my very limited experience, some of these are slightly misleading and can cause a ton of grief.


----------



## eddie5659 (Mar 19, 2001)

Not when I'm gaming I don't 

For the bar, this is how you normally see it at first:










Then, if you click on Save at the right, there should be the following options, so click Save As:










Then, browse to the desktop as the location and click Save


----------



## django47 (Jun 29, 2010)

Yes, that's the strip, it flashes yellow when it wants to attract the users attention. Anyway I downloaded the malware scan and it detected about 150 malicious software items which is listed in red. But when I click on the exit, I get a message saying, *"A scan is currently in progress. Are you sure you want to close Malwarebites Anti Malware?"*
Also there is a button that says, in bold type, *'Remove Selected'* Should I click on it or not.
By the way I saved it to 'google desktop' but I'm realy not sure how to send you an attachment. I can't see anything that gives me a clue. I have sent pics and text on another forum, but it was set out differently, more like gmail, if you know what I mean.But I'm buggered if I can find it here. Even a dork like me should be able to work that out alone. Unless I select, 'Insert Image' above the text. I wont chance it in case I lose this message. Please put me out of my misery (LOL) and tell me.


----------



## eddie5659 (Mar 19, 2001)

For the malware scan, wait until its completed, and a popup box will appear. Click OK, and then a button in the bottom right should be Show Results. Click on that, select everything in the list by ticking the boxes, then select Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply.

Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

But wait until its finished scanning, or it won't remove everything, or detect it.

--

For the OTL, do this:


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 

Then, right-click inside each log file and Select All, and then do it again, and select Copy. Then, in your reply here, right-click inside the reply and choose Paste.

Or, you can upload each log as follows:

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  )











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *OTL.txt* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










Do the same with Extras.txt as well.


----------



## eddie5659 (Mar 19, 2001)

I'm just letting you know I'll be back tomorrow. Any problems, just let me know and I'll look at them tomorrow


----------



## django47 (Jun 29, 2010)

Thanks for showing me how to send an attachment. The only problem is, when I clicked on the desktop icon, all I got was pre scan. After it finished and I was given the option to save it in different places, most of which was double dutch to me but I couldn't mistake, 'Google Desktop', so thats what I selected. The scan was done so there must be a record of it on this computer some where. I opened the system (c drive to see if I could find it but all I found was, 'uninsta', 4 of them. In fact Malwarebyte is all over this computer, almost everywhere I look, but not the post scan.


----------



## django47 (Jun 29, 2010)

I selected, Go Advanced>Manage Attachments>Browse>Desktop(on another window from my pc)>select the icon for Malwarebytes etc>Open(it automatically goes to the'upload files from your computer)>Upload, it dissapears so I close the window. By now I expect the attachment to accompany my last message, but when I checked the message I couldn't see the attachment, which I expected would be presented like the ones you sent me.
In the meantime I'm going to see if I can save some face and find the scan results and maybe even suss out where I slipped up with the attachment. (Good job I'm an insomniac).


----------



## django47 (Jun 29, 2010)

I couldn't find the scan results so I did it again. I hope it's not a problem but as I was really worried that I might slip up, I saved thje two notepad list of info regarding the scan using 'Works word processor' and both are in one folder sitting in my documents where I know I can access them at any time. I made dead certain that all the info was there before I removed them. Also, just to be 101% sure, before I clicked on, 'Remove Selected', I copied all the results in nine seperate 'Snipping tool' lots which are in my pictures. I wasn't taking any chances, but I can imagine you having a good laugh but in my defence, I stuck to what I know and just had to apply it to something I'm not too sure about. Before I bought this laptop a couple of years ago, I had never in my life been anywhere near a computer so I am a real beginner and for 6 months of that time I was in hospital after being hit up in the air by one car and run over by another. So now I've got plenty of time to learn some IT skills.


----------



## eddie5659 (Mar 19, 2001)

Its okay, we'll work thru this step by step. As they say, a picture tells a thousand words 

So, as you have run MBAM, this is how to get the log and attach it 

Firstly, go to Start | programs, and open up Malware Bytes AntiMalware. Most call it MBAM for short.










Then, click on the Logs tab:










Now, select the log which you removed the files. Normally its the latest one. Click on it to highlight it, then select Open in the bottom left:










Now, a notepad will open up. Mine is blank, but yours will have the 100 or so items in. Click on Edit | Select All:










and then when its all selected, click Edit and this time, Copy:










Now, come along to Tech Support Guy, and at the bottom of your post, will be this, which you'll be used to seeing:










Now, right-click inside the box, and select paste, to produce this:










and then click on Post Quick Reply:


----------



## django47 (Jun 29, 2010)

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.10.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
michael :: MICHAEL-PC [administrator]
Protection: Enabled
10/03/2012 22:29:00
mbam-log-2012-03-10 (22-29-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201482
Time elapsed: 11 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 7
C:\Users\michael\AppData\Roaming\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100 (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-17 08-01-490 (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Program Files\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
Files Detected: 141
C:\Users\michael\Local Settings\Temporary Internet Files\Content.IE5\SAGY3ZPJ\DownloadManager_Setup.exe (PUP.Bundle.Installer.OI) -> No action taken.
C:\Windows\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\spy_ignore.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\Logs\2009-04-16 01-02-030.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\Logs\2009-04-16 18-36-490.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\Logs\2009-04-17 03-10-590.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\Logs\2009-04-18 12-00-000.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\Logs\2009-04-18 12-00-001.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-16 01-06-100\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-17 08-01-490\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-17 08-01-490\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-17 08-01-490\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-17 08-01-490\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\QuarantineW\2009-04-17 08-01-490\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\Results\Evidence.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\Results\Junk.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\Results\Registry.db (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Users\michael\AppData\Roaming\RegTool\Results\Update.db (Rogue.RegTool) -> Quarantined and deleted successfully.
(end)


----------



## django47 (Jun 29, 2010)

I already had MBMA on the start menu, just as well as when I searched programs(2 off) Their wasn't a trace of mbma, so I selected the short cut mbma on the start menu and it tallied with your images you sent, so in fact I actually leap frogged some of the process. Then it was a case of doing a little 'copy and pasting' which I am familiar with as I often use it when I'm searching ebay for something. _Once again thanks for your kindness and patience._
Mick.

*PS.* I was wondering, how long does 'Quarantined' things stay in the computer before they are deleted, is it the same as the recycle bin ?


----------



## eddie5659 (Mar 19, 2001)

Excellent :up:

For the quarantine files, they stay there until you clear the quarantine folder. When we're completely done with all of the removals, if you want to remove them, select the Quarantine tab, and then you can press the Delete All button 

Okay, looks like its removed a program that was malicious, so onto the next tool 

Download OTL from here:

http://oldtimer.geekstogo.com/OTL.exe

As soon as you click on the link, the following bar will appear:










Then, if you click on Save at the right, there should be the following options, so click Save As:










Then, browse to the desktop as the location and click Save










When its downloaded, a red bar will appear. Don't click Run, but the X:










Then, go to the Desktop, and double-click the OTL program. If a box appears asking do you want to run, select *Yes*










Make sure all other windows are closed and to let it run uninterrupted.

Click the Quick Scan button:










The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL, which should be the Desktop.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic, as you did before.


----------



## django47 (Jun 29, 2010)

That red bar is exactly the one at the foot of my screen. I selected 'save as', the desktop dialog box automatically came up for me to click on the save option, but I don't know if anything is happening I waited a while and the red bar hasn't got run on it, just Delete- Actions and View Downloads.
*A short while later*, still nothing happening, nothing changed. Same 3 options.
Because the wording and options are different to your example, I didn't think it was prudent to click on the X before notifying you.

Don't know if it makes any difference but my laptop is Windows Vista home premium 32bit OS, SP2 and browser IE9.


----------



## eddie5659 (Mar 19, 2001)

Hmmmm, it shouldn't make any difference on Vista.

Okay, right-click on this link:

http://oldtimer.geekstogo.com/OTL.exe

And select *Save Taget As*










A box should appear, similar to this:










Browse to the Desktop, by either selecting it on the left, or using the drop-down menu at the top.

Then click *Save* in the bottom right.

It should download straight to the desktop.

------------------------------

Ah, I think I see now. It should only take a min or two, as its very small. Press the *View Downloads.* button, and see if its in there, called OTL.

If not, try the above method (popped that in, and re-read your reply hence this part underneath  )


----------



## django47 (Jun 29, 2010)

Hi Eddie (hope you don't mind me calling you that), 
Anyway, I right clicked your link and selected *'Save Target as'*. A window came up with, very top left, *Save as* and in the address bar,* Desktop* and bottom right, *save.* No problem so far, just for some reason, my computer was a couple of steps ahead of me. Anyhow, I clicked the* save* button and I get a popup telling me,* "OTL already exists, do you want to replace it".* 
So if it is already in my files somewhere, how do I locate it and what do I do after.
By the way, sorry I'm late in starting, half of my life is spent in doctors surgeries while the nurse changes my dressings every other day. It totally mucks my day up.
In the meantime, I will have a scout round to see if I can locate the OTL file.


----------



## django47 (Jun 29, 2010)

*PS*. There is an OTL shortcut icon already on my desktop and if I double click it, an OTL box with *run* or *Cancel* options. Is that the one we want and should I click the* run* option ?


----------



## eddie5659 (Mar 19, 2001)

Sorry for the delay, I tend to work late once a week.

Its okay to call me eddie, and there is no need to worry about starting late in computers. My mum is new to them as well, when I try to explain something I think is simple, I easily forget that we were all beginners once 

Now, you have found the OTL icon, so when you double-click on it, select the *Run* option. Then, you should get the window open as I showed above in the screenshots 

It's 11.30pm here, so will be back tomorrow at 6ish


----------



## django47 (Jun 29, 2010)

OTL logfile created on: 13/03/2012 07:01:57 - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\michael\Documents\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 41.72% Memory free
6.19 Gb Paging File | 4.65 Gb Available in Paging File | 75.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92.21 Gb Total Space | 43.88 Gb Free Space | 47.59% Space Free | Partition Type: NTFS
Drive D: | 45.12 Gb Total Space | 41.28 Gb Free Space | 91.48% Space Free | Partition Type: NTFS
Drive F: | 22.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MICHAEL-PC | User Name: michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/11 19:11:34 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\michael\Documents\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/28 13:48:00 | 010,035,448 | ---- | M] (3Connect) -- C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/22 17:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/17 12:40:30 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/07/26 21:56:44 | 000,192,512 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2007/07/06 09:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/06/20 12:04:20 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- c:\Program Files\Microsoft Works\WkCalRem.exe
PRC - [2007/05/02 06:08:44 | 000,366,400 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2006/12/08 17:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006/11/18 03:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/22 17:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/12/08 17:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006/11/18 03:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz132)
DRV - [2012/03/13 01:59:11 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B9485B65-8FA2-449E-AAF8-4E8B1C212088}\MpKsl9dae497a.sys -- (MpKsl9dae497a)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/10/30 12:03:59 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/06/23 08:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 11:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 11:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/10/09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2007/07/02 15:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/07/02 15:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/06/13 21:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2006/12/18 22:00:00 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2005/12/21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,019,712 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2005/12/21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/06/02 18:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2003/04/28 18:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\SearchScopes,DefaultScope = {539F07BF-DA7C-4248-A5E1-35F8270CC9E7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0CB303D5-87FF-42ED-BA49-E40D60ED4938}: "URL" = http://www.alexa.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{539F07BF-DA7C-4248-A5E1-35F8270CC9E7}: "URL" = http://start.funmoods.com/results.php?f=4&a=adknlg&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...utputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/11/04 21:13:00 | 000,000,000 | ---D | M]

[2012/03/01 10:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - Extension: No name found = C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhpfdkiglaphjhmhojbofcplejkjkoc\3_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe File not found
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [recinfo707] c:\RecInfo\RecInfo.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: techguy.org ([forums] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECDDCD18-CBC6-444C-97D4-A180B408EE0F}: NameServer = 217.171.135.1 217.171.132.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/02/09 17:11:34 | 000,027,750 | R--- | M] () - F:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010/02/09 17:11:34 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{03294061-338b-11e0-97c2-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{03294061-338b-11e0-97c2-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{10bd6b26-42f1-11df-91fa-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{10bd6b26-42f1-11df-91fa-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{132a1fc5-9621-11de-85cf-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{132a1fc5-9621-11de-85cf-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{26c8d121-a657-11df-b2ed-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{26c8d121-a657-11df-b2ed-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{2da9fb02-0681-11e0-9438-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{2da9fb02-0681-11e0-9438-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{35f897b6-14c3-11e0-9bb3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{35f897b6-14c3-11e0-9bb3-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{35f89927-14c3-11e0-9bb3-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{35f89927-14c3-11e0-9bb3-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{35f89929-14c3-11e0-9bb3-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{35f89929-14c3-11e0-9bb3-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{35f8992b-14c3-11e0-9bb3-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{35f8992b-14c3-11e0-9bb3-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{38c18535-e2d2-11df-a145-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{38c18535-e2d2-11df-a145-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{38c18537-e2d2-11df-a145-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{38c18537-e2d2-11df-a145-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{5103a21a-580e-11e1-bc97-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{5103a21a-580e-11e1-bc97-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{51b7addf-6387-11e1-a6e5-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{51b7addf-6387-11e1-a6e5-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{560643aa-5878-11e1-8336-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{560643aa-5878-11e1-8336-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{5d0760d7-82da-11df-828e-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{5d0760d7-82da-11df-828e-001f3c38df7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{662fdf68-afbe-11df-ab4f-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{662fdf68-afbe-11df-ab4f-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{67d3b558-af72-11df-aa01-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67d3b558-af72-11df-aa01-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{73b74944-45c9-11e1-85dd-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{73b74944-45c9-11e1-85dd-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{7580e5af-e05a-11df-8e00-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{7580e5af-e05a-11df-8e00-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{7a16ec3a-418a-11de-a99c-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{7a16ec3a-418a-11de-a99c-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{7cb64ae5-0da1-11df-9747-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{7cb64ae5-0da1-11df-9747-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{8c6f06dc-8586-11dd-940d-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{8c6f06dc-8586-11dd-940d-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{8c6f06f4-8586-11dd-940d-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{8c6f06f4-8586-11dd-940d-000ae4cc5d1a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{9e7d5e4d-f9bb-11df-9cdf-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{9e7d5e4d-f9bb-11df-9cdf-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{afd529f7-8f60-11de-beab-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{afd529f7-8f60-11de-beab-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{b582b637-1beb-11e0-993e-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{b582b637-1beb-11e0-993e-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{bf318507-f50a-11dd-a322-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{bf318507-f50a-11dd-a322-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{bf318508-f50a-11dd-a322-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{bf318508-f50a-11dd-a322-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{cc317092-64f5-11df-9ddc-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{cc317092-64f5-11df-9ddc-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{d12dba44-196a-11e0-a27d-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{d12dba44-196a-11e0-a27d-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{dbe4507d-87af-11dd-9689-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dbe4507d-87af-11dd-9689-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{f9882a89-127d-11e0-86d7-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{f9882a89-127d-11e0-86d7-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{f9882a8c-127d-11e0-86d7-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{f9882a8c-127d-11e0-86d7-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/11 19:11:34 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\michael\Documents\Desktop\OTL.exe
[2012/03/10 23:29:22 | 000,000,000 | ---D | C] -- C:\Users\michael\Documents\New Folder
[2012/03/10 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Malwarebytes
[2012/03/10 17:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/10 17:49:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/10 17:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/07 05:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Downloader
[2012/03/07 05:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Zoom Downloader
[2012/03/07 05:42:52 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Uniblue
[2012/03/07 05:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/03/07 05:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/03/01 11:38:06 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\ErrorTeck
[2012/03/01 11:37:57 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/03/01 11:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ErrorTeck
[2012/03/01 11:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\ErrorTeck
[2012/03/01 10:44:16 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\Birdstep Technology
[2012/03/01 10:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3 Mobile Broadband
[2012/03/01 10:43:46 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2012/03/01 10:43:46 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2012/03/01 10:43:46 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2012/03/01 10:43:46 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2012/03/01 10:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\ZTE_1.2059.0.8
[2012/03/01 10:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband
[2012/03/01 10:09:06 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2012/03/01 10:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\DealPly
[2012/03/01 10:03:05 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2012/03/01 10:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/02/22 15:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/20 00:29:03 | 000,000,000 | ---D | C] -- C:\825cd7fab4744711e7e034
[2012/02/20 00:17:41 | 000,000,000 | ---D | C] -- C:\a5b0474f4ab39058c23d59e7d6d7
[2012/02/19 13:25:38 | 000,000,000 | ---D | C] -- C:\245d5e0fd75db072028a0a100e
[2012/02/18 19:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/02/16 13:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/02/16 08:24:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/02/16 08:24:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/02/16 08:24:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/02/16 07:52:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/02/15 22:38:15 | 000,000,000 | ---D | C] -- C:\f14819c2191d5c47394c
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/13 06:21:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/13 05:24:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 05:24:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 22:20:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/12 21:24:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/12 10:19:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/03/11 19:11:34 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\michael\Documents\Desktop\OTL.exe
[2012/03/11 16:30:53 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\RegTool Startup.job
[2012/03/10 23:28:46 | 000,001,102 | ---- | M] () -- C:\Users\michael\AppData\Roaming\wklnhst.dat
[2012/03/10 17:49:10 | 000,000,936 | ---- | M] () -- C:\Users\michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/03/10 17:49:10 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/10 16:38:19 | 000,000,100 | ---- | M] () -- C:\user.js
[2012/03/10 16:08:38 | 000,000,875 | ---- | M] () -- C:\Users\michael\Documents\Desktop\Norton Installation Files.lnk
[2012/03/06 17:50:22 | 000,554,496 | ---- | M] () -- C:\Users\michael\Documents\Life's a ***** by Micky Sullivan.wps
[2012/03/02 01:45:50 | 000,000,680 | ---- | M] () -- C:\Users\michael\AppData\Local\d3d9caps.dat
[2012/03/01 11:37:57 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\ErrorTeck.lnk
[2012/03/01 11:32:31 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/01 11:32:31 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/01 11:21:52 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/01 10:44:01 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\3Connect.lnk
[2012/03/01 10:44:01 | 000,001,820 | ---- | M] () -- C:\Users\michael\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2012/03/01 09:09:37 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2012/02/29 04:32:41 | 000,000,033 | ---- | M] () -- C:\Windows\Multimedia manager.INI
[2012/02/25 12:36:55 | 000,000,578 | ---- | M] () -- C:\Users\michael\Documents\Desktop\screwfix threshold prices - Shortcut.lnk
[2012/02/17 08:25:30 | 000,295,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/16 13:26:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/02/16 09:43:07 | 000,000,949 | ---- | M] () -- C:\Users\michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/16 09:38:59 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/16 09:38:59 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/16 09:38:42 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/16 04:00:34 | 000,554,496 | ---- | M] () -- C:\Users\michael\Documents\Life's a ***** by Micky Sullivan - Copy.wps
[2012/02/15 20:36:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/02/15 19:34:02 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2012/02/15 19:33:56 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2012/02/15 19:22:58 | 000,589,824 | ---- | M] () -- C:\Windows\SPInstall.etl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/10 17:49:10 | 000,000,936 | ---- | C] () -- C:\Users\michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/03/10 17:49:10 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/01 11:37:57 | 000,000,768 | ---- | C] () -- C:\Users\Public\Desktop\ErrorTeck.lnk
[2012/03/01 10:44:01 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\3Connect.lnk
[2012/03/01 10:44:01 | 000,001,820 | ---- | C] () -- C:\Users\michael\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2012/03/01 10:00:08 | 000,000,100 | ---- | C] () -- C:\user.js
[2012/02/25 12:36:55 | 000,000,578 | ---- | C] () -- C:\Users\michael\Documents\Desktop\screwfix threshold prices - Shortcut.lnk
[2012/02/16 23:42:23 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012/02/16 23:42:23 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012/02/16 23:42:22 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012/02/16 13:26:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/02/16 09:38:42 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/16 07:30:40 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012/02/16 07:30:36 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012/02/16 07:30:36 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2012/02/16 07:29:55 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012/02/16 07:29:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/02/16 07:29:47 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012/02/16 07:28:50 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012/02/16 07:28:45 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012/02/16 07:28:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/02/16 07:28:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/02/16 07:28:13 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012/02/16 07:28:09 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012/02/16 07:28:04 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/02/16 04:01:07 | 000,554,496 | ---- | C] () -- C:\Users\michael\Documents\Life's a ***** by Micky Sullivan - Copy.wps
[2012/02/15 20:36:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/02/15 19:00:31 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2012/02/15 18:59:33 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2012/02/15 18:58:15 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2012/02/15 18:58:13 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2011/11/06 20:42:36 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/06/29 00:14:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/03 18:36:11 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/01/04 21:33:06 | 000,001,940 | ---- | C] () -- C:\Users\michael\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/17 18:36:32 | 000,000,033 | ---- | C] () -- C:\Windows\Multimedia manager.INI

========== LOP Check ==========

[2012/03/09 00:50:00 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Auslogics
[2012/03/01 10:44:16 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Birdstep Technology
[2012/03/09 02:26:26 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\ErrorTeck
[2009/10/22 11:08:05 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Opera
[2012/01/02 23:11:46 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\PDF Software
[2010/03/05 19:05:54 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\PeerNetworking
[2011/10/08 20:41:15 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Sammsoft
[2011/05/23 19:39:03 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\SmartDraw
[2010/08/17 08:40:46 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Template
[2010/09/29 15:47:56 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Tific
[2012/03/07 05:42:52 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Uniblue
[2011/07/13 13:45:36 | 000,000,000 | ---D | M] -- C:\Users\michael\AppData\Roaming\Windows Live Writer
[2012/03/11 16:30:53 | 000,000,358 | ---- | M] () -- C:\Windows\Tasks\RegTool Startup.job
[2012/03/10 13:39:58 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP287FACF
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:B9C96218
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2
< End of report >


----------



## django47 (Jun 29, 2010)

OTL Extras logfile created on: 13/03/2012 07:01:57 - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\michael\Documents\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 41.72% Memory free
6.19 Gb Paging File | 4.65 Gb Available in Paging File | 75.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92.21 Gb Total Space | 43.88 Gb Free Space | 47.59% Space Free | Partition Type: NTFS
Drive D: | 45.12 Gb Total Space | 41.28 Gb Free Space | 91.48% Space Free | Partition Type: NTFS
Drive F: | 22.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MICHAEL-PC | User Name: michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1686153217-2037674464-3788675035-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A86B633-BC38-4725-A2DB-B599B9B2476A}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{3DD94844-B060-4ED5-87F1-BD15AD65865C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{857F386F-7251-463B-A619-58EAAF092ABA}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{A4339A84-F985-462C-B097-694802FF8EBC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{3536FEA5-95DA-48FF-B58B-F9D5B2A4FACA}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{3AAD93CC-7C8E-4557-85AB-12597D1A97FF}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{F10220D5-7E2C-42E7-9D94-A5E04F422CCE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{3562CE7A-EFB9-4C19-A1A5-2413F250BA24}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{81FDE356-1803-4741-B9DB-17FCAB07A98A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{903A96FB-F8EB-43E3-9CBD-B350B42F3131}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1900_series" = Canon iP1900 series Printer Driver
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F70173C-A1F7-46D9-B2BA-ED8136662D2B}_is1" = ErrorTeck 1.4
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81CD6232-10F5-4832-B3DA-1B88B1571033}" = Nero 7 Essentials
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"900 Puzzle Games" = 900 Puzzle Games
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Canon iP1900 series User Registration" = Canon iP1900 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Picasa2" = Picasa 2
"Puzzle and Board XP Championship" = Puzzle and Board XP Championship
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/03/2012 18:01:51 | Computer Name = michael-PC | Source = MBAMService | ID = 131073
Description =

Error - 10/03/2012 18:01:53 | Computer Name = michael-PC | Source = MBAMService | ID = 131073
Description =

Error - 11/03/2012 12:31:48 | Computer Name = michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/03/2012 12:31:48 | Computer Name = michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/03/2012 12:31:48 | Computer Name = michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/03/2012 12:31:48 | Computer Name = michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/03/2012 12:31:49 | Computer Name = michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/03/2012 12:31:49 | Computer Name = michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/03/2012 18:34:24 | Computer Name = michael-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: b08 Start Time: 01ccffd6e65fdd7e Termination Time: 0

Error - 11/03/2012 19:02:33 | Computer Name = michael-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 01/07/2008 23:39:11 | Computer Name = michael-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 14/07/2008 08:19:33 | Computer Name = michael-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 14/07/2008 09:01:47 | Computer Name = michael-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 02/12/2008 16:44:31 | Computer Name = michael-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

Error - 11/01/2009 07:27:42 | Computer Name = michael-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 24/01/2009 07:30:34 | Computer Name = michael-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 13/02/2009 19:15:25 | Computer Name = michael-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 24/06/2009 13:27:31 | Computer Name = michael-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 26/09/2009 08:28:29 | Computer Name = michael-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 09/03/2012 09:31:02 | Computer Name = michael-PC | Source = Microsoft Antimalware | ID = 2004
Description = %%860 has encountered an error trying to load signatures and will 
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824
Error
Code: 0x80070002 Error description: The system cannot find the file specified. Signature
version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

Error - 09/03/2012 09:51:10 | Computer Name = michael-PC | Source = Microsoft Antimalware | ID = 2004
Description = %%860 has encountered an error trying to load signatures and will 
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824
Error
Code: 0x80070002 Error description: The system cannot find the file specified. Signature
version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

Error - 09/03/2012 09:53:08 | Computer Name = michael-PC | Source = DCOM | ID = 10005
Description =

Error - 09/03/2012 09:53:08 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 09/03/2012 09:53:08 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/03/2012 10:01:24 | Computer Name = michael-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.121.1058.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 09/03/2012 10:34:58 | Computer Name = michael-PC | Source = Microsoft Antimalware | ID = 2004
Description = %%860 has encountered an error trying to load signatures and will 
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824
Error
Code: 0x80070002 Error description: The system cannot find the file specified. Signature
version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

Error - 09/03/2012 10:45:15 | Computer Name = michael-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.121.1058.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 09/03/2012 18:08:26 | Computer Name = michael-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.
Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 11/03/2012 12:30:44 | Computer Name = michael-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 00:38:55 on 11/03/2012 was unexpected.

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Excellent :up:

Okay, I'll have a good look at that tonight, as its 7.22am and have to go to work in 10 mins 

Thanks


----------



## eddie5659 (Mar 19, 2001)

I was in the process of replying, and then I got a blue screen and rebooted 

Oh, the joys of computers 

=======

Okay, I can see that ErrorTeck is still installed, so firstly, can you see if you can use this tool to remove it:

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please *be sure to follow the instructions carefully*.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.
Please download and install Revo Uninstaller Free 
Double click *Revo Uninstaller* to run it.
From the list of programs double click on the listed program(s), or anything similar, to remove it

```
ErrorTeck 1.4
```

When prompted if you want to uninstall click *Yes*.
Be sure the *Moderate* option is selected then click *Next*.
The program will run, If prompted again click *Yes*
When the built-in uninstaller is finished click on *Next*
Once the program has searched for leftovers click *Next*.
Check the *items in bold only* on the list then click *Delete*. You may have to expand some folders by clicking the "+" mark.
When prompted click on *Yes* and then on *Next*.
Put a check on any folders that are found and select *Delete*
When prompted select *Yes* then *Next*
Once done click *Finish*.

=============

After doing that, can you then do this with OTL:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz132)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg
IE - HKCU\..\SearchScopes\{0CB303D5-87FF-42ED-BA49-E40D60ED4938}: "URL" = http://www.alexa.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{539F07BF-DA7C-4248-A5E1-35F8270CC9E7}: "URL" = http://start.funmoods.com/results.ph...q={searchTerms}
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe File not found
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe File not found
O4 - HKLM..\Run: [recinfo707] c:\RecInfo\RecInfo.exe File not found
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O32 - AutoRun File - [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/02/09 17:11:34 | 000,027,750 | R--- | M] () - F:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010/02/09 17:11:34 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{03294061-338b-11e0-97c2-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{03294061-338b-11e0-97c2-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{10bd6b26-42f1-11df-91fa-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{10bd6b26-42f1-11df-91fa-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{132a1fc5-9621-11de-85cf-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{132a1fc5-9621-11de-85cf-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{26c8d121-a657-11df-b2ed-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{26c8d121-a657-11df-b2ed-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{2da9fb02-0681-11e0-9438-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{2da9fb02-0681-11e0-9438-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{35f897b6-14c3-11e0-9bb3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{35f897b6-14c3-11e0-9bb3-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{35f89927-14c3-11e0-9bb3-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{35f89927-14c3-11e0-9bb3-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{35f89929-14c3-11e0-9bb3-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{35f89929-14c3-11e0-9bb3-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{35f8992b-14c3-11e0-9bb3-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{35f8992b-14c3-11e0-9bb3-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{38c18535-e2d2-11df-a145-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{38c18535-e2d2-11df-a145-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{38c18537-e2d2-11df-a145-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{38c18537-e2d2-11df-a145-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{5103a21a-580e-11e1-bc97-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{5103a21a-580e-11e1-bc97-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{51b7addf-6387-11e1-a6e5-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{51b7addf-6387-11e1-a6e5-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{560643aa-5878-11e1-8336-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{560643aa-5878-11e1-8336-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{5d0760d7-82da-11df-828e-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{5d0760d7-82da-11df-828e-001f3c38df7f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{662fdf68-afbe-11df-ab4f-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{662fdf68-afbe-11df-ab4f-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{67d3b558-af72-11df-aa01-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67d3b558-af72-11df-aa01-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{73b74944-45c9-11e1-85dd-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{73b74944-45c9-11e1-85dd-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{7580e5af-e05a-11df-8e00-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{7580e5af-e05a-11df-8e00-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{7a16ec3a-418a-11de-a99c-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{7a16ec3a-418a-11de-a99c-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{7cb64ae5-0da1-11df-9747-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{7cb64ae5-0da1-11df-9747-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{8c6f06dc-8586-11dd-940d-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{8c6f06dc-8586-11dd-940d-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{8c6f06f4-8586-11dd-940d-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{8c6f06f4-8586-11dd-940d-000ae4cc5d1a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{9e7d5e4d-f9bb-11df-9cdf-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{9e7d5e4d-f9bb-11df-9cdf-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{afd529f7-8f60-11de-beab-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{afd529f7-8f60-11de-beab-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{b582b637-1beb-11e0-993e-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{b582b637-1beb-11e0-993e-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{bf318507-f50a-11dd-a322-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{bf318507-f50a-11dd-a322-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{bf318508-f50a-11dd-a322-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{bf318508-f50a-11dd-a322-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{cc317092-64f5-11df-9ddc-001f3c38df7f}\Shell - "" = AutoRun
O33 - MountPoints2\{cc317092-64f5-11df-9ddc-001f3c38df7f}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{d12dba44-196a-11e0-a27d-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{d12dba44-196a-11e0-a27d-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{dbe4507d-87af-11dd-9689-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dbe4507d-87af-11dd-9689-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{f9882a89-127d-11e0-86d7-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{f9882a89-127d-11e0-86d7-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\{f9882a8c-127d-11e0-86d7-000ae4cc5d1a}\Shell - "" = AutoRun
O33 - MountPoints2\{f9882a8c-127d-11e0-86d7-000ae4cc5d1a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/02/09 17:11:34 | 000,084,288 | R--- | M] (Birdstep)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2012/03/01 11:38:06 | 000,000,000 | ---D | C] -- C:\Users\michael\AppData\Roaming\ErrorTeck
[2012/03/01 11:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ErrorTeck
[2012/03/01 11:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\ErrorTeck
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2012/03/01 11:37:57 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\ErrorTeck.lnk
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:B9C96218
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

=================

Any problems/questions, just ask


----------



## django47 (Jun 29, 2010)

Got so far but when I try to uninstall*....File"c:\Program Files\Error Teck\unins000.dat"does not* *exist.Cannot uninstall*

Despite the above message, I do believe that I have followed your instructions and deleted all Error Teck rubbish.
Anyway I shall go back to your post and see what else I must do.


----------



## django47 (Jun 29, 2010)

Damn, damn, damn. After all that, it's still there, on the start menu, on the desktop. The *Error Teck* and *Error Teck on the web* is still there, all thats gone is *Error Teck uninstall*


----------



## eddie5659 (Mar 19, 2001)

That's okay, if you do the second part of my fix, it should remove it 

Its the part about OTL with that long code box to add


----------



## django47 (Jun 29, 2010)

I selected the list of codes, but was unable to paste it in the custom scans/fixes The paste option is greyed out


----------



## django47 (Jun 29, 2010)

Still same thing.. I right click and choose, 'Select all' but when I try and paste it in the, *Custom scans/* *Fixes* area at the lower part of the box, nothing happens. The Paste option is greyed out. I don't know what I should do. I'm pretty sure I'm doing it correctly, as per your instructions, but somethings not right is it.
The first part, I got through ok, all the Bold Print, including the extended stuff "+", all deleted, in spite of the warning, it struggled through to the desired conclusion ( including 'leftovers').
Then, following your guidence, I select the *OTL *icon on the desktop and 'Run' it. Then the very large list below your instructions (#40 your post) is what you want me to paste in the *Custom Scans/Fixes* area Thats correct isn't it ? The Paste option's not available there.


----------



## django47 (Jun 29, 2010)

Please ignore my last couple of posts, I sorted it out. It was just me not doing it right, but eventually I obeyed your instructions to the end and their is one thing I must say, " *Eddie, you sir are a genius* !"

I am so greatfull, thank you very much for your time, your experience and your kind patience. You certainly know your onions when it comes to Information Technology. It proves that you really are a thoroughly decent person, to give your time freely to help people like me who's IT skills are very much lacking. . 
Error Teck has totally gone and I'm sure many other annoying bugs have gone too. Fantastic !
Thanks a million.


----------



## eddie5659 (Mar 19, 2001)

Excellent, good to see its finally gone 

Overtime you will become more confident in the use of computers. This forum is very good for asking help on any issues, and if you're ever stuck, you can always send me a message 

Apart from the malware removal side, which I had training in, computers are all self taught for me.

I still need to do a couple of things, then we can remove the tools we've used.

So, firstly lets make sure there are no leftovers of the things we've removed.

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
*ErrorTeck
*funmoods
:folderfind
*ErrorTeck
*funmoods
:regfind
*ErrorTeck
*funmoods
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

Again, any questions, please ask


----------



## django47 (Jun 29, 2010)

Hi 
many thanks for everything and for comming back to me. I was wondering before I clear out all the bits and pieces which are still on mt pc, would I not be better off to hang on to some of it like for eg Malwarebytes and any scanning tools that I might possibly be able to utilise in the future, should the need arise. I know a lot of it, like the notepad stuff is finished with now. What would you advise me to do please.


----------



## django47 (Jun 29, 2010)

SystemLook 30.07.11 by jpshortstuff
Log created at 16:40 on 15/03/2012 by michael
Administrator - Elevation successful
No Context: filefind
No Context: *ErrorTeck
No Context: *funmoods
========== folderfind ==========
Searching for "*ErrorTeck"
C:\_OTL\MovedFiles\03142012_192638\C_ProgramData\Microsoft\Windows\Start Menu\Programs\ErrorTeck d------ [11:37 01/03/2012]
C:\_OTL\MovedFiles\03142012_192638\C_Users\michael\AppData\Roaming\ErrorTeck d------ [11:38 01/03/2012]
Searching for "*funmoods"
C:\Users\michael\AppData\LocalLow\Funmoods d------ [10:03 01/03/2012]
C:\Users\michael\AppData\LocalLow\Funmoods\Funmoods d------ [10:03 01/03/2012]
========== regfind ==========
Searching for "*ErrorTeck"
No data found.
Searching for "*funmoods"
No data found.
-= EOF =-

Please find above 'Look' files...Thanks Where it says "No dada found," does that mean what I think it does ?


----------



## eddie5659 (Mar 19, 2001)

I prefer to make sure a system is fully clean before I leave it, so that's why I just want to do a little more things, but its 99% nearly there 

Yep, I tend to keep malwareBytes installed, always suggest it when I remove the others, as some of the tools we've used don't really need to be left on there, unless you get another virus/malware, which of course no-one wants 

As for the No Data, yep, it means nothing is there.

So, lets remove them first, and then there is just two more things I want to check with. One will be another tool, and the second is a virus scan online 

--

Okay, so lets remove those entries first. We're going to use OTL again, like before when you ran the fix, but this time it will be pretty small.

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Files
C:\Users\michael\AppData\LocalLow\Funmoods
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

-------------------

Then, can you run this tool. Its very similar to *OTL*, same developer, but this one is called *OTS*.

Download *OTS* to your Desktop and double-click on it to run it 

Make sure you close all other programs and *don't* use the PC while the scan runs. 
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. 
When the scan is complete Notepad will open with the report file loaded in it. 
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it. 
Use the Add Reply button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*

Again, any questions, just ask


----------



## django47 (Jun 29, 2010)

Hi Eddie,
Please find OTL>notepad>custom scan/fixes>run fix. I think it's correct. I shall now procede to the, OTS.

All processes killed
========== FILES ==========
C:\Users\michael\AppData\LocalLow\Funmoods\Funmoods\us\20101003 folder moved successfully.
C:\Users\michael\AppData\LocalLow\Funmoods\Funmoods\us folder moved successfully.
C:\Users\michael\AppData\LocalLow\Funmoods\Funmoods folder moved successfully.
C:\Users\michael\AppData\LocalLow\Funmoods folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\michael\Documents\Desktop\cmd.bat deleted successfully.
C:\Users\michael\Documents\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: michael
->Temp folder emptied: 4630768 bytes
->Temporary Internet Files folder emptied: 38914991 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1058 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2142754 bytes
RecycleBin emptied: 1382817 bytes

Total Files Cleaned = 45.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: michael
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: michael
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.36.3 log created on 03162012_132922
Files\Folders moved on Reboot...
File\Folder C:\Users\michael\AppData\Local\Temp\~DF3FF8.tmp not found!
File\Folder C:\Users\michael\AppData\Local\Temp\~DF3FFD.tmp not found!
File\Folder C:\Users\michael\AppData\Local\Temp\~DF4054.tmp not found!
File\Folder C:\Users\michael\AppData\Local\Temp\~DF4059.tmp not found!
File\Folder C:\Users\michael\AppData\Local\Temp\~DF408A.tmp not found!
File\Folder C:\Users\michael\AppData\Local\Temp\~DF408F.tmp not found!
C:\Users\michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U3M0YRO9\bind[2].htm moved successfully.
C:\Users\michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GNBYLW8Z\1043646-cant-uninstall-error-tech-4[1].htm moved successfully.
C:\Users\michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GA8BRUI4\bind[1].htm moved successfully.
C:\Users\michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GA8BRUI4\mail[1].htm moved successfully.
C:\Users\michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GA8BRUI4\mail[3].htm moved successfully.
Registry entries deleted on Reboot...


----------



## django47 (Jun 29, 2010)

Hi,
back again and hopefullyI can send (compressed) files requested, fingers Xed.


----------



## eddie5659 (Mar 19, 2001)

Thanks 

I'll have a look at that fully tomorrow, as I have to go in 5 mins, as Friday is gaming night 

And its uploaded correctly :up:


----------



## django47 (Jun 29, 2010)

Thanks very much Eddie, I'm glad everything's turned out alright. Good luck with your gaming. TTFN


----------



## eddie5659 (Mar 19, 2001)

Well, the gaming didn't go right at the beginning, kept dying constantly so needed a coolout period. But, after a bit, I got back into it, and enjoyed the night again 

---

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says *"Paste fix here"* and then click the *Run Fix* button.


```
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "CtrlVol" -> [C:\Program Files\Launch Manager\CtrlVol.exe]
YN -> "LaunchAp" -> [C:\Program Files\Launch Manager\LaunchAp.exe]
YN -> "Wbutton" -> [C:\Program Files\Launch Manager\WButton.exe]
```
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the *Ok* button and Notepad will open with a log of actions taken during the fix. Post that information back here.

eddie


----------



## django47 (Jun 29, 2010)

Thanks Eddie. Please find requested notepad info below.

[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CtrlVol deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LaunchAp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Wbutton deleted successfully.
< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 03172012_194440


----------



## eddie5659 (Mar 19, 2001)

Excellent 

Is the computer working okay now? I have a feeling it is, but I'll wait until you reply, then we can remove the tools we've used 

eddie


----------



## django47 (Jun 29, 2010)

Eddie,
my pc is fine, in fact it's better than fine. If I ever bump into you, the drinks are on me. I really am greatful for all the time and patience you devoted to helping me. If I took it to a shop like pc world, it would have cost me a packet, plus I wouldn't have learned anything.
Yes indeed Eddie, everything is great but the only thing that worries me is that I need to download the, Samsung pc Studio 3 Suite. I had it for a couple of years, friends son installed it in a couple of minutes, and it was ok until a little while ago when it started being a problem. The only way I could close it was by using Ctrl-Alt-Delete, task manager. So I decided to uninstall it, then reinstall it. Easier said than done. I was going to download it from one samsung pc etc, but at a certain point the name Funmood came up, but seeing that name rang alarm bells, another really bad one I had trouble with was Fliptoast. Their logo plants itself on top of everything and no matter whats on the screen, that logo is there and the only way to get rid of it is to uninstall it in programs via control panel. All that junk came about one way or the other after trying to download the Samsung pc suite. Their's enough of them to choose from, but I'm not clever enough to tell the good ones from the dodgey ones.


----------



## eddie5659 (Mar 19, 2001)

Good to see its all still okay, and for the removal of tools, can you do this:


Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

Also, remove the following from the Desktop, if still there after doing the above:

*SystemLook*

I would leave MBAM installed, as its a very good program, and update and scan weekly 

I'll post my close out speech in a bit, but with regards to samsung pc studio 3, looking around, there seems to be free versions of number 7 etc, from here:

http://www.softpedia.com/get/Internet/Telephony-SMS-GSM/Samsung-PC-Studio.shtml

Also, upon searching I think I found a site you were looking at, Software-Informer, as I can see a post there just like here 

Which mobile phone do you have, as I may be able to look for you 

There should be a model number on it somewhere.


----------



## django47 (Jun 29, 2010)

Hi Eddie,
Before I start the clearout, thought I would respond to the question about the Samsung pc studio. The Softpedia link, I did try it but for some reason I abandoned the attempt, but can't remember why. I tried a few and if I remember correctly, thats the one i tried twice. I had it on here for ages but the problem I described I tried to uninstall then reinstall, The actual name was, *'Samsung pc studio 3.* The phone is *Samsung SGH-E250.*
Because I have had some real bad experiences downloading for it, I am a bit nervous and dread undoing all the good work you helped me with and going back to square one. 
Anyway, I'm going to do the other things now. Will report back to give an update on my progress, via your instructions. Many thanks.


----------



## django47 (Jun 29, 2010)

Well, that wasn't at all painfull, in fact I hardly had to do anything. A load of stuff has gone from the desktop. All that's left is, Malwarebyte anti.... and, Revo uninstaller and Revo uninstaller Pro. Can the Revo be used if I ever need to uninstall anything and can I use the Malwarebytes if I am ever unfortunate enough to have malware on this pc .


----------



## eddie5659 (Mar 19, 2001)

With regards to Malware bytes, yes you can use it at any time 

Rev Uninstaller - This is a trial version I think, not 100% sure. But it may have limited use, like 30 days of uninstalling, so it may run out.

Now, the phone. Looked at Samsung's website for your phone, SGH-E250, and found it:

http://www.samsung.com/uk/support/model/SGH-E250ZSAXEU-downloads?downloadName=BM-P

If you click on the above link, then on the left is *Software*

And there is version 3.2 of PC Studio 

Now, its an exe file, at the bottom of the 3. Hopefully this screenshot will work 










So, from the above, you can see the exe file on the right, in the circle. If you download that (I have and just virus checked it, and its okay) and install it.

As its direct from Samsung, you should be okay as it will be legit 

Again, any problems, let me know

eddie


----------



## django47 (Jun 29, 2010)

Yet again Eddie, you have come up trumps, Yes, I've got the Samsung PC Studio back as before but minus the 'Gremlins'. The two 'Revo' wot-nots, should I just go to the'Programs+Features' and uninstall both ? They are in the list, I checked. I try as best as I can, not to hoard too much clutter, especially stuff I don't use. If I knew what I was doing, I reckon their is loads of stuff I could manage without. I have set the Disk fragmenter/cleaner set on a weekly scheduel, but I'm sure there's a ton of junk thats no good to me. 
Once again, thanks a million, and I would be greatfull if you could give me your opinion regarding the Revo. If the trial period does run out, will it uninstall and dissapear entirely, or should I dispose of it, via 'Programs+Features'.


----------



## eddie5659 (Mar 19, 2001)

Hi

Sorry for the lateness, have been off ill for a few days, and the weekend was nice so took advantage of it 



> The two 'Revo' wot-nots, should I just go to the'Programs+Features' and uninstall both


Which are they? If you mean the actual program Revo, then the trial period will just run out and you'll have to uninstall it, via Programs and Features 

I'll post my close out speech in a bit after you reply, but any problems/questions in the future, just send me a message 

eddie


----------



## django47 (Jun 29, 2010)

Hi Eddie,
I already uninstalled both the Revo things. All I have left is the 'Malwarebytes Anti malware', on the desktop.
Many thanks for all your help, oh yea, by the way, I used the link you posted for the Samsung pc studio 3. It's the same as the one I had before. It comes in handy, like for instance, Recently I bought a new Microwave combination oven and toaster. I advertised giving my old ones on 'preloved' for free and took photos on my mobile phone and usiing the samsung pc suite was able to upload them to my ad'.
Sorry you've been unwell, hope you are feeling better now. I always get ill at xmas, every xmas as far back as Ibcan remember. Once again, many thanks for all your valuable help. Take care, Micky.


----------



## django47 (Jun 29, 2010)

"Can't uninstall, Error Teck " is now *solved.* Couldn't find, 'Solved' button. Presume it's taken care of. Many thanks to ' techguys' for great help and assistance.


----------



## django47 (Jun 29, 2010)

Sorry to be a pain, but could you help me with something please. Having rid my pc of 'Malware', I found an unnamed folder in my documents. I opened it and it revealed 2 files, both in Microsoft Works and were called, Notepad OTL 1 of 2 and Notepad OTL 2of 2. One is 9 pages of data and the other is 8 pages of data. I believe these were created at some point in the process. I can either remove them from the 'Works History' list ( not quite sure how good this is to totally delete files). Or I can go to the 'documents' and right click the un-named file and select, 'Delete'.
I thought that I was able to retain the 'Malwarebyte Anti malware' to use if I ever need it. I still have the short cut icons on the desktop. If I uninstall the 'notepad OTL 1&2', wont that delete/uninstall it completely. Not that it's a problem, I can always re install it, if ever I need to.
I will look out for a reply for about 3 days or so, then I shall (using my limited know-how) try the 'Programs & features' uninstall method.
Many thanks for reading this.
Mick (django47).


----------



## eddie5659 (Mar 19, 2001)

Glad to hear the main issue is solved, and as for the Solved button, you must have pressed it a while ago, as its currently showing as Solved already 

As for the OTL files that you found, you can delete both. Also, if that's all there is in the folder, just delete the folder. Is it just called *New Folder*? If so, then I think it may have been created when you ran OTL or some of the fixes.

You can right-click on them and select delete 

You already have OTL uninstalled, those are just leftovers.

Keep the MalwareByte Antimalware installed. Update it weekly, and run it, just to be safe. You should only need to run on a *Quick Scan*.

eddie


----------



## django47 (Jun 29, 2010)

Thanks Eddie, I did the right click method, then I checked the Malwarebytes Anti- malware icon on the desktop and I still have the main window with all the options, scan etc.
As far as I can tell, this machine is all working perfectly. Peace of mind, I hold that as the most important trait in all things. Thanks to you I have peace of mind when I use this laptop.
Good luck Eddie and once again, many thanks for all your help.
Mick (django47).


----------



## eddie5659 (Mar 19, 2001)

Godd to hear its all okay 

If you have any questions/problems in the future, just let me know 

eddie


----------



## django47 (Jun 29, 2010)

Thanks Eddie, no disrespect but I hope I don't get in a jam and need help (famous last words).
Anyway many thanks and good luck on your gaming nights.
Micky


----------



## eddie5659 (Mar 19, 2001)

I know what you mean mate, about the problems 

Gaming always goes well, if I can shoot straight 

eddie


----------

