# virus or malware



## JaneDoe999 (Feb 5, 2008)

here is my log from hijack this I have dell inspiron and using windows Xp I keep getting pop ups and computer running extremely slow
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:25:59 PM, on 8/1/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\LTCM Client\ltcmClient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Documents and Settings\geminilady\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\geminilady\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [Search Protection] C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [EPSON WorkForce 435 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHRA.EXE /FU "C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\E_S82.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\geminilady\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download video on this page - res://C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll/300
O8 - Extra context menu item: Download video this links to - res://C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll/301
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Download Video - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - res://C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll/300 (file missing)
O9 - Extra 'Tools' menuitem: Download video on this page - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - res://C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll/300 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342699640281
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: vToolbarUpdater15.4.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9409 bytes


----------



## TechieRanger (Nov 1, 2012)

Hi, and welcome to our malware removal forum!

My name is *Richard* and I'll be happy to help you with your computer problems.

_Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies._

Please note the following:


*The cleaning process is not instant as logs can take time to research*. Sit tight and *please be patient*.
I will be working on your *malware* issues. This may or may not solve *other issues* you may have with your system.
While we are fixing your problems, *do NOT install/re-install any programs or run any fixes or scanners unless told to do so*.
Ensure that your *anti-virus definitions are up-to-date*.
I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive.
Do not back up any Applications (programs). These should be re-installed from the original source CD(s) or website(s).
During the course of our cleanup, please do not do any additional online work or surfing until we have verified that your system is clean.
I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier.
Be sure to follow the directions and run tools/scans in the order listed.
 I will return as soon as possible with more instructions.

Regards,

Richard


----------



## TechieRanger (Nov 1, 2012)

:up: 
Please download *aswMBR.exe* and save it to your Desktop.


Double click *aswMBR.exe* to start the tool. If you use *Windows Vista or 7*, right click and choose '*Run as Administrator*'.
When asked if you want to download *Avast's* virus definitions please select *Yes*.
Click *Scan*
Upon completion of the scan, click *Save log* and save it to your Desktop, and post that log in your next reply for review. * Note - do NOT attempt any Fix yet. *
You will also notice another file created on the Desktop named *MBR.dat*. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


*Next*

Download *OTL* to your Desktop.


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Check the boxes beside *LOP Check* and *Purity Check*.
Under Custom Scan paste this in 
* 
netsvcs 
%SYSTEMDRIVE%\*.exe 
/md5start 
explorer.exe 
winlogon.exe 
Userinit.exe 
svchost.exe 
services.exe 
/md5stop 
%systemroot%\*. /rp /s 
%systemdrive%\$Recycle.Bin|@;true;true;true 
dir "%systemdrive%\*" /S /A:L /C 
DRIVES 
CREATERESTOREPOINT 
*
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.


*In your next reply, please provide the following:*


OTL logs.
aswMBR log.
Update on how your PC is running.

Regards,

Richard


----------



## TechieRanger (Nov 1, 2012)

It has been two days or more since my last post. Do you still need help or more time? 



Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

was away thank you so much for replying. will print out your instructions and attempt to send you info. Again ty


----------



## JaneDoe999 (Feb 5, 2008)

it won't let me open asw.exe it wants to know what program created it


----------



## JaneDoe999 (Feb 5, 2008)

is this the same thing I just scanned this

# AdwCleaner v2.306 - Logfile created 08/11/2013 at 12:19:16
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : geminilady - GEMINILA-D2C265
# Boot Mode : Normal
# Running from : C:\Documents and Settings\geminilady\My Documents\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\Uninstall.exe
File Found : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\bprotector_extensions.sqlite
File Found : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\bprotector_prefs.js
File Found : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\searchplugins\delta.xml
File Found : C:\WINDOWS\system32\roboot.exe
File Found : C:\WINDOWS\Tasks\AmiUpdXp.job
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Documents and Settings\geminilady\Application Data\Babylon
Folder Found : C:\Documents and Settings\geminilady\Application Data\DealPly
Folder Found : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\jetpack
Folder Found : C:\Documents and Settings\geminilady\Application Data\SwvUpdater
Folder Found : C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Gophoto.it
Folder Found : C:\Program Files\SoftwareUpdater

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\InfoAtoms
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Tarma Installer
Key Found : HKU\S-1-5-21-1757981266-1532298954-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKU\S-1-5-21-1757981266-1532298954-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\prefs.js

Found : user_pref("extensions.delta.admin", false);
Found : user_pref("extensions.delta.aflt", "babsst");
Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Found : user_pref("extensions.delta.autoRvrt", "false");
Found : user_pref("extensions.delta.bbDpng", "22");
Found : user_pref("extensions.delta.cntry", "US");
Found : user_pref("extensions.delta.excTlbr", false);
Found : user_pref("extensions.delta.ffxUnstlRst", true);
Found : user_pref("extensions.delta.hdrMd5", "F8BBB1879582C20E9777E21AD8B388D5");
Found : user_pref("extensions.delta.id", "6034340c000000000000001bfc68835f");
Found : user_pref("extensions.delta.instlDay", "15908");
Found : user_pref("extensions.delta.instlRef", "sst");
Found : user_pref("extensions.delta.lastVrsnTs", "1.8.21.511:48:31");
Found : user_pref("extensions.delta.newTab", false);
Found : user_pref("extensions.delta.prdct", "delta");
Found : user_pref("extensions.delta.prtnrId", "delta");
Found : user_pref("extensions.delta.rvrt", "false");
Found : user_pref("extensions.delta.sg", "azb");
Found : user_pref("extensions.delta.smplGrp", "none");
Found : user_pref("extensions.delta.tlbrId", "base");
Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Found : user_pref("extensions.delta.vrsn", "1.8.21.5");
Found : user_pref("extensions.delta.vrsnTs", "1.8.21.511:48:31");
Found : user_pref("extensions.delta.vrsni", "1.8.21.5");
Found : user_pref("extensions.delta_i.babExt", "");
Found : user_pref("extensions.delta_i.babTrack", "affID=122123&tsp=4951");
Found : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v28.0.1500.95

File : C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [9391 octets] - [03/08/2013 17:25:35]
AdwCleaner[R3].txt - [9451 octets] - [03/08/2013 17:26:17]
AdwCleaner[R4].txt - [9382 octets] - [11/08/2013 12:19:16]

########## EOF - C:\AdwCleaner[R4].txt - [9442 octets] ##########


----------



## JaneDoe999 (Feb 5, 2008)

this is the other scan I got

<?xml version="1.0" encoding="UTF-8"?>
<RCPscanlog>
<RCPVERSION>6.21.65.2436</RCPVERSION>
<ScanningDate>Sun. August 11, 2013. 01:21 PM</ScanningDate>
<TotalErrorsFound>476</TotalErrorsFound>
<Scanning Section="ActiveX and COM"><Description>ActiveX and COM objects that are based on libraries no longer on your system.</Description><ErrorsInThisSection>46 Errors</ErrorsInThisSection>
<EntryDetails><Entry>AxsTextCommand Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{BB38FF7F-1DBA-4A6A-A01A-CDF634C120E6} points to the missing ApplicationID {5D9C00D2-42FA-11D4-9C48-00A0C99F6B3C}.</EntryDetails>
<EntryDetails><Entry>DocumentInfo Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{5D9C00E2-42FA-11D4-9C48-00A0C99F6B3C} points to the missing ApplicationID {5D9C00D2-42FA-11D4-9C48-00A0C99F6B3C}.</EntryDetails>
<EntryDetails><Entry>Free Easy Burner 1.0 Type Library</Entry>
The key HKEY_CLASSES_ROOT\TypeLib\{26CCF845-E65F-4750-9670-C544A4F4259C}\1.0\HELPDIR for this type library serves to indicate a help directory, but contains no data. This subkey can be deleted for this type library.</EntryDetails>
<EntryDetails><Entry>GEPlugin Type Library</Entry>
The key HKEY_CLASSES_ROOT\TypeLib\{F9152AEC-3462-4632-8087-EEE3C3CDDA35}\1.0\HELPDIR for this type library serves to indicate a help directory, but contains no data. This subkey can be deleted for this type library.</EntryDetails>
<EntryDetails><Entry>GestureRecognizer Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{639F5AF5-BCED-4369-AC34-360B16D955FD}\TypeLib for this object point to the missing type library {A9214AD5-D848-4b88-A072-207FA1B08357}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>InkObject Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{3EE60F5C-9BAD-4CD8-8E21-AD2D001D06EB}\TypeLib for this object point to the missing type library {194508A0-B8D1-473E-A9B6-851AAF726A6D}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>InkObjectXP Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{C52FF1FD-EB6C-42CF-9140-83DEFECA7E29}\TypeLib for this object point to the missing type library {775B9D31-BF5F-4AFB-8F51-8A88D7F5E3FF}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>InkSettings Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{242025BB-8546-48B6-B9B0-F4406C54ACFC}\TypeLib for this object point to the missing type library {194508A0-B8D1-473E-A9B6-851AAF726A6D}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>ISearch</Entry>
The key HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\TypeLib for this interface points to the missing type library {47A7A4B0-2723-41BA-865E-EBBB7081A602}. This subkey can be deleted for this interface.</EntryDetails>
<EntryDetails><Entry>ISPOpenDocuments</Entry>
The key HKEY_CLASSES_ROOT\Interface\{7EA23D88-569E-4EFD-9851-A1528A7745F9}\ProxyStubClsid32 for this interface points to the missing CLSID {7EA23D88-569E-4EFD-9851-A1528A7745F9}. This subkey can be deleted for this interface.</EntryDetails>
<EntryDetails><Entry>IStatusEvents</Entry>
The key HKEY_CLASSES_ROOT\Interface\{46B89F5A-769D-4792-AD9A-E3755915CBC3}\TypeLib for this interface points to the missing type library {47A7A4B0-2723-41BA-865E-EBBB7081A602}. This subkey can be deleted for this interface.</EntryDetails>
<EntryDetails><Entry>Lattice Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{632A2D3D-86AF-411A-8654-7511B51B3D5F}\TypeLib for this object point to the missing type library {9E52A566-D72F-4342-99B9-DBCA6780385F}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>LexRefBilingualService Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{75C11604-5C51-48B2-B786-DF5E51D10EC6}\TypeLib for this object point to the missing type library {893CD020-4354-4B33-A78D-909EE58BAFAF}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>LexRefBilingualServiceAttribute Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{ABF651A1-0F07-48DF-9FF6-8B1B557669CA}\TypeLib for this object point to the missing type library {893CD020-4354-4B33-A78D-909EE58BAFAF}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>LexRefBilingualTextContext Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{75C11604-5C51-48B2-B786-DF5E51D10EC9}\TypeLib for this object point to the missing type library {893CD020-4354-4B33-A78D-909EE58BAFAF}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>LexRefEnglishStemmer Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{75C11604-5C51-48B2-B786-DF5E51D10EC8}\TypeLib for this object point to the missing type library {893CD020-4354-4B33-A78D-909EE58BAFAF}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>LexRefServiceContainer Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{75C11604-5C51-48B2-B786-DF5E51D10EC7}\TypeLib for this object point to the missing type library {893CD020-4354-4B33-A78D-909EE58BAFAF}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>LexRefServiceManager Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{688B0D3D-AF8F-483C-A712-8F4E9868B8DA}\TypeLib for this object point to the missing type library {893CD020-4354-4B33-A78D-909EE58BAFAF}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>LexRefTfFunctionProvider Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{5591379C-B467-4BCA-B647-A438712504B0}\TypeLib for this object point to the missing type library {893CD020-4354-4B33-A78D-909EE58BAFAF}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>LexRefXml2RTFObject Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{F28D5171-0577-11D4-8F60-00C04F9CF4AC}\TypeLib for this object point to the missing type library {11A3B755-0562-11D4-8F60-00C04F9CF4AC}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>MetAction Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{3CC385AC-95CC-4A75-BF35-AB36AE645BCF}\TypeLib for this object point to the missing type library {D7339B18-0926-46E0-A690-4A538FC1C8F8}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>MetRecog Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{32D85DA2-070B-49A0-9261-E7854457A6D6}\TypeLib for this object point to the missing type library {D7339B18-0926-46E0-A690-4A538FC1C8F8}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>MGIAlbumToSlides Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{2FF27D8A-43C3-4EFB-9C52-07C5834DEF59}\TypeLib for this object point to the missing type library {CD433CC4-EC45-11D2-ACB6-0080C877D9B9}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>MGICatalogItem2 Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{4A96148E-6B39-43F9-8573-A49563D27A00}\TypeLib for this object point to the missing type library {A424F9EA-3E65-4F57-8785-72DACFD69420}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>MGIGamma Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{618A204A-2E9A-495F-A844-1BFA3DDDD087}\TypeLib for this object point to the missing type library {624E518A-8818-49FB-9EB8-10FD50A0222A}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>MGIImagePiecePlugIn Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{21C50D0B-3312-4F78-9CCD-C322B3DBD9ED}\TypeLib for this object point to the missing type library {D398A027-9114-4B94-84A3-DBDD07F3CED7}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>MGIPSFLoader Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{05D1500C-0B12-4DC8-98FC-3A99C527607F}\TypeLib for this object point to the missing type library {654590AE-5701-48E5-B258-24A829C370C6}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>MGISendEmail Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{EB9BF495-3075-4EAB-A921-B45DF90C2A5A}\TypeLib for this object point to the missing type library {67DA4188-1C5F-4660-871A-31B62A53D858}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>MGIStatusBar Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{BDD58C1B-AC93-40F8-9555-2BA42628BE47}\TypeLib for this object point to the missing type library {8771F004-C277-4515-B378-A68EDC50FEE4}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>MGITapestryPlugIn Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{A803C86C-47D8-4D6A-A0A8-38667D8D28BD}\TypeLib for this object point to the missing type library {D75CC02E-21EE-11D4-A711-00E018991672}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>MGITextRender Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{AD810E2C-A45B-485E-821D-B01918FFCE17}\TypeLib for this object point to the missing type library {382CBFC3-9439-4A8D-9BB6-EF8812ED391A}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>Microsoft Common Dialog Control 6.0 (SP6)</Entry>
The key HKEY_CLASSES_ROOT\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\HELPDIR for this type library serves to indicate a help directory, but contains no data. This subkey can be deleted for this type library.</EntryDetails>
<EntryDetails><Entry>Microsoft Internet Transfer Control 6.0 (SP4)</Entry>
The key HKEY_CLASSES_ROOT\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908}\1.0\HELPDIR for this type library serves to indicate a help directory, but contains no data. This subkey can be deleted for this type library.</EntryDetails>
<EntryDetails><Entry>Microsoft Silverlight</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{DFEAF541-F3E1-4c24-ACAC-99C30715084A} points to the missing ApplicationID {83B900D2-51E8-4B67-BD75-643C8F14BBD8}.</EntryDetails>
<EntryDetails><Entry>MiEngine Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{9D13E607-106F-4892-8A83-FF9827C0A3D5}\TypeLib for this object point to the missing type library {BEB70C92-90A2-4166-A7F5-DD648E36594A}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>MiImageLayer Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{8EE4C235-F2CE-4C3B-9ADE-DD68718AE32A}\TypeLib for this object point to the missing type library {4743C1A4-E33C-4495-B873-67AB9EA4E5F9}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>MiRioEventSink Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{5CBAD860-46EE-4193-8FDF-5EF8625E0CA1}\TypeLib for this object point to the missing type library {81BCFB9F-5C3B-404D-B5BF-6BA3F5CE35B7}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>MSOLAP90ErrorLookup</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{07AD8473-5D37-4076-AF40-44FE70B07CD9}\TypeLib for this object point to the missing type library {07AD8473-5D37-4076-AF40-44FE70B07CD9}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>ProductDetector Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{17391F04-D301-4786-BBA9-977D59AC7C65}\TypeLib for this object point to the missing type library {20E5D3A3-E612-4C11-BDB5-570A91975F36}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>RecoManager Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{DE815B00-9460-4F6E-9471-892ED2275EA5}\TypeLib for this object point to the missing type library {9E52A566-D72F-4342-99B9-DBCA6780385F}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>RtpObject Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{DECBDC16-E824-436E-872D-14E8C7BF7D8B}\TypeLib for this object point to the missing type library {887ca720-df84-40e0-bef0-13252008cce8}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>SpellChecker Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{16294F98-2757-4ba6-BFE5-7E7A1C49B16E}\TypeLib for this object point to the missing type library {6A666581-C76B-11D3-8D3D-00207812C40C}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>TabletManager Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{786CDB70-1628-44A0-853C-5D340A499137}\TypeLib for this object point to the missing type library {D48CA453-5D1A-4BF9-B9BA-6CE8CB16F10A}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>UserDictionary Class</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{836FA1B6-1190-4005-B434-7ED921BE2026}\TypeLib for this object point to the missing type library {9E52A566-D72F-4342-99B9-DBCA6780385F}. This subkey can be deleted for this object.</EntryDetails>
<EntryDetails><Entry>{c0164c20-33c8-4f60-bfd1-557e08a93f58}</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{c0164c20-33c8-4f60-bfd1-557e08a93f58}\InprocServer32 points to the missing InprocServer32 C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll. The associated CLSID can be deleted.</EntryDetails>
<EntryDetails><Entry>{ec48db94-98df-4c2f-932f-bbc28af0a316}</Entry>
The key HKEY_CLASSES_ROOT\CLSID\{ec48db94-98df-4c2f-932f-bbc28af0a316}\InprocServer32 points to the missing InprocServer32 C:\Program Files\MSN\MSNCoreFiles\OOBE\obemetal.dll. The associated CLSID can be deleted.</EntryDetails>
</Scanning>
<Scanning Section="File Types"><Description>File types pointing to programs that are no longer on your system.</Description><ErrorsInThisSection>3 Errors</ErrorsInThisSection>
<EntryDetails><Entry>.M2A file (*.m2a)</Entry>
The key HKEY_CLASSES_ROOT\.m2a points to the missing key HKEY_CLASSES_ROOT\3DVideoPlayer_m2a.</EntryDetails>
<EntryDetails><Entry>TOOLBAR.CT3307181</Entry>
The key HKEY_CLASSES_ROOT\Toolbar.CT3307181\CLSID is empty. The associated file type is useless and can be deleted.</EntryDetails>
<EntryDetails><Entry>URL:SpeedUpMyPC Protocol</Entry>
The key HKEY_CLASSES_ROOT\speedupmypc\DefaultIcon points to the missing icon sump.exe,1. The reference should be deleted so that Windows does not try to find the icon.</EntryDetails>
</Scanning>
<Scanning Section="History lists"><Description>Some entries in the Windows and program history lists refer to missing files and can be deleted.</Description><ErrorsInThisSection>38 Errors</ErrorsInThisSection>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .CRX file (*.crx)</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx when you wanted to open a file with the extension .crx. As no data has been written in the key, it can be deleted.</EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .DAT file (*.dat)</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dat when you wanted to open a file with the extension .dat. As no data has been written in the key, it can be deleted.</EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .INX file (*.inx)</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inx when you wanted to open a file with the extension .inx. As no data has been written in the key, it can be deleted.</EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .MD file (*.md)</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.md when you wanted to open a file with the extension .md. As no data has been written in the key, it can be deleted.</EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .MST file (*.mst)</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mst when you wanted to open a file with the extension .mst. As no data has been written in the key, it can be deleted.</EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .MTX file (*.MTX)</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTX when you wanted to open a file with the extension .MTX. As no data has been written in the key, it can be deleted.</EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .O</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.o</EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .PART file (*.part)</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.part when you wanted to open a file with the extension .part. As no data has been written in the key, it can be deleted.</EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .ROLLBACK file (*.rollback)</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rollback when you wanted to open a file with the extension .rollback. As no data has been written in the key, it can be deleted.</EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .SQLITE file (*.sqlite)</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sqlite when you wanted to open a file with the extension .sqlite. As no data has been written in the key, it can be deleted.</EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .SQLITE-SHM file (*.sqlite-shm)</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sqlite-shm when you wanted to open a file with the extension .sqlite-shm. As no data has been written in the key, it can be deleted.</EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .SQLITE-WAL file (*.sqlite-wal)</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sqlite-wal when you wanted to open a file with the extension .sqlite-wal. As no data has been written in the key, it can be deleted.</EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .SQM file (*.sqm)</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sqm when you wanted to open a file with the extension .sqm. As no data has been written in the key, it can be deleted.</EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .TMP file (*.tmp)</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp when you wanted to open a file with the extension .tmp. As no data has been written in the key, it can be deleted.</EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .X8Π file (*.X8π)</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.X8π when you wanted to open a file with the extension .X8π. As no data has been written in the key, it can be deleted.</EntryDetails>
<EntryDetails><Entry>Explorer history list: unneeded entry for the file type .XPI file (*.xpi)</Entry>
The Windows function Open With created the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpi when you wanted to open a file with the extension .xpi. As no data has been written in the key, it can be deleted.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry Amanda Keller- References.docx</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\Desktop\Amanda Keller- References.docx in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\docx. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry baby shoe cake.jpeg</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\baby shoe cake.jpeg in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpeg. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry birds and flowers.jpeg</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\birds and flowers.jpeg in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpeg. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry Car.wmf</Entry>
The registry contains a reference to the missing file C:\Program Files\Moss Bay Software\OfficePrinter 2.0\ART\CLIPART\MACHINES\Car.wmf in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\wmf. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry cigar bands.png</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\cigar bands.png in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\png. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry DocumentImage.ashx.png</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\Downloads\DocumentImage.ashx.png in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\png. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry f4506t.pdf</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\Downloads\f4506t.pdf in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\pdf. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry generate_coupon_newyears.php</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\generate_coupon_newyears.php in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\php. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry hat cake 3.sig</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\hat cake 3.sig in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sig. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry mort.BMP</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\mort.BMP in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\BMP. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry Nasi Lemak Lover Pink Ombre Cake with Rosette Swiss Meringue Buttercream.htm</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\cake ideas\Nasi Lemak Lover Pink Ombre Cake with Rosette Swiss Meringue Buttercream.htm in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\htm. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry Ocean State Job Lot - Preview Coupons.htm</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\Ocean State Job Lot - Preview Coupons.htm in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\htm. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry Pict0022.BMP</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\Pict0022.BMP in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\BMP. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry RetroTreated-Recipe-Letter.pdf</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\RetroTreated-Recipe-Letter.pdf in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\pdf. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry rma_form.pdf</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\Downloads\rma_form.pdf in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\pdf. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry steiner vendor.BMP</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\steiner vendor.BMP in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\BMP. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry Smore Bites _ melissadionne.htm</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\Smore Bites _ melissadionne.htm in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\htm. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry viewer.png</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\viewer.png in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\png. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry wells fargo.BMP</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\wells fargo.BMP in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\BMP. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry WindowsXP-KB936929-SP3-x86-ENU.exe</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry xmas cake.png</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\xmas cake.png in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\png. This invalid entry can be removed.</EntryDetails>
<EntryDetails><Entry>File history list: invalid entry xmas tree cake.jpeg</Entry>
The registry contains a reference to the missing file C:\Documents and Settings\geminilady\My Documents\xmas tree cake.jpeg in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpeg. This invalid entry can be removed.</EntryDetails>
</Scanning>
<Scanning Section="Shared Files"><Description>References and pointers to files in use by more than one application that no longer exist.</Description><ErrorsInThisSection>1 </ErrorsInThisSection>
<EntryDetails><Entry>Missing shared file IE User Assist.</Entry>
The registry contains a reference to the missing shared file {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved.</EntryDetails>
</Scanning>
<Scanning Section="Shortcuts"><Description>Some shortcuts on your system refer to missing targets.</Description><ErrorsInThisSection>41 Errors</ErrorsInThisSection>
<EntryDetails><Entry>15529172 ROSETTI 2012 ann stmnt</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\Downloads\15529172 ROSETTI 2012 ann stmnt.pdf points to the missing target C:\Documents and Settings\geminilady\My Documents\Downloads\15529172 ROSETTI 2012 ann stmnt.pdf and can be deleted.</EntryDetails>
<EntryDetails><Entry>addendum</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\addendum.let points to the missing target C:\Documents and Settings\geminilady\My Documents\addendum.let and can be deleted.</EntryDetails>
<EntryDetails><Entry>American Cake Decorating</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\American Cake Decorating.flv points to the missing target C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\American Cake Decorating.flv and can be deleted.</EntryDetails>
<EntryDetails><Entry>AOL On - Viral 2-Year-Old Titus Basketball Shooting Sensation Returns</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\AOL On - Viral 2-Year-Old Titus Basketball Shooting Sensation Returns.mp4 points to the missing target C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\AOL On - Viral 2-Year-Old Titus Basketball Shooting Sensation Returns.mp4 and can be deleted.</EntryDetails>
<EntryDetails><Entry>Bauble Cakes #1 How to make a bauble cake - by couturecakesbyrose @ CakesDecor.com - cake decorating website2</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\Bauble Cakes #1 How to make a bauble cake - by couturecakesbyrose @ CakesDecor.com - cake decorating website2.flv points to the missing target C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\Bauble Cakes #1 How to make a bauble cake - by couturecakesbyrose @ CakesDecor.com - cake decorating website2.flv and can be deleted.</EntryDetails>
<EntryDetails><Entry>birdcage</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\birdcage.rtf points to the missing target C:\Documents and Settings\geminilady\My Documents\birdcage.rtf and can be deleted.</EntryDetails>
<EntryDetails><Entry>book</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\book.rtf points to the missing target C:\Documents and Settings\geminilady\My Documents\book.rtf and can be deleted.</EntryDetails>
<EntryDetails><Entry>bridal shower idea</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\bridal shower idea.rtf points to the missing target C:\Documents and Settings\geminilady\My Documents\bridal shower idea.rtf and can be deleted.</EntryDetails>
<EntryDetails><Entry>C__DOCUME~1_GEMINI~1_MYDOCU~1_DOWNLO~1_rhode_island[1]</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\C__DOCUME~1_GEMINI~1_MYDOCU~1_DOWNLO~1_rhode_island[1].jpg points to the missing target C:\Documents and Settings\geminilady\My Documents\C__DOCUME~1_GEMINI~1_MYDOCU~1_DOWNLO~1_rhode_island[1].jpg and can be deleted.</EntryDetails>
<EntryDetails><Entry>Cake Decorating How To Handcrafted Sugar Flowers Class</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\Cake Decorating How To Handcrafted Sugar Flowers Class.flv points to the missing target C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\Cake Decorating How To Handcrafted Sugar Flowers Class.flv and can be deleted.</EntryDetails>
<EntryDetails><Entry>check</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\check.JPG points to the missing target C:\Documents and Settings\geminilady\My Documents\check.JPG and can be deleted.</EntryDetails>
<EntryDetails><Entry>DOC493E8DDCD9FD3</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\Downloads\DOC493E8DDCD9FD3.doc points to the missing target C:\Documents and Settings\geminilady\My Documents\Downloads\DOC493E8DDCD9FD3.doc and can be deleted.</EntryDetails>
<EntryDetails><Entry>DOC493E8DDCD9FD3 (1)</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\Downloads\DOC493E8DDCD9FD3 (1).doc points to the missing target C:\Documents and Settings\geminilady\My Documents\Downloads\DOC493E8DDCD9FD3 (1).doc and can be deleted.</EntryDetails>
<EntryDetails><Entry>DOC493E8DDCD9FD3 (2)</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\Downloads\DOC493E8DDCD9FD3 (2).doc points to the missing target C:\Documents and Settings\geminilady\My Documents\Downloads\DOC493E8DDCD9FD3 (2).doc and can be deleted.</EntryDetails>
<EntryDetails><Entry>DOC493E8DDCD9FD3 (3)</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\Downloads\DOC493E8DDCD9FD3 (3).doc points to the missing target C:\Documents and Settings\geminilady\My Documents\Downloads\DOC493E8DDCD9FD3 (3).doc and can be deleted.</EntryDetails>
<EntryDetails><Entry>executor deed 09132012</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\Downloads\executor deed 09132012.doc points to the missing target C:\Documents and Settings\geminilady\My Documents\Downloads\executor deed 09132012.doc and can be deleted.</EntryDetails>
<EntryDetails><Entry>fantasy flowers</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\fantasy flowers.rtf points to the missing target C:\Documents and Settings\geminilady\My Documents\fantasy flowers.rtf and can be deleted.</EntryDetails>
<EntryDetails><Entry>file missing</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\file missing.rtf points to the missing target C:\Documents and Settings\geminilady\My Documents\file missing.rtf and can be deleted.</EntryDetails>
<EntryDetails><Entry>george weiss</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\george weiss.rtf points to the missing target C:\Documents and Settings\geminilady\My Documents\george weiss.rtf and can be deleted.</EntryDetails>
<EntryDetails><Entry>Homemade V8 Recipe</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\recipes\Homemade V8 Recipe.rtf points to the missing target C:\Documents and Settings\geminilady\My Documents\recipes\Homemade V8 Recipe.rtf and can be deleted.</EntryDetails>
<EntryDetails><Entry>Hot Fudge Peanut Butter Pie</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\Hot Fudge Peanut Butter Pie.rtf points to the missing target C:\Documents and Settings\geminilady\My Documents\Hot Fudge Peanut Butter Pie.rtf and can be deleted.</EntryDetails>
<EntryDetails><Entry>How to make gumpaste cherry blossoms-Sugar flowers Creations - YouTube</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\How to make gumpaste cherry blossoms-Sugar flowers Creations - YouTube.flv points to the missing target C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\How to make gumpaste cherry blossoms-Sugar flowers Creations - YouTube.flv and can be deleted.</EntryDetails>
<EntryDetails><Entry>HowardStern.com - Official site of The Howard Stern Show</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\HowardStern.com - Official site of The Howard Stern Show.flv points to the missing target C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\HowardStern.com - Official site of The Howard Stern Show.flv and can be deleted.</EntryDetails>
<EntryDetails><Entry>img005</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\img005.jpg points to the missing target C:\Documents and Settings\geminilady\My Documents\img005.jpg and can be deleted.</EntryDetails>
<EntryDetails><Entry>mort</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\mort.BMP points to the missing target C:\Documents and Settings\geminilady\My Documents\mort.BMP and can be deleted.</EntryDetails>
<EntryDetails><Entry>Owl Cupcake Topper Tutorial</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\Downloads\Owl Cupcake Topper Tutorial.pdf points to the missing target C:\Documents and Settings\geminilady\My Documents\Downloads\Owl Cupcake Topper Tutorial.pdf and can be deleted.</EntryDetails>
<EntryDetails><Entry>Photo0001</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\My Pictures\Photo0001.tif points to the missing target C:\Documents and Settings\geminilady\My Documents\My Pictures\Photo0001.tif and can be deleted.</EntryDetails>
<EntryDetails><Entry>Photo0002</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\My Pictures\Photo0002.tif points to the missing target C:\Documents and Settings\geminilady\My Documents\My Pictures\Photo0002.tif and can be deleted.</EntryDetails>
<EntryDetails><Entry>Profit_Loss_Cleaners</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\Downloads\Profit_Loss_Cleaners.xls points to the missing target C:\Documents and Settings\geminilady\My Documents\Downloads\Profit_Loss_Cleaners.xls and can be deleted.</EntryDetails>
<EntryDetails><Entry>puppy flowers</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\puppy flowers.jpg points to the missing target C:\Documents and Settings\geminilady\My Documents\puppy flowers.jpg and can be deleted.</EntryDetails>
<EntryDetails><Entry>rma pg2</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\rma pg2.rtf points to the missing target C:\Documents and Settings\geminilady\My Documents\rma pg2.rtf and can be deleted.</EntryDetails>
<EntryDetails><Entry>Robin Thicke - Blurred Lines (Ft. T.I. Pharrell) Download HowFlyHipHop</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\Robin Thicke - Blurred Lines (Ft. T.I. Pharrell) Download HowFlyHipHop.mp4 points to the missing target C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\Robin Thicke - Blurred Lines (Ft. T.I. Pharrell) Download HowFlyHipHop.mp4 and can be deleted.</EntryDetails>
<EntryDetails><Entry>Robin Thicke feat. T.I. + Pharrell - Blurred Lines (Official Audio) - YouTube</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\Robin Thicke feat. T.I. + Pharrell - Blurred Lines (Official Audio) - YouTube.mp4 points to the missing target C:\Documents and Settings\geminilady\My Documents\My Videos\RealPlayer Downloads\Robin Thicke feat. T.I. + Pharrell - Blurred Lines (Official Audio) - YouTube.mp4 and can be deleted.</EntryDetails>
<EntryDetails><Entry>strawberry margarita jello shots</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\strawberry margarita jello shots.rtf points to the missing target C:\Documents and Settings\geminilady\My Documents\strawberry margarita jello shots.rtf and can be deleted.</EntryDetails>
<EntryDetails><Entry>Sweet & Spicy Bacon Chicken</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\Sweet & Spicy Bacon Chicken.rtf points to the missing target C:\Documents and Settings\geminilady\My Documents\Sweet & Spicy Bacon Chicken.rtf and can be deleted.</EntryDetails>
<EntryDetails><Entry>temp(11)</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\Downloads\temp(11).pdf points to the missing target C:\Documents and Settings\geminilady\My Documents\Downloads\temp(11).pdf and can be deleted.</EntryDetails>
<EntryDetails><Entry>temp(3)</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\Downloads\temp(3).pdf points to the missing target C:\Documents and Settings\geminilady\My Documents\Downloads\temp(3).pdf and can be deleted.</EntryDetails>
<EntryDetails><Entry>temp(6)</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\Downloads\temp(6).pdf points to the missing target C:\Documents and Settings\geminilady\My Documents\Downloads\temp(6).pdf and can be deleted.</EntryDetails>
<EntryDetails><Entry>temp(8)</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\Downloads\temp(8).pdf points to the missing target C:\Documents and Settings\geminilady\My Documents\Downloads\temp(8).pdf and can be deleted.</EntryDetails>
<EntryDetails><Entry>Three-Year Profit Projections</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\Downloads\Three-Year Profit Projections.xls points to the missing target C:\Documents and Settings\geminilady\My Documents\Downloads\Three-Year Profit Projections.xls and can be deleted.</EntryDetails>
<EntryDetails><Entry>viewer</Entry>
The shortcut C:\Documents and Settings\geminilady\My Documents\viewer.png points to the missing target C:\Documents and Settings\geminilady\My Documents\viewer.png and can be deleted.</EntryDetails>
</Scanning>
<Scanning Section="Add Remove Programs"><Description>Programs listed in the Control Panel are no longer installed, do not have uninstall programs, or have other configuration problems.</Description><ErrorsInThisSection>256 Errors</ErrorsInThisSection>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\ar\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\bg\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\cs\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\da\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\de\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\el\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\es\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\et\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\eu\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\fi\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\fr\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\he\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\hr\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\hu\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\id\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\it\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\ja\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\ko\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\lt\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\lv\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\ms\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\nl\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\no\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\pl\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\pt-BR\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\pt\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\ro\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\ru\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\sk\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\sl\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\sr-Cyrl-CS\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\sr-Latn-CS\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\sv\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\th\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\tr\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\uk\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\vi\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\zh-Hans\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.10411.0\zh-Hant\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\ar\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\bg\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\cs\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\da\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\de\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\el\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\es\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\et\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\eu\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\fi\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\fr\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\he\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\hr\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\hu\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\id\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\it\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\ja\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\ko\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\lt\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\lv\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\ms\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\nl\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\no\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\pl\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\pt-BR\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\pt\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\ro\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\ru\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\sk\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\sl\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\sr-Cyrl-CS\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\sr-Latn-CS\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\sv\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\th\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\tr\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\uk\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\vi\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\zh-Hans\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>c:\Program Files\Microsoft Silverlight\5.1.20125.0\zh-Hant\</Entry>
The key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entryEasy Media Player</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Easy Media Player does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entryM2656353</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\M2656353 does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entryM2656370</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\M2656370 does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entryM2742597</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\M2742597 does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entryMozilla Firefox 14.0.1 (x86 en-US)</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mozilla Firefox 14.0.1 (x86 en-US) does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entryMozilla Firefox 15.0.1 (x86 en-US)</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mozilla Firefox 15.0.1 (x86 en-US) does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entryMozilla Firefox 16.0.1 (x86 en-US)</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mozilla Firefox 16.0.1 (x86 en-US) does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entryMozilla Firefox 16.0.2 (x86 en-US)</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mozilla Firefox 16.0.2 (x86 en-US) does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entryMozilla Firefox 19.0 (x86 en-US)</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mozilla Firefox 19.0 (x86 en-US) does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entryMozilla Firefox 21.0 (x86 en-US)</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mozilla Firefox 21.0 (x86 en-US) does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{05EF7161-807E-4A8B-BAB6-D816B83603D8}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{05EF7161-807E-4A8B-BAB6-D816B83603D8} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{0D198794-96BF-39B1-A387-D3B2D3B7B313}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0D198794-96BF-39B1-A387-D3B2D3B7B313} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{1712CD4B-D6FC-381E-85F9-2F4EC2199F39}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1712CD4B-D6FC-381E-85F9-2F4EC2199F39} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1C3DA126-D523-4089-BCCA-FA46FE34D6F8} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{1C8DFA71-4079-4F02-B8BB-47B12C1A565F}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1C8DFA71-4079-4F02-B8BB-47B12C1A565F} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{1EFE09D3-6C77-4E6D-876F-76CB30D2056C}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1EFE09D3-6C77-4E6D-876F-76CB30D2056C} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{25126BDF-4427-3A23-B8E5-CA9958B01B0D}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{25126BDF-4427-3A23-B8E5-CA9958B01B0D} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{268789C4-53E6-4DDB-8F33-8D0F9E000BEA}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{268789C4-53E6-4DDB-8F33-8D0F9E000BEA} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{26A24AE4-039D-4CA4-87B4-2F83216033FF}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{26A24AE4-039D-4CA4-87B4-2F83216033FF} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{26A24AE4-039D-4CA4-87B4-2F83216035FF}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{26A24AE4-039D-4CA4-87B4-2F83216035FF} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{28E82311-8616-11E1-BEB0-B8AC6F97B88E}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{28E82311-8616-11E1-BEB0-B8AC6F97B88E} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{2D1AC484-E516-408C-8825-ACB1C356AC7A}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2D1AC484-E516-408C-8825-ACB1C356AC7A} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{2F3AB6ED-951C-4CE7-8AC9-8546FDCF1F5A}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2F3AB6ED-951C-4CE7-8AC9-8546FDCF1F5A} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{30300799-4DBD-3380-8B30-96311FA6E0AF}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{30300799-4DBD-3380-8B30-96311FA6E0AF} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{309E2514-29D4-405C-B3B1-14D7231BFA16}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{309E2514-29D4-405C-B3B1-14D7231BFA16} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{3A66FD42-50D2-3E9A-81B5-ECE3E5C3097A}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3A66FD42-50D2-3E9A-81B5-ECE3E5C3097A} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{4582C7EB-93F5-408D-9F29-5A5BE1E76845}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4582C7EB-93F5-408D-9F29-5A5BE1E76845} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{492CD592-87DD-31E9-8083-8665A0256163}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{492CD592-87DD-31E9-8083-8665A0256163} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{494AD45E-E071-4819-8E15-E1041FBFF073}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{494AD45E-E071-4819-8E15-E1041FBFF073} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{5B076A14-F478-3566-BE7A-985C3C629FA4}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5B076A14-F478-3566-BE7A-985C3C629FA4} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{6F8500D2-A80F-3347-9081-B41E71C8592B}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F8500D2-A80F-3347-9081-B41E71C8592B} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{724309E5-E712-426C-B94D-B6B42511C29F}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{724309E5-E712-426C-B94D-B6B42511C29F} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{729FE248-A50D-3F03-8AC0-C58D4BE82187}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{729FE248-A50D-3F03-8AC0-C58D4BE82187} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{7A21C722-F259-4976-B7AA-6658E5FDEDAF}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7A21C722-F259-4976-B7AA-6658E5FDEDAF} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{7A47D0F4-0491-3BED-97BA-6794923696AE}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7A47D0F4-0491-3BED-97BA-6794923696AE} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{81719652-18E0-47B1-9A12-F82BF075D4DB}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{81719652-18E0-47B1-9A12-F82BF075D4DB} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{8678304D-5C5C-33AB-8914-0B0C6D17FF42}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8678304D-5C5C-33AB-8914-0B0C6D17FF42} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{86F7BB71-FE8F-3306-A325-F93EE06417B8}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86F7BB71-FE8F-3306-A325-F93EE06417B8} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{89D6619D-B8BA-311D-B344-CFC09F8C0982}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{89D6619D-B8BA-311D-B344-CFC09F8C0982} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{8F32B14E-F85E-482C-BF8C-C04E1A5ADE4F}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{8F32B14E-F85E-482C-BF8C-C04E1A5ADE4F} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{075C2272-0881-46D3-B3A5-1D83D6940270}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{075C2272-0881-46D3-B3A5-1D83D6940270} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2343F7D1-9E41-4CD7-AC67-264E8E9968BD}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2343F7D1-9E41-4CD7-AC67-264E8E9968BD} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2623A96B-78E5-42CC-AB55-6A3969B32E36}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2623A96B-78E5-42CC-AB55-6A3969B32E36} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{27609E26-63D9-4180-BD50-08837BD3B1DC}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{27609E26-63D9-4180-BD50-08837BD3B1DC} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2F2E7045-D922-4BF4-8F87-1583B61D1D6E}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2F2E7045-D922-4BF4-8F87-1583B61D1D6E} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3069CE04-082C-4669-9BA1-E6AA66330C1F}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3069CE04-082C-4669-9BA1-E6AA66330C1F} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{31C0F635-15AD-4AA3-A3C6-B542B403D0EE}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{31C0F635-15AD-4AA3-A3C6-B542B403D0EE} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{4FB6D8D7-0FD3-4D3F-BBFC-8CB62226BA4E}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{4FB6D8D7-0FD3-4D3F-BBFC-8CB62226BA4E} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5A8732F0-C20F-4A9B-A2A9-66FE7A586C35} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5DB2894C-2DA4-4DEF-A051-795AE799964A}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5DB2894C-2DA4-4DEF-A051-795AE799964A} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5DD3FF90-B302-45B2-A188-C5EA7ACD5D46} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6C4E1D7E-EEB2-4EDE-8B39-9844D8AD9273}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6C4E1D7E-EEB2-4EDE-8B39-9844D8AD9273} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{71190DF4-8724-4A56-9054-AE97FDC57115}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{71190DF4-8724-4A56-9054-AE97FDC57115} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7BCF7F6B-4AC0-4915-83B2-5CFF6BE9BF77}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7BCF7F6B-4AC0-4915-83B2-5CFF6BE9BF77} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{824C8467-C873-4D17-BDA5-80578FBF3D0A}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{824C8467-C873-4D17-BDA5-80578FBF3D0A} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8B689F89-5E1C-4DA9-B2B1-7B3843275596}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8B689F89-5E1C-4DA9-B2B1-7B3843275596} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{ABB5F56F-FC55-4C7E-9622-B8A1E670BAFC}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{ABB5F56F-FC55-4C7E-9622-B8A1E670BAFC} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B4C12F08-B0EF-4CC4-AD5F-381DD62BF640}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B4C12F08-B0EF-4CC4-AD5F-381DD62BF640} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BBE715CA-02FD-4C5A-90BB-440A967DF05E}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BBE715CA-02FD-4C5A-90BB-440A967DF05E} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C8F44A46-5C2F-43D8-A0E7-B32E098EDA63}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C8F44A46-5C2F-43D8-A0E7-B32E098EDA63} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{944167EA-7F89-4705-8DCD-1D63B53141B0}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{944167EA-7F89-4705-8DCD-1D63B53141B0} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{971D6F8B-E8C5-49A4-9ED3-89C010B0D8D2}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{971D6F8B-E8C5-49A4-9ED3-89C010B0D8D2} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{971F11A1-BC0F-3CCB-9703-B73AB0CE4B2D}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{971F11A1-BC0F-3CCB-9703-B73AB0CE4B2D} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{A2746FFE-5C8B-3222-9200-0B6CDFBF1E3C}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A2746FFE-5C8B-3222-9200-0B6CDFBF1E3C} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{A8686D24-1E89-43A1-973E-05A258D2B3F8}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A8686D24-1E89-43A1-973E-05A258D2B3F8} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{AC76BA86-7AD7-0000-2550-7A8C400A1013}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AC76BA86-7AD7-0000-2550-7A8C400A1013} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{AC76BA86-7AD7-0000-2550-7A8C400A1014}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AC76BA86-7AD7-0000-2550-7A8C400A1014} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{AC76BA86-7AD7-0000-2550-7A8C400A1016}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AC76BA86-7AD7-0000-2550-7A8C400A1016} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{AC76BA86-7AD7-0000-2550-7A8C400A1017}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AC76BA86-7AD7-0000-2550-7A8C400A1017} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{AF5D3F34-843A-41BF-A0F3-2FBBA00BA9B9}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AF5D3F34-843A-41BF-A0F3-2FBBA00BA9B9} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{B07A8BC1-B3FB-44D0-887E-A9E62EC61444}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B07A8BC1-B3FB-44D0-887E-A9E62EC61444} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{BDAF4AFB-E207-311F-89A8-796BD2140EEA}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BDAF4AFB-E207-311F-89A8-796BD2140EEA} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{BEEBFC3C-48B1-4A38-A3C5-81BA19DF5F40}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BEEBFC3C-48B1-4A38-A3C5-81BA19DF5F40} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{C184703F-2240-433F-AB0B-37CB7A22530B}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C184703F-2240-433F-AB0B-37CB7A22530B} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{C96D1542-585F-412D-8C5A-0240BDA164B9}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C96D1542-585F-412D-8C5A-0240BDA164B9} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{CE914C4B-AC50-31E8-9DA2-15DB29D8568F}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CE914C4B-AC50-31E8-9DA2-15DB29D8568F} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{CF24EDF1-E236-4332-83CB-4C701A9BCBF0}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CF24EDF1-E236-4332-83CB-4C701A9BCBF0} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{D117DF9C-79B6-3743-BE63-57D060F0C6BE}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D117DF9C-79B6-3743-BE63-57D060F0C6BE} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{D1320F2C-9D04-308D-8E2D-D2547AE97F85}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D1320F2C-9D04-308D-8E2D-D2547AE97F85} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{DAC0309E-07F6-45AD-B5BF-5B0DEF71FFEE}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DAC0309E-07F6-45AD-B5BF-5B0DEF71FFEE} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{DB164C6E-8E4A-4730-97C6-DE8486EB367F}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DB164C6E-8E4A-4730-97C6-DE8486EB367F} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{DF76B188-11DB-43DC-A389-10422995A979}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DF76B188-11DB-43DC-A389-10422995A979} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{E77A53A2-4623-4635-AE7F-702152168EE5}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E77A53A2-4623-4635-AE7F-702152168EE5} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{E7BBBFAA-E787-397A-BB22-EA32EA8D0009}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E7BBBFAA-E787-397A-BB22-EA32EA8D0009} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{EACCC042-848D-4166-9D97-B13D1D108722}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EACCC042-848D-4166-9D97-B13D1D108722} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{ECD82B28-48BE-426C-B55B-6EC022616285}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{ECD82B28-48BE-426C-B55B-6EC022616285} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{F0B7330E-24B8-43EA-8CD6-D114428A1CEC}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F0B7330E-24B8-43EA-8CD6-D114428A1CEC} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Incomplete entry{F4D03C19-DCA0-4B09-83E7-BE3B06C8D4DC}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F4D03C19-DCA0-4B09-83E7-BE3B06C8D4DC} does not contain any data needed by Windows to remove the program or component and can be deleted.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\01c654c0f42a9dc4be93\x86\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Products\000021599B0090400000000000F01FEC\SourceList\Net that points to the missing file c:\01c654c0f42a9dc4be93\x86\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\0cb573b7740c777f7688b01d83\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\B99F5A76ABE52183D8E2CB524109DDF3\SourceList\Net that points to the missing file c:\0cb573b7740c777f7688b01d83\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\15a9d4431bbf0ffaee6fd82ec505\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\2F2AEE7ADCFB45A45A57B7187A686E85\SourceList\Net that points to the missing file c:\15a9d4431bbf0ffaee6fd82ec505\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\18c9c4d3d88edc7bca\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\8F70C675C77718938BFB60A3B67552E4\SourceList\Net that points to the missing file c:\18c9c4d3d88edc7bca\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\1ca681c650e1da026089f65f01\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\7D9BBE18C3713E234B7741C9D80E574E\SourceList\Net that points to the missing file c:\1ca681c650e1da026089f65f01\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\1dfaf8fd1bd0ac02084c1dc17f7f\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\C9FD711D6B973473EB36750D060F6CEB\SourceList\Net that points to the missing file c:\1dfaf8fd1bd0ac02084c1dc17f7f\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\210d250356ada4e87846\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\13CA5F6F338977E3CAE8E819C0BA93EA\SourceList\Net that points to the missing file c:\210d250356ada4e87846\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx20\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\256917180E811B74A9218FB20F574DBD\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx20\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx20\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\BE7C28545F39D804F992A5B51E7E8654\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx20\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx20\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\82B28DCEEB84C6245BB5E60C22162658\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx20\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx20\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\DE6BA3F2C1597EC4A89C5864DFFCF1A5\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx20\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx20\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\5E903427217EC6249BD46B4B52112CF9\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx20\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx20\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\484CA1D2615EC8048852CA1B3C65CAA7\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx20\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx20\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\4C9878626E35BDD4F833D8F0E900B0AE\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx20\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx20\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\2451D69CF585D214C8A52004DB1A469B\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx20\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx20\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Products\DC3BF90CC0D3D2F398A9A6D1762F70F3\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx20\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx20\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\1FDE42FC632E233438BCC407A1B9BC0F\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx20\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx30\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\17AFD8C1970420F48BBB741BC2A165F5\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx30\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx30\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\E0337B0F8B42AE34C86D1D4124A8C1CE\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx30\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx30\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\43F3D5FAA348FB140A3FF2BB0AB09A9B\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx30\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx30\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\E6C461BDA4E80374796CED4868BE63F7\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx30\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx30\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\91C30D4F0ACD90B4387EEBB3608C4DCD\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx30\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx30\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\B8F6D1795C8E4A94E93D980C010B8D2D\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx30\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx30\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Products\0DC1503A46F231838AD88BCDDC8E8F7C\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx30\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx30\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\881B67FDBD11CD343A98012492599A97\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx30\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx30\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\E9030CAD6F70DA545BFBB5D0FE17FFEE\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx30\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx30\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\3D90EFE177C6D6E478F667BC032D50C6\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx30\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx30\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\4152E9034D92C5043B1B417D32B1AF61\SourceList\Net that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx30\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\27c3aaa0bf16b3c6bb50260e2d30280b\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\A40CEE61429B0E7379FC24D2ECCFB136\SourceList\Net that points to the missing file c:\27c3aaa0bf16b3c6bb50260e2d30280b\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\2e033e8533df078065f3db32f5dbda\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\CA1699D599C72A63E90F4376A8DE3548\SourceList\Net that points to the missing file c:\2e033e8533df078065f3db32f5dbda\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\386be2515a1f761584\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\D9166D98AB8BD1133B44FC0CF9C89028\SourceList\Net that points to the missing file c:\386be2515a1f761584\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\3a12a91c49de177dae6de0\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\1A11F179F0CBBCC379307BA30BECB4D2\SourceList\Net that points to the missing file c:\3a12a91c49de177dae6de0\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\3aa35dc664be9c7de2d66e\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\E54DA494170E9184E8511E40F1FB0F37\SourceList\Net that points to the missing file c:\3aa35dc664be9c7de2d66e\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\497ab8fdad209f317687\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\17BB7F68F8EF60333A529FE30E46718B\SourceList\Net that points to the missing file c:\497ab8fdad209f317687\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\4c34c0b6d285602dfe7111d808\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\28C9EA2BB7CD1463FB8C7872C5F46370\SourceList\Net that points to the missing file c:\4c34c0b6d285602dfe7111d808\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\56c87204ca350bf2e7edfe2560779c\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\A8B9D6DC4CBB7AF32BD47DC49E6003FC\SourceList\Net that points to the missing file c:\56c87204ca350bf2e7edfe2560779c\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\57d0660949b488ee7e12673217b97d0f\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\FDB62152724432A38B5EAC99850BB1D0\SourceList\Net that points to the missing file c:\57d0660949b488ee7e12673217b97d0f\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\5831d55aa374736969\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\41A670B5874F6653EBA789C5C326F94A\SourceList\Net that points to the missing file c:\5831d55aa374736969\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\5a04766a7cef632648ba86\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\C3CFBEEB1B8483A43A5C18AB91FDF504\SourceList\Net that points to the missing file c:\5a04766a7cef632648ba86\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\5f22a12cc4cd5bc9e4a547fc72a3539e\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\4A3FC9E53BDA08038AFB79A682437085\SourceList\Net that points to the missing file C:\5f22a12cc4cd5bc9e4a547fc72a3539e\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\60baa913d200c13396\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\D4038768C5C5BA339841B0C0D671FF24\SourceList\Net that points to the missing file c:\60baa913d200c13396\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\66172c32397e3a792b1bae9b44261a\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\AA879D4C8662404369ED692EFA6CF27D\SourceList\Net that points to the missing file c:\66172c32397e3a792b1bae9b44261a\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\66ce35976e57c0558439d2051ec461\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Products\D7314F9862C648A4DB8BE2A5B47BE100\SourceList\Net that points to the missing file c:\66ce35976e57c0558439d2051ec461\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\66ce35976e57c0558439d2051ec461\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\F307481C0422F334BAB073BCA72235B0\SourceList\Net that points to the missing file c:\66ce35976e57c0558439d2051ec461\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\67161617eabc6f8f4470188cd8a0e42a\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\10C3348AF913073358E0783C456992A9\SourceList\Net that points to the missing file c:\67161617eabc6f8f4470188cd8a0e42a\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\67d2aaa498168335b215086f71e8c9d0\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\D32EEBCEE7BAAAD36BB6DC250013891F\SourceList\Net that points to the missing file c:\67d2aaa498168335b215086f71e8c9d0\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\6a9d574fde37169baedcca\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\1CB8A70BBF3B0D4488E79A6EE26C4144\SourceList\Net that points to the missing file c:\6a9d574fde37169baedcca\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\6d7becfc716d451ae1e47ab7ef10\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\379185FC0E7739031ACA0A1303ED99F0\SourceList\Net that points to the missing file c:\6d7becfc716d451ae1e47ab7ef10\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\70225b28f6adfbdff9\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\B4DC2171CF6DE183589FF2E42C91F993\SourceList\Net that points to the missing file c:\70225b28f6adfbdff9\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\70a00994174c7378bc\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\E4C7AE0930F7DF13EB721B9A4BEA65DB\SourceList\Net that points to the missing file c:\70a00994174c7378bc\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\768809a502afc50ce97b3ddfbf0c6a\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\61E02C7BA3A950F36A5B1EA50A29000E\SourceList\Net that points to the missing file c:\768809a502afc50ce97b3ddfbf0c6a\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\83f35e593834a0da5136cabd\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Products\5C1093C35543A0E32A41B090A305076A\SourceList\Net that points to the missing file C:\83f35e593834a0da5136cabd\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\863156ade64beba7e5514a99690956\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\24DF66A32D05A9E3185BCE3E5E3C90A7\SourceList\Net that points to the missing file c:\863156ade64beba7e5514a99690956\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\863156ade64beba7e5514a99690956\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\B4C419EC05CA8E13D92A51BD928D65F8\SourceList\Net that points to the missing file c:\863156ade64beba7e5514a99690956\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\86e5f6d525b2db1e6cc86a534ce164\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\CB4FA93924CE1D83EA28194D7ADE9811\SourceList\Net that points to the missing file c:\86e5f6d525b2db1e6cc86a534ce164\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\98acfea52d157b66ab\x86\</Entry>
The registry contains an entry for the font 3 under HKEY_CLASSES_ROOT\Installer\Products\000021599B0090400000000000F01FEC\SourceList\Net that points to the missing file c:\98acfea52d157b66ab\x86\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\9c5f05815f5ee73179a04db921\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\EFF6472AB8C522232900B0C6FDFBE1C3\SourceList\Net that points to the missing file c:\9c5f05815f5ee73179a04db921\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\a7a368f33c18e665ac3d5ad81a9a711b\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\497891D0FB691B933A783D2B3D7B3B31\SourceList\Net that points to the missing file c:\a7a368f33c18e665ac3d5ad81a9a711b\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\afe0898509173392c7cd9e03007732e4\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\295DC294DD789E13083868560A521636\SourceList\Net that points to the missing file c:\afe0898509173392c7cd9e03007732e4\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\bcbbcbf33fa261ed48799298bd\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\2D0058F6F08A743309184BE1178C95B2\SourceList\Net that points to the missing file c:\bcbbcbf33fa261ed48799298bd\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\c5a3c34a8914c88ae20343cc2cf4\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\410EFE49775EB0132B5D96372AD1A809\SourceList\Net that points to the missing file c:\c5a3c34a8914c88ae20343cc2cf4\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\c6dd49e4fc3f74f9dc0dc402ed9e6b\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Products\D20352A90C039D93DBF6126ECE614057\SourceList\Net that points to the missing file c:\c6dd49e4fc3f74f9dc0dc402ed9e6b\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\c76cb9bd0988cbc7b067d56233ffa558\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\99700303DBD40833B8036913F16A0EFA\SourceList\Net that points to the missing file c:\c76cb9bd0988cbc7b067d56233ffa558\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\cb535c1f416af05b330a7d59\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\05947708707AB683C9B90D252DB05DB4\SourceList\Net that points to the missing file c:\cb535c1f416af05b330a7d59\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\ce92d5d222e51044e1af55cba97cf4\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\52A5BB683CC8EC333A39FC820961282B\SourceList\Net that points to the missing file c:\ce92d5d222e51044e1af55cba97cf4\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\d1e879b77ddd7470915b\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\C2F0231D40D9D803E8D22D45A79EF758\SourceList\Net that points to the missing file c:\d1e879b77ddd7470915b\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\d26a50193a6fb236742f98\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\4F0D74A71940DEB379AB7649296369EA\SourceList\Net that points to the missing file c:\d26a50193a6fb236742f98\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\d65857ca7ff3d2e088c680fc1d5d07\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\244F2594A1C5BE83C8321BE8EF772EC0\SourceList\Net that points to the missing file c:\d65857ca7ff3d2e088c680fc1d5d07\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\de4b02f12e85c248496a93f6ff1102\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\842EF927D05A30F3A80C5CD8B48E1278\SourceList\Net that points to the missing file c:\de4b02f12e85c248496a93f6ff1102\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\IXP06C35.tmp\dotnetfx35\x86\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Products\26DDC2EC4210AC63483DF9D4FCC5B59D\SourceList\Net that points to the missing file C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\IXP06C35.tmp\dotnetfx35\x86\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\ZNW5\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\A433B83A2A0AD634AB0A43EFE515E744\SourceList\Net that points to the missing file C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\ZNW5\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\ZNW6D\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\FA6C3120265590D488C4A2CDCFC8F253\SourceList\Net that points to the missing file C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\ZNW6D\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\~rnsetu1\DOWNLOADER\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Products\BB378CD33EFFFB647910629BEA73F1F9\SourceList\Net that points to the missing file C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\~rnsetu1\DOWNLOADER\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\e0f5e7381eff702b36\</Entry>
The registry contains an entry for the font 2 under HKEY_CLASSES_ROOT\Installer\Patches\B4C419EC05CA8E13D92A51BD928D65F8\SourceList\Net that points to the missing file c:\e0f5e7381eff702b36\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\e0f5e7381eff702b36\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\BB3686E2280450B3BBC202FE614DDB28\SourceList\Net that points to the missing file c:\e0f5e7381eff702b36\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\e0f5e7381eff702b36\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\AAFBBB7E787EA793BB22AE23AED80090\SourceList\Net that points to the missing file c:\e0f5e7381eff702b36\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\f2f92b08a16b3677696534\x86\</Entry>
The registry contains an entry for the font 4 under HKEY_CLASSES_ROOT\Installer\Products\000021599B0090400000000000F01FEC\SourceList\Net that points to the missing file c:\f2f92b08a16b3677696534\x86\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\f2f92b08a16b3677696534\x86\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Products\FD862D959ACC5C44F869E215BB438C92\SourceList\Net that points to the missing file c:\f2f92b08a16b3677696534\x86\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\f7223b6525bafad2f71d3be0a16da076\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\BFA4FADB702EF113988A97B62D41E0AE\SourceList\Net that points to the missing file c:\f7223b6525bafad2f71d3be0a16da076\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\fd94d92ecd4ce542f24bb740f933\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\1B818887191B71232A01A7FCED91ECA4\SourceList\Net that points to the missing file c:\fd94d92ecd4ce542f24bb740f933\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\fe75dab71b5540119ed742c707a465\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\1617FE50E708B8A4AB6B8D618B63308D\SourceList\Net that points to the missing file c:\fe75dab71b5540119ed742c707a465\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\WINDOWS\TEMP\ZNW2EC\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\01E637F8C5E899345A230D0CA0042672\SourceList\Net that points to the missing file C:\WINDOWS\TEMP\ZNW2EC\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\WINDOWS\TEMP\ZNW93\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\488892C6DF19C804D909A5952D2CF91D\SourceList\Net that points to the missing file C:\WINDOWS\TEMP\ZNW93\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\WINDOWS\TEMP\ZNWBF0\</Entry>
The registry contains an entry for the font 1 under HKEY_CLASSES_ROOT\Installer\Patches\CDCD0F0CAE995044DBEAACACDBD3D20F\SourceList\Net that points to the missing file C:\WINDOWS\TEMP\ZNWBF0\.</EntryDetails>
<EntryDetails><Entry>Windows Genuine Advantage Validation Tool (KB892130)</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
<EntryDetails><Entry>{26A24AE4-039D-4CA4-87B4-2F83216039FB}</Entry>
The key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216039FB} points to the incomplete command line under UninstallString and can be deleted.</EntryDetails>
</Scanning>
<Scanning Section="Deep Scan"><Description>Invalid or orphaned references and pathways to system, application, and file settings.</Description><ErrorsInThisSection>47 Errors</ErrorsInThisSection>
<EntryDetails><Entry>Missing File :<DigitalCam>:\PhotoSuite\JerryDownsCollection</Entry>
The registry contains an entry for the font JerryDownsCollection under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit that points to the missing file <DigitalCam>:\PhotoSuite\JerryDownsCollection.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx20\</Entry>
The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx20\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\248a0b9ac2352fa26527402237\dotnetfx30\</Entry>
The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} that points to the missing file c:\248a0b9ac2352fa26527402237\dotnetfx30\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\66ce35976e57c0558439d2051ec461\</Entry>
The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} that points to the missing file c:\66ce35976e57c0558439d2051ec461\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\83f35e593834a0da5136cabd\</Entry>
The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6} that points to the missing file C:\83f35e593834a0da5136cabd\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\c6dd49e4fc3f74f9dc0dc402ed9e6b\</Entry>
The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475} that points to the missing file c:\c6dd49e4fc3f74f9dc0dc402ed9e6b\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\IXP06C35.tmp\dotnetfx35\x86\</Entry>
The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} that points to the missing file C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\IXP06C35.tmp\dotnetfx35\x86\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\nsp19.tmp\7\BuzzdockSetup-Silent.exe</Entry>
The registry contains an entry for the font TizPath under HKEY_LOCAL_MACHINE\software\Tarma Installer\Products\{C049526F-B3EB-4151-9B11-B11F00F53A96} that points to the missing file C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\nsp19.tmp\7\BuzzdockSetup-Silent.exe.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\~rnsetu1\DOWNLOADER\</Entry>
The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F} that points to the missing file C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\~rnsetu1\DOWNLOADER\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\~rnsetu1\UPGRADE\</Entry>
The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB} that points to the missing file C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\~rnsetu1\UPGRADE\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\f2f92b08a16b3677696534\x86\</Entry>
The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{59D268DF-CCA9-44C5-8F96-2E51BB34C829} that points to the missing file c:\f2f92b08a16b3677696534\x86\.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\f2f92b08a16b3677696534\x86\</Entry>
The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE} that points to the missing file c:\f2f92b08a16b3677696534\x86\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\123456</Entry>
The registry contains an entry for the font InstallPath under HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware that points to the missing file C:\Program Files\123456.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\InfoAtoms</Entry>
The registry contains an entry for the font InstallDir under HKEY_LOCAL_MACHINE\software\InfoAtoms that points to the missing file C:\Program Files\InfoAtoms.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\ChineseS.dll</Entry>
The registry contains an entry for the font File0_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10013 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\ChineseS.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\ChineseT.dll</Entry>
The registry contains an entry for the font File0_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10014 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\ChineseT.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\Finnish.dll</Entry>
The registry contains an entry for the font File0_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10006 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\Finnish.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\French.dll</Entry>
The registry contains an entry for the font File0_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10001 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\French.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\German.dll</Entry>
The registry contains an entry for the font File0_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10002 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\German.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\Italian.dll</Entry>
The registry contains an entry for the font File0_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10004 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\Italian.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\Japanese.dll</Entry>
The registry contains an entry for the font File0_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10003 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\Japanese.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\Korean.dll</Entry>
The registry contains an entry for the font File0_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10012 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\Korean.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\Norwegian.dll</Entry>
The registry contains an entry for the font File0_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10007 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\Norwegian.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\Portuguese.dll</Entry>
The registry contains an entry for the font File0_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10011 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\Portuguese.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4ChineseS.dll</Entry>
The registry contains an entry for the font File1_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10013 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4ChineseS.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4ChineseT.dll</Entry>
The registry contains an entry for the font File1_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10014 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4ChineseT.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Finnish.dll</Entry>
The registry contains an entry for the font File1_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10006 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Finnish.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4French.dll</Entry>
The registry contains an entry for the font File1_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10001 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4French.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4German.dll</Entry>
The registry contains an entry for the font File1_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10002 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4German.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Italian.dll</Entry>
The registry contains an entry for the font File1_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10004 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Italian.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Japanese.dll</Entry>
The registry contains an entry for the font File1_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10003 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Japanese.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Korean.dll</Entry>
The registry contains an entry for the font File1_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10012 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Korean.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Norwegian.dll</Entry>
The registry contains an entry for the font File1_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10007 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Norwegian.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Portuguese.dll</Entry>
The registry contains an entry for the font File1_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10011 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Portuguese.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Spanish.dll</Entry>
The registry contains an entry for the font File1_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10005 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Spanish.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Swedish.dll</Entry>
The registry contains an entry for the font File1_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10008 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\PS4Swedish.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\Spanish.dll</Entry>
The registry contains an entry for the font File0_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10005 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\Spanish.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\MGI\MGI PhotoSuite 4\System\Swedish.dll</Entry>
The registry contains an entry for the font File0_Moniker under HKEY_LOCAL_MACHINE\software\MGI\PhotoSuite4\1.0\Liquid Toolkit\Language\10008 that points to the missing file C:\Program Files\MGI\MGI PhotoSuite 4\System\Swedish.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\Mozilla Firefox\components</Entry>
The registry contains an entry for the font Components under HKEY_LOCAL_MACHINE\software\Mozilla\Mozilla Firefox 22.0\extensions that points to the missing file C:\Program Files\Mozilla Firefox\components.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\Mozilla Firefox\plugins</Entry>
The registry contains an entry for the font Plugins under HKEY_LOCAL_MACHINE\software\Mozilla\Mozilla Firefox 22.0\extensions that points to the missing file C:\Program Files\Mozilla Firefox\plugins.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\program files\real\realplayer\cache_db</Entry>
The registry contains an entry for the font under HKEY_LOCAL_MACHINE\software\Classes\SOFTWARE\RealNetworks\RealMediaSDK\6.0\Preferences\CacheFilename that points to the missing file c:\program files\real\realplayer\cache_db.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\program files\real\realplayer\Skins</Entry>
The registry contains an entry for the font under HKEY_LOCAL_MACHINE\software\Classes\SOFTWARE\RealNetworks\RealMediaSDK\6.0\Preferences\SkinsDirectory that points to the missing file c:\program files\real\realplayer\Skins.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\program files\real\realplayer\tcdinfo.dll</Entry>
The registry contains an entry for the font libpath under HKEY_LOCAL_MACHINE\software\Classes\SOFTWARE\RealNetworks\RealJukebox\Search Engines\tcdinfo that points to the missing file c:\program files\real\realplayer\tcdinfo.dll.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\WINDOWS\My Product Name\</Entry>
The registry contains an entry for the font InstallLocation under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726} that points to the missing file C:\WINDOWS\My Product Name\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\WINDOWS\SoftwareDistribution\Download\523086b1f3f24670ca69a8e0aab05e8a\img\</Entry>
The registry contains an entry for the font InstallSource under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-2005-0000-0000-0000000FF1CE} that points to the missing file C:\WINDOWS\SoftwareDistribution\Download\523086b1f3f24670ca69a8e0aab05e8a\img\.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\WINDOWS\System32\ReinstallBackups\ਔ</Entry>
The registry contains an entry for the font ReinstallString under HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ਔ</EntryDetails>
<EntryDetails><Entry>Missing File :C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SAG4ST.EXE</Entry>
The registry contains an entry for the font ADDNET_SET_Path under HKEY_LOCAL_MACHINE\software\EPSON\STM3\Driver\EPSON WorkForce 435 Series that points to the missing file C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SAG4ST.EXE.</EntryDetails>
</Scanning>
<Scanning Section="Current User"><Description>Current User settings for installed programs may differ from System settings, be invalid, or orphaned.</Description><ErrorsInThisSection>44 Errors</ErrorsInThisSection>
<EntryDetails><Entry>Missing File :%temp%\1</Entry>
The registry contains an entry for the font c under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU that points to the missing file %temp%\1.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\Desktop\Amanda Keller- References.docx</Entry>
The registry contains an entry for the font a under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\docx that points to the missing file C:\Documents and Settings\geminilady\Desktop\Amanda Keller- References.docx.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\Desktop\Wedding\Bride and Groom\08-02- JMW_2133 bw.jpg</Entry>
The registry contains an entry for the font ConvertedWallpaper under HKEY_CURRENT_USER\Control Panel\Desktop that points to the missing file C:\Documents and Settings\geminilady\Desktop\Wedding\Bride and Groom\08-02- JMW_2133 bw.jpg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe</Entry>
The registry contains an entry for the font a under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe that points to the missing file C:\Documents and Settings\geminilady\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\Local Settings\Temp\EPSONWorkTemp</Entry>
The registry contains an entry for the font Work Path under HKEY_CURRENT_USER\Software\EPSON\EPSON Scan\ES00C1\Configuration that points to the missing file C:\Documents and Settings\geminilady\Local Settings\Temp\EPSONWorkTemp.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\Local Settings\Temp\EPSONWorkTemp\~TF58.tmp</Entry>
The registry contains an entry for the font TempFile under HKEY_CURRENT_USER\Software\EPSON\EPSON Scan\ES00C1\FFmt\JPEG that points to the missing file C:\Documents and Settings\geminilady\Local Settings\Temp\EPSONWorkTemp\~TF58.tmp.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\baby shoe cake.jpeg</Entry>
The registry contains an entry for the font c under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpeg that points to the missing file C:\Documents and Settings\geminilady\My Documents\baby shoe cake.jpeg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\birds and flowers.jpeg</Entry>
The registry contains an entry for the font b under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpeg that points to the missing file C:\Documents and Settings\geminilady\My Documents\birds and flowers.jpeg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\cake ideas\Nasi Lemak Lover Pink Ombre Cake with Rosette Swiss Meringue Buttercream.htm</Entry>
The registry contains an entry for the font c under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\htm that points to the missing file C:\Documents and Settings\geminilady\My Documents\cake ideas\Nasi Lemak Lover Pink Ombre Cake with Rosette Swiss Meringue Buttercream.htm.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\cigar bands.png</Entry>
The registry contains an entry for the font b under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\png that points to the missing file C:\Documents and Settings\geminilady\My Documents\cigar bands.png.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\Downloads\DocumentImage.ashx.png</Entry>
The registry contains an entry for the font a under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\png that points to the missing file C:\Documents and Settings\geminilady\My Documents\Downloads\DocumentImage.ashx.png.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\Downloads\f4506t.pdf</Entry>
The registry contains an entry for the font c under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\pdf that points to the missing file C:\Documents and Settings\geminilady\My Documents\Downloads\f4506t.pdf.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\Downloads\rma_form.pdf</Entry>
The registry contains an entry for the font b under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\pdf that points to the missing file C:\Documents and Settings\geminilady\My Documents\Downloads\rma_form.pdf.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\generate_coupon_newyears.php</Entry>
The registry contains an entry for the font a under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\php that points to the missing file C:\Documents and Settings\geminilady\My Documents\generate_coupon_newyears.php.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\hat cake 3.sig</Entry>
The registry contains an entry for the font a under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sig that points to the missing file C:\Documents and Settings\geminilady\My Documents\hat cake 3.sig.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\mort.BMP</Entry>
The registry contains an entry for the font i under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\BMP that points to the missing file C:\Documents and Settings\geminilady\My Documents\mort.BMP.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\heart cake.jpg</Entry>
The registry contains an entry for the font 38 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\heart cake.jpg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_1.jpg</Entry>
The registry contains an entry for the font 39 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_1.jpg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_10.jpg</Entry>
The registry contains an entry for the font 40 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_10.jpg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_11.jpg</Entry>
The registry contains an entry for the font 41 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_11.jpg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_12.jpg</Entry>
The registry contains an entry for the font 42 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_12.jpg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_13.jpg</Entry>
The registry contains an entry for the font 43 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_13.jpg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_2.jpg</Entry>
The registry contains an entry for the font 44 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_2.jpg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_3.jpg</Entry>
The registry contains an entry for the font 45 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_3.jpg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_4.jpg</Entry>
The registry contains an entry for the font 46 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_4.jpg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_5.jpg</Entry>
The registry contains an entry for the font 47 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_5.jpg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_6.jpg</Entry>
The registry contains an entry for the font 48 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_6.jpg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_7.jpg</Entry>
The registry contains an entry for the font 49 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_7.jpg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_8.jpg</Entry>
The registry contains an entry for the font 50 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_8.jpg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_9.jpg</Entry>
The registry contains an entry for the font 51 under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Becky\Rooney_Jessica_9.jpg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Photo0001.tif</Entry>
The registry contains an entry for the font File2 under HKEY_CURRENT_USER\Software\MGI\PhotoSuite4\1.0\RecentFileList that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Photo0001.tif.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\My Pictures\Photo0002.tif</Entry>
The registry contains an entry for the font File3 under HKEY_CURRENT_USER\Software\MGI\PhotoSuite4\1.0\RecentFileList that points to the missing file C:\Documents and Settings\geminilady\My Documents\My Pictures\Photo0002.tif.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\Ocean State Job Lot - Preview Coupons.htm</Entry>
The registry contains an entry for the font b under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\htm that points to the missing file C:\Documents and Settings\geminilady\My Documents\Ocean State Job Lot - Preview Coupons.htm.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\Pict0022.BMP</Entry>
The registry contains an entry for the font a under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\BMP that points to the missing file C:\Documents and Settings\geminilady\My Documents\Pict0022.BMP.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\RetroTreated-Recipe-Letter.pdf</Entry>
The registry contains an entry for the font a under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\pdf that points to the missing file C:\Documents and Settings\geminilady\My Documents\RetroTreated-Recipe-Letter.pdf.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\steiner vendor.BMP</Entry>
The registry contains an entry for the font h under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\BMP that points to the missing file C:\Documents and Settings\geminilady\My Documents\steiner vendor.BMP.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\Smore Bites _ melissadionne.htm</Entry>
The registry contains an entry for the font a under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\htm that points to the missing file C:\Documents and Settings\geminilady\My Documents\Smore Bites _ melissadionne.htm.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\viewer.png</Entry>
The registry contains an entry for the font d under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\png that points to the missing file C:\Documents and Settings\geminilady\My Documents\viewer.png.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\wells fargo.BMP</Entry>
The registry contains an entry for the font c under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\BMP that points to the missing file C:\Documents and Settings\geminilady\My Documents\wells fargo.BMP.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\xmas cake.png</Entry>
The registry contains an entry for the font c under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\png that points to the missing file C:\Documents and Settings\geminilady\My Documents\xmas cake.png.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Documents and Settings\geminilady\My Documents\xmas tree cake.jpeg</Entry>
The registry contains an entry for the font a under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\jpeg that points to the missing file C:\Documents and Settings\geminilady\My Documents\xmas tree cake.jpeg.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\Program Files\Moss Bay Software\OfficePrinter 2.0\ART\CLIPART\MACHINES\Car.wmf</Entry>
The registry contains an entry for the font a under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\wmf that points to the missing file C:\Program Files\Moss Bay Software\OfficePrinter 2.0\ART\CLIPART\MACHINES\Car.wmf.</EntryDetails>
<EntryDetails><Entry>Missing File :C:\WINDOWS\system32\syscookies.txt</Entry>
The registry contains an entry for the font under HKEY_CURRENT_USER\Software\RealNetworks\RealPlayer\16.0\Preferences\SystemCookiesPath that points to the missing file C:\WINDOWS\system32\syscookies.txt.</EntryDetails>
<EntryDetails><Entry>Missing File :c:\windows\temp\1</Entry>
The registry contains an entry for the font d under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU that points to the missing file c:\windows\temp\1.</EntryDetails>
</Scanning>
</RCPscanlog>


----------



## JaneDoe999 (Feb 5, 2008)

hopefully last scan this is what I got with otl

OTL logfile created on: 8/11/2013 1:47:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\geminilady\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.97 Mb Total Physical Memory | 477.65 Mb Available Physical Memory | 53.43% Memory free
2.12 Gb Paging File | 1.54 Gb Available in Paging File | 73.03% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 6.27 Gb Free Space | 11.22% Space Free | Partition Type: NTFS

Computer Name: GEMINILA-D2C265 | User Name: geminilady | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\geminilady\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe ()
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe (Systweak)
PRC - C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Documents and Settings\geminilady\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
PRC - C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Documents and Settings\geminilady\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe (Uniblue Systems Ltd)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\pysqlite2._sqlite.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\_elementtree.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\win32api.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\_socket.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\win32ts.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\windows._cacheinvalidation.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\wx._gdi_.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\wx._misc_.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\pythoncom27.dll ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\win32com.shell.shell.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\_ctypes.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\wx._html2.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\_multiprocessing.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\win32profile.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\win32crypt.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\wx._core_.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\_ssl.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\_hashlib.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\PyWinTypes27.dll ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\win32security.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\win32process.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\win32pdh.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\wx._windows_.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\wx._wizard.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\win32file.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\win32inet.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\wx._controls_.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\pyexpat.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\win32event.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\unicodedata.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26124\select.pyd ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll ()
MOD - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a1d221960bf7a0cbfd1f355595f77e83\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\efecb20c44117df86f2eb5f93592fdd8\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\2ac6146a15ceb466f389e373699b3b90\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\4bcddb1b8314edc004a69a5fd85b1146\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll ()
MOD - C:\Program Files\MyPC Backup\GetText.dll ()
MOD - C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll ()
MOD - C:\Program Files\Advanced System Protector\aspsys.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Program Files\Advanced System Protector\System.Data.SQLite.dll ()
MOD - C:\Program Files\Advanced System Protector\unrar.dll ()
MOD - C:\Documents and Settings\geminilady\Application Data\SanDisk\My Vaults\dmBackup.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\WINDOWS\system32\tsd32.dll ()

========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (vToolbarUpdater15.4.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (BackupStack) -- C:\Program Files\MyPC Backup\BackupStack.exe (Just Develop It)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CltMngSvc) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe (Conduit)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (gfibto) -- C:\WINDOWS\system32\drivers\gfibto.sys (GFI Software)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {BB81AB82-DFE8-4E80-AA91-69EE189DA265}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3...M=2&UP=SP801E2A1E-2A75-4FC2-9765-74FE3C05E411
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 D7 84 35 E3 A0 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}
IE - HKCU\..\URLSearchHook: {64d64833-9296-421b-a362-83cfbd6291b6} - C:\Program Files\appmarket-\prxtbappm.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {BB81AB82-DFE8-4E80-AA91-69EE189DA265}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_1&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BB81AB82-DFE8-4E80-AA91-69EE189DA265}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3307181&CUI=UN20313655157727652&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3307181.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "appmarket- Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "appmarket- Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3307181&CUI=UN27506442082542432&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "appmarket- Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3307181&octid=CT3307181&SearchSource=61&CUI=UN27506442082542432&UM=2&UP=SP801E2A1E-2A75-4FC2-9765-74FE3C05E411"
FF - prefs.js..extensions.enabledAddons: %7B55A8EC97-6AF6-442c-877F-11C51DBD162D%7D:1.0.2
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B740B3FD5-4483-469D-BE7F-8555B153BD04%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B64d64833-9296-421b-a362-83cfbd6291b6%7D:10.16.9.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3307181&SearchSource=2&CUI=UN27506442082542432&UM=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{55A8EC97-6AF6-442c-877F-11C51DBD162D}: C:\Program Files\Tomabo\YouTube Video Downloader\YVD_FF.xpi [2012/09/07 23:38:44 | 000,013,126 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/05/19 09:50:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/05/19 09:50:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/07/22 11:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\geminilady\Application Data\Mozilla\Extensions
[2013/08/11 13:16:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\extensions
[2013/08/11 13:16:28 | 000,000,000 | ---D | M] (appmarket-) -- C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\extensions\{64d64833-9296-421b-a362-83cfbd6291b6}
[2013/07/21 06:20:09 | 000,000,000 | ---D | M] (DownloadTerms) -- C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\extensions\[email protected]
[2013/08/11 13:16:28 | 000,000,997 | ---- | M] () -- C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\searchplugins\conduit.xml
[2013/07/22 11:48:48 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\searchplugins\delta.xml
[2013/07/22 11:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/02 21:30:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/07/02 21:30:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/07/21 06:20:07 | 000,000,000 | ---D | M] (DownloadTerms) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/07/22 11:49:48 | 000,000,000 | ---D | M] () -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/07/21 09:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/21 09:29:14 | 000,000,000 | ---D | M] (BasicServe) -- C:\Program Files\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
[2013/07/28 18:04:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/19 09:50:25 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2012/09/07 23:38:44 | 000,013,126 | ---- | M] () (No name found) -- C:\PROGRAM FILES\TOMABO\YOUTUBE VIDEO DOWNLOADER\YVD_FF.XPI

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www1.delta-search.com/?babsrc=HP_ss&mntrId=6034001BFC68835F&affID=122123&tsp=4951
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl\1.11.1.1216_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl\1.11.1.1216_0\.bak
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.3_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib\3_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igljnkmljjbhcellpnjppojkfdfmkjmp\1.0.2_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0\

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (appmarket- Toolbar) - {64d64833-9296-421b-a362-83cfbd6291b6} - C:\Program Files\appmarket-\prxtbappm.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (appmarket- Toolbar) - {64d64833-9296-421b-a362-83cfbd6291b6} - C:\Program Files\appmarket-\prxtbappm.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (appmarket- Toolbar) - {64D64833-9296-421B-A362-83CFBD6291B6} - C:\Program Files\appmarket-\prxtbappm.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Advanced System Protector_startup] C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe (Systweak)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Search Protection] C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe File not found
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [EPSON WorkForce 435 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHRA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [RDReminder] C:\Program Files\RegClean Pro\RegCleanPro.exe (Systweak Inc)
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\geminilady\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKCU..\Run: [SearchProtect] C:\Documents and Settings\geminilady\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC\launcher.exe (Uniblue Systems Ltd)
O4 - HKCU..\Run: [SystweakASP] C:\Program Files\RegClean Pro\SystweakASP.exe (Systweak Inc )
O4 - HKCU..\Run: [WINZIPDUDriverUpdater] C:\Program Files\WinZip Driver Updater\winzipdu.exe (WinZip Computing, S.L. (WinZip Computing))
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\geminilady\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download video on this page - C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O8 - Extra context menu item: Download video this links to - C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O9 - Extra Button: Download Video - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O9 - Extra 'Tools' menuitem : Download video on this page - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1342699152375 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342699640281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE9C6F4A-BA34-4744-91D8-389042017037}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\geminilady\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\geminilady\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/19 07:08:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found


----------



## JaneDoe999 (Feb 5, 2008)

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT 
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2013/08/11 13:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2013/08/11 13:25:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Local Settings\Application Data\WinZip
[2013/08/11 13:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/08/11 13:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/08/11 13:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Start Menu\Programs\MyPC Backup
[2013/08/11 13:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013/08/11 13:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Application Data\WinZip
[2013/08/11 13:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced System Protector
[2013/08/11 13:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip Driver Updater
[2013/08/11 13:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2013/08/11 13:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Protector
[2013/08/11 13:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip Driver Updater
[2013/08/11 13:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Application Data\Uniblue
[2013/08/11 13:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2013/08/11 13:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013/08/11 13:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Application Data\Systweak
[2013/08/11 13:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RegClean Pro
[2013/08/11 13:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro
[2013/08/11 13:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/08/11 13:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Local Settings\Application Data\appmarket-
[2013/08/11 13:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Local Settings\Application Data\Conduit
[2013/08/11 13:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\appmarket-
[2013/08/11 13:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/08/11 13:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Application Data\SearchProtect
[2013/07/30 17:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\My Documents\Rt 9
[2013/07/29 17:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/07/28 18:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/22 12:08:18 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Documents and Settings\geminilady\Local Settings\Application Data\log4cxx.dll
[2013/07/22 12:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2013/07/22 11:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\LessTabs
[2013/07/22 11:49:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Application Data\DealPly
[2013/07/22 11:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater
[2013/07/22 11:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013/07/21 06:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\BasicServe
[2013/07/21 06:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BasicServe
[2013/07/21 06:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Local Settings\Application Data\DownloadTerms
[2013/07/21 06:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Application Data\SwvUpdater
[2013/07/14 22:07:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/11 13:28:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/11 13:25:24 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/08/11 13:20:17 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\geminilady\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/08/11 13:20:05 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\WinZipDriverUpdater_UPDATES.job
[2013/08/11 13:19:25 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\SpeedUpMyPC.job
[2013/08/11 13:19:21 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\geminilady\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2013/08/11 13:19:11 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_UPDATES.job
[2013/08/11 13:19:11 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
[2013/08/11 13:18:14 | 000,000,009 | ---- | M] () -- C:\END
[2013/08/11 13:07:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/11 12:39:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2013/08/11 12:20:32 | 000,010,647 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\asw.rtf
[2013/08/11 12:00:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/08/11 06:54:44 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/08/11 06:49:06 | 000,548,698 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/11 06:49:06 | 000,100,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/11 06:46:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/11 06:46:01 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/08/11 06:46:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/08/11 06:46:01 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/08/11 06:44:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/10 15:01:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2013/08/10 06:42:00 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/08/08 21:09:44 | 000,755,715 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\orgami.rtf
[2013/08/07 18:37:33 | 001,301,701 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\honey lemon.rtf
[2013/08/07 16:24:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
[2013/08/07 09:58:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/08/07 06:57:48 | 004,253,975 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\veiners 1.rtf
[2013/08/06 16:07:03 | 000,000,678 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2013/08/06 09:35:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/08/06 07:23:39 | 004,253,975 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\boo.rtf
[2013/08/04 07:19:08 | 004,253,975 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\roses.rtf
[2013/08/02 10:59:13 | 000,103,936 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\fax cover tom.pub
[2013/08/02 10:58:06 | 000,103,936 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\fax cover MaryAnne.pub
[2013/08/01 09:34:23 | 001,610,279 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\diaper 6.rtf
[2013/08/01 09:31:07 | 010,385,051 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\diaper 5.rtf
[2013/08/01 09:29:40 | 005,513,330 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\diaper 4.rtf
[2013/08/01 09:27:36 | 009,526,179 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\diaper 3.rtf
[2013/08/01 09:27:11 | 010,498,454 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\diaper 2.rtf
[2013/08/01 09:23:55 | 010,385,051 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\diaper 1.rtf
[2013/07/31 15:50:56 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/07/31 12:13:35 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/07/30 17:40:08 | 002,164,140 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\img009.jpg
[2013/07/29 19:39:59 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\convo.rtf
[2013/07/29 17:09:33 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/07/29 12:14:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/07/29 09:19:48 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/07/28 18:05:32 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\geminilady\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/28 18:05:28 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/25 22:10:05 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\teeth.rtf
[2013/07/23 11:04:34 | 002,664,894 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\google earth map.JPG
[2013/07/23 10:54:28 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\insurance letter.let
[2013/07/22 13:06:47 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\p&l pyramid.let
[2013/07/22 12:23:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/21 06:26:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2f2c3e3d213b35294437462c404f5d_c
[2013/07/15 18:32:33 | 001,007,446 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\mort.JPG
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/11 13:25:22 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/08/11 13:20:17 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\geminilady\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/08/11 13:20:04 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\WinZipDriverUpdater_UPDATES.job
[2013/08/11 13:19:42 | 000,017,136 | ---- | C] () -- C:\WINDOWS\System32\sasnative32.exe
[2013/08/11 13:19:25 | 000,000,266 | ---- | C] () -- C:\WINDOWS\tasks\SpeedUpMyPC.job
[2013/08/11 13:19:21 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\geminilady\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2013/08/11 13:19:10 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RegClean Pro_UPDATES.job
[2013/08/11 13:19:10 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
[2013/08/11 13:15:31 | 000,000,009 | ---- | C] () -- C:\END
[2013/08/11 12:20:32 | 000,010,647 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\asw.rtf
[2013/08/08 21:09:44 | 000,755,715 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\orgami.rtf
[2013/08/07 18:37:33 | 001,301,701 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\honey lemon.rtf
[2013/08/07 06:57:48 | 004,253,975 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\veiners 1.rtf
[2013/08/06 07:23:38 | 004,253,975 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\boo.rtf
[2013/08/04 07:19:08 | 004,253,975 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\roses.rtf
[2013/08/02 10:59:13 | 000,103,936 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\fax cover tom.pub
[2013/08/02 10:58:06 | 000,103,936 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\fax cover MaryAnne.pub
[2013/08/01 09:34:23 | 001,610,279 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\diaper 6.rtf
[2013/08/01 09:31:05 | 010,385,051 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\diaper 5.rtf
[2013/08/01 09:29:39 | 005,513,330 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\diaper 4.rtf
[2013/08/01 09:27:35 | 009,526,179 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\diaper 3.rtf
[2013/08/01 09:27:10 | 010,498,454 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\diaper 2.rtf
[2013/08/01 09:23:53 | 010,385,051 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\diaper 1.rtf
[2013/07/31 16:00:43 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/30 17:40:07 | 002,164,140 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\img009.jpg
[2013/07/29 19:39:59 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\convo.rtf
[2013/07/29 17:09:33 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/07/28 18:05:31 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\geminilady\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/28 18:05:28 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/28 18:05:28 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/25 22:10:05 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\teeth.rtf
[2013/07/23 11:04:33 | 002,664,894 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\google earth map.JPG
[2013/07/23 09:59:37 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\insurance letter.let
[2013/07/22 13:06:47 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\p&l pyramid.let
[2013/07/22 12:08:19 | 000,192,512 | ---- | C] () -- C:\Documents and Settings\geminilady\Local Settings\Application Data\common_functions.dll
[2013/07/21 06:26:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2f2c3e3d213b35294437462c404f5d_c
[2013/07/21 06:20:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2013/07/15 17:58:07 | 001,007,446 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\mort.JPG
[2013/07/14 18:56:12 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\geminilady\Start Menu\Programs\Outlook Express.lnk
[2013/07/08 16:41:54 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2013/05/17 10:41:00 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\geminilady\Local Settings\Application Data\ie_runner_app.exe
[2012/09/11 16:08:47 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF435.ini
[2012/08/26 18:02:48 | 000,000,678 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2012/08/26 17:15:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2012/08/26 17:15:35 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2012/08/26 17:15:35 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2012/08/26 17:15:34 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2012/08/26 17:15:34 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2012/08/25 10:27:04 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\geminilady\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/18 17:23:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/05 16:27:20 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\geminilady\Local Settings\Application Data\fusioncache.dat
[2012/07/19 20:19:27 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2012/07/19 20:19:27 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/07/19 20:18:54 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2012/07/19 20:18:54 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2012/07/19 20:18:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/07/19 08:43:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/19 07:10:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/19 07:05:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/07/19 02:56:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/07/19 02:55:15 | 000,505,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/07/19 20:20:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/04/20 15:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/26 14:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/06/21 16:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/12/01 14:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/07/21 06:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BasicServe
[2012/09/27 14:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2012/09/27 14:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2013/01/10 12:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2013/06/21 17:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/08/18 11:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/06/21 16:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/11/15 10:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2013/08/11 13:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2013/07/21 06:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/08/11 13:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/06/21 17:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\AVG SafeGuard toolbar
[2013/06/21 16:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\AVG2013
[2012/10/14 16:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\Babylon
[2013/07/22 11:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\DealPly
[2012/09/11 16:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\EPSON
[2013/07/08 16:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\FreeBurner
[2013/05/23 14:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\ImgBurn
[2012/09/11 21:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\Leader Technologies
[2012/08/26 17:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\MGI
[2013/06/21 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\Nico Mak Computing
[2013/01/10 13:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\SanDisk
[2013/01/10 12:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\SanDisk SecureAccess
[2013/08/11 13:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\SearchProtect
[2013/06/21 17:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\SecureSearch
[2013/07/21 06:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\SwvUpdater
[2013/08/11 13:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\Systweak
[2012/10/05 09:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\Tomabo
[2013/06/21 16:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\TuneUp Software
[2013/08/11 13:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\Uniblue
[2013/06/25 22:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\uTorrent
[2013/08/11 13:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\WinZip

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 6034-340C
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
07/11/2013 06:11 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
07/11/2013 06:11 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
07/11/2013 06:16 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
3 Dir(s) 6,724,415,488 bytes free

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: OCZ VERTEX PLUS
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 56.00GB
Starting Offset: 32256
Hidden sectors: 0

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

< End of report >


----------



## TechieRanger (Nov 1, 2012)

Thanks for providing the logs.:up:

It seems that your download of aswMBR.exe may be corrupted. Please use Internet Explorer or Firefox and re-download the tool.

http://forums.techguy.org/rhttp://public.avast.com/~gmerek/aswMBR.exe

*Next*

Please copy the contents of the *Extras.txt* file and paste it into your next reply.

The Extras.Txt log can be located in the* C:\Documents and Settings\geminilady\My Documents\Downloads* folder.

*In your next reply, please provide the following:*


aswMBR log.
Extras.Txt

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

it says my computer does not recognize how to open this program what program opens it please


----------



## JaneDoe999 (Feb 5, 2008)

OTL Extras logfile created on: 8/11/2013 1:47:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\geminilady\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.97 Mb Total Physical Memory | 477.65 Mb Available Physical Memory | 53.43% Memory free
2.12 Gb Paging File | 1.54 Gb Available in Paging File | 73.03% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 6.27 Gb Free Space | 11.22% Space Free | Partition Type: NTFS

Computer Name: GEMINILA-D2C265 | User Name: geminilady | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Tomabo\YouTube Video Downloader\YouTubeVideoDownloader.exe" = C:\Program Files\Tomabo\YouTube Video Downloader\YouTubeVideoDownloader.exe:*:Enabled:YouTube Video Downloader -- (Tomabo)
"C:\Documents and Settings\geminilady\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\geminilady\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\WinZip Driver Updater\winzipdu.exe" = C:\Program Files\WinZip Driver Updater\winzipdu.exe:*:Enabled:WinZipDriverUpdater -- (WinZip Computing, S.L. (WinZip Computing))

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 39
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A304FDE-F4E3-446D-AA0D-31425C897B71}" = PrintMaster 12
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59D268DF-CCA9-44C5-8F96-2E51BB34C829}" = Microsoft Security Client
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69BDE82E-C14F-3309-9813-E5F4E6111920}" = Google Chrome
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1" = WinZip Driver Updater
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}" = WinZip 17.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}" = ATI Catalyst Control Center
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All ATI Software" = ATI - Software Uninstall Utility
"appmarket- Toolbar" = appmarket- Toolbar
"ATI Display Driver" = ATI Display Driver
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Digital Camera Driver" = Digital Camera Driver
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 435 Series" = EPSON WorkForce 435 Series Printer Uninstall
"Free Easy Burner_is1" = Free Easy Burner V 5.1
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"LTCM Client" = LTCM Client
"MGI_Photovista_V1_4_0" = MGI Photovista 2.02(Remove only)
"MGI_PRISM_V4_0" = MGI PhotoSuite 4 (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPC Backup" = MyPC Backup 
"RealPlayer 15.0" = RealPlayer
"RealPlayer 16.0" = RealPlayer
"RegClean Pro_is1" = RegClean Pro
"SearchProtect" = Search Protect by conduit
"Secunia PSI" = Secunia PSI (3.0.0.2004)
"Shockwave" = Shockwave
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ulead Photo Express 2.0 SE" = Ulead Photo Express 2.0 SE
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.7
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YouTube Video Downloader_is1" = YouTube Video Downloader 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@[email protected]@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/14/2013 6:07:29 AM | Computer Name = GEMINILA-D2C265 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/14/2013 6:07:29 AM | Computer Name = GEMINILA-D2C265 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/15/2013 6:38:01 AM | Computer Name = GEMINILA-D2C265 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/15/2013 6:38:01 AM | Computer Name = GEMINILA-D2C265 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 6/21/2013 4:50:29 PM | Computer Name = GEMINILA-D2C265 | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error
27054. CA_Error27054: SetupAction(0xC0070642): Installation failed.

[ System Events ]
Error - 8/8/2013 10:03:01 PM | Computer Name = GEMINILA-D2C265 | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 3

Error - 8/9/2013 10:09:09 PM | Computer Name = GEMINILA-D2C265 | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 3

Error - 8/10/2013 1:41:01 PM | Computer Name = GEMINILA-D2C265 | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 3

Error - 8/10/2013 1:59:04 PM | Computer Name = GEMINILA-D2C265 | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 3

Error - 8/10/2013 5:42:59 PM | Computer Name = GEMINILA-D2C265 | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 3

Error - 8/10/2013 6:00:49 PM | Computer Name = GEMINILA-D2C265 | Source = AmdK8 | ID = 327682
Description = The Acpi 2.0 _PCT object returned an invalid value of 3

Error - 8/11/2013 1:31:37 PM | Computer Name = GEMINILA-D2C265 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 8/11/2013 1:33:04 PM | Computer Name = GEMINILA-D2C265 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 8/11/2013 1:33:34 PM | Computer Name = GEMINILA-D2C265 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 8/11/2013 1:34:04 PM | Computer Name = GEMINILA-D2C265 | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

< End of report >
獡䵷剂瘠牥楳湯〠㤮㤮ㄮ㜷‱潃祰楲桧⡴⥣㈠㄰‱噁十⁔潓瑦慷敲਍畒⁮慤整〲㌱〭ⴸ㈱ㄠ㨵㐵㔺ഴⴊⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭⴭ਍㔱㔺㨴㐵㘮㔷协嘠牥楳湯楗摮睯⁳⸵⸱㘲〰匠牥楶散倠捡⁫ളㄊ㨵㐵㔺⸴㜶‵丠浵敢⁲景瀠潲散獳牯㩳㈠㔠㘸〠㙸〸


----------



## TechieRanger (Nov 1, 2012)

:up:
*P2P Programs Warning!*

*IMPORTANT* 
I notice there are signs of one or more *P2P (Person to Person) File Sharing Programs* on your computer.


µTorrent

Please read these short reports on the dangers of peer-2-peer programs and file sharing:


*FBI Cyber Education Letter*
*File sharing infects 500,000 computers*
*ITSC: Risks in Peer-to-peer File Sharing*

I would recommend that you go to *Control Panel* > *Add/Remove Programs* and uninstall the P2P programs listed above, however that choice is up to you. 
*Note: you must NOT use any P2P whilst we are cleaning your machine.*

*Next*

*Registry Cleaner/Booster Advisory*

Registry Cleaners are *not recommended* because removing the wrong entries could render your system unbootable.

If you would like to remove the Registry Cleaner(s)/Booster(s), follow these steps:


Click on *Start* > *Control Panel*.
Click on *Add/Remove Programs*.
*Select* the following from the list:

* 
RegClean Pro 
Uniblue SpeedUpMyPC 
*
Click the *Remove* button.

*Next*

*ADWCLEANER* 
---------------------------- 
Re-run *AdwCleaner* and select *Delete*.


Once done it will ask to reboot, allow the reboot.
On reboot a log will be produced, please attach the content of the log to your next reply.
*Next*

Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

*Next*

Please download Malwarebytes Anti-Rootkit (MBAR) from here http://www.malwarebytes.org/products/mbar/ and save it to your desktop.
Direct link to the file: http://downloads.malwarebytes.org/file/mbar

Be sure to print out and follow the instructions provided on that same page.
Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
Doubleclick on the MBAR file you downloaded.
Approve the UAC prompt in Vista and newer operating systems.
Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar.
By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity.
mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
After reading the Introduction, click 'Next' if you agree.
On the Update Database screen, click on the 'Update' button.
Once you see 'Success: Database was successfully updated' click on 'Next'.
Click the 'Scan' button.
With some infections, you may see two messages boxes.
1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.



If malware is found, do NOT press the Cleanup button when the scan completes. Click *EXIT.*
Then, please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.

mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)
system-log.txt

*In your next reply, please provide the following:*


JRT.txt
AdwCleaner log.
MBAR log.
Update on how your PC is running.

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

I cannot get the AdwCleaner to download it starts then said I need uplayer to get it then iy tries to download all kinds of sites. How do I get Adw cleaner to open?


----------



## JaneDoe999 (Feb 5, 2008)

# AdwCleaner v2.306 - Logfile created 08/13/2013 at 21:23:07
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : geminilady - GEMINILA-D2C265
# Boot Mode : Normal
# Running from : C:\Documents and Settings\geminilady\My Documents\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\bprotector_prefs.js
File Deleted : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\searchplugins\delta.xml
File Deleted : C:\END
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job
Folder Deleted : C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\Conduit
Folder Deleted : C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\CT3307181
Folder Deleted : C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\CT3309350
Folder Deleted : C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\CT3309758
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\geminilady\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\geminilady\Application Data\DealPly
Folder Deleted : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\CT3307181
Folder Deleted : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\CT3309350
Folder Deleted : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\CT3309758
Folder Deleted : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\extensions\{64d64833-9296-421b-a362-83cfbd6291b6}
Folder Deleted : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\extensions\{650598e1-b35a-45d3-b607-896d7acb64c3}
Folder Deleted : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\extensions\{8480b7b1-a45c-4feb-8653-60f834f7ca4b}
Folder Deleted : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\jetpack
Folder Deleted : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\Smartbar
Folder Deleted : C:\Documents and Settings\geminilady\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\geminilady\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\geminilady\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\geminilady\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\geminilady\Local Settings\Application Data\BrowserPlus2
Folder Deleted : C:\Documents and Settings\geminilady\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\BrowserPlus2
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Gophoto.it
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\SoftwareUpdater

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\appmarket-
Key Deleted : HKCU\Software\BrowserPlus2
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{650598E1-B35A-45D3-B607-896D7ACB64C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64D64833-9296-421B-A362-83CFBD6291B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{650598E1-B35A-45D3-B607-896D7ACB64C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\appmarket-
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserPlus2
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64D64833-9296-421B-A362-83CFBD6291B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{650598E1-B35A-45D3-B607-896D7ACB64C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A83013E6-BF8A-410F-B343-E9D1E597A36E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3307181
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309350
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309758
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B8B5F24-3C68-4900-9889-0E9C064A00FF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25FA1348-FA48-4E6A-BF17-3B8ED1A1BA28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2EA941E7-6F5C-4C7F-BC86-90360C2527D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B84AE2-AFDB-40BB-B0AA-7A8CA71A763F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserPlus2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64D64833-9296-421B-A362-83CFBD6291B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{650598E1-B35A-45D3-B607-896D7ACB64C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A83013E6-BF8A-410F-B343-E9D1E597A36E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserPlus2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{650598E1-B35A-45D3-B607-896D7ACB64C3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{64D64833-9296-421B-A362-83CFBD6291B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{650598E1-B35A-45D3-B607-896D7ACB64C3}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [RDReminder]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{64D64833-9296-421B-A362-83CFBD6291B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{650598E1-B35A-45D3-B607-896D7ACB64C3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3309350&octid=CT3309350&SearchSource=61&CUI=UN35861136161941129&UM=2&UP=SP801E2A1E-2A75-4FC2-9765-74FE3C05E411 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=3b52dec7-8153-474b-a840-af52e83099d4&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\prefs.js

C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\user.js ... Deleted !

Deleted : user_pref("CT3307181.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3307181.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3307181.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3307181.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3307181.FF19Solved", "true");
Deleted : user_pref("CT3307181.FirstTime", "true");
Deleted : user_pref("CT3307181.FirstTimeFF3", "true");
Deleted : user_pref("CT3307181.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3NjI0MTQ1Nw==");
Deleted : user_pref("CT3307181.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3NjI0MTQ3MQ==");
Deleted : user_pref("CT3307181.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "Mw==");
Deleted : user_pref("CT3307181.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "NQ==");
Deleted : user_pref("CT3307181.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.[...]
Deleted : user_pref("CT3307181.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.e[...]
Deleted : user_pref("CT3307181.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3307181.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT3307181.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT3307181.SF_USER_ID.enc", "Y2lkXzExODIwMTMxMzE3MzQ3OTUxMDM3");
Deleted : user_pref("CT3307181.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT330[...]
Deleted : user_pref("CT3307181.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC[...]
Deleted : user_pref("CT3307181.UserID", "UN27506442082542432");
Deleted : user_pref("CT3307181.acp_personal.appstate.enc", "ZW5hYmxl");
Deleted : user_pref("CT3307181.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3307181.addressUrlXPETakeover", "true");
Deleted : user_pref("CT3307181.autoDisableScopes", -1);
Deleted : user_pref("CT3307181.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3307181.cb_experience_000.enc", "MTE=");
Deleted : user_pref("CT3307181.cb_firstuse0100.enc", "MQ==");
Deleted : user_pref("CT3307181.cb_user_id_000.enc", "Q0I1NjkzOTE2NDU5MDBfMTM3NjI0MTQ1NzAxM19GaXJlZm94");
Deleted : user_pref("CT3307181.cbfirsttime.enc", "U3VuIEF1ZyAxMSAyMDEzIDEzOjE3OjM2IEdNVC0wNDAwIChFYXN0ZXJuIFN0[...]
Deleted : user_pref("CT3307181.countryCode", "US");
Deleted : user_pref("CT3307181.defaultSearch", "true");
Deleted : user_pref("CT3307181.defaultSearchXPETakeover", "true");
Deleted : user_pref("CT3307181.enableAlerts", "true");
Deleted : user_pref("CT3307181.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3307181.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3307181.fixPageNotFoundError", "true");
Deleted : user_pref("CT3307181.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3307181.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3307181.fixUrls", true);
Deleted : user_pref("CT3307181.fullUserID", "UN27506442082542432.IN.20130811131627");
Deleted : user_pref("CT3307181.homepageuserchanged", true);
Deleted : user_pref("CT3307181.installDate", "11/08/2013 13:16:27");
Deleted : user_pref("CT3307181.installId", "cidcvx");
Deleted : user_pref("CT3307181.installSessionId", "{26615E9D-CA62-49AA-93A2-C81BEF0A2D77}");
Deleted : user_pref("CT3307181.installSp", "true");
Deleted : user_pref("CT3307181.installType", "conduitnsisintegration");
Deleted : user_pref("CT3307181.installUsage", "2013-08-11T20:17:32.9763845+03:00");
Deleted : user_pref("CT3307181.installUsageEarly", "2013-08-11T20:17:28.3044198+03:00");
Deleted : user_pref("CT3307181.installerVersion", "1.5.4.5");
Deleted : user_pref("CT3307181.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3307181.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3307181.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3307181.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3307181.keyword", "true");
Deleted : user_pref("CT3307181.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3307181.lastVersion", "10.16.9.506");
Deleted : user_pref("CT3307181.mam_gk_appStateReportTime.enc", "MTM3NjI0MTQ1MTg3NA==");
Deleted : user_pref("CT3307181.mam_gk_appState_ACplus.enc", "b24=");
Deleted : user_pref("CT3307181.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3307181.mam_gk_appState_Discover.enc", "b24=");
Deleted : user_pref("CT3307181.mam_gk_appState_Easytobook.enc", "b24=");
Deleted : user_pref("CT3307181.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Deleted : user_pref("CT3307181.mam_gk_appState_Find-a-Pro.enc", "b24=");
Deleted : user_pref("CT3307181.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
Deleted : user_pref("CT3307181.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3307181.mam_gk_appState_WindowShopper.enc", "b24=");
Deleted : user_pref("CT3307181.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3307181.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3307181.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJ[...]
Deleted : user_pref("CT3307181.mam_gk_currentVersion.enc", "MS45LjAuNA==");
Deleted : user_pref("CT3307181.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Deleted : user_pref("CT3307181.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3307181.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3307181.mam_gk_lastLoginTime.enc", "MTM3NjI0MTQ0OTQ5Ng==");
Deleted : user_pref("CT3307181.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3307181.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3307181.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3307181.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3307181.mam_gk_userId.enc", "NWQ5NDI5MTUtYzhiMC00ZDNmLWFjMjctZTNmNWViOThkNzY0");
Deleted : user_pref("CT3307181.migrateAppsAndComponents", true);
Deleted : user_pref("CT3307181.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps[...]
Deleted : user_pref("CT3307181.openThankYouPage", "false");
Deleted : user_pref("CT3307181.openUninstallPage", "true");
Deleted : user_pref("CT3307181.originalHomepage", "hxxp://www.google.com/");
Deleted : user_pref("CT3307181.originalSearchAddressUrl", "");
Deleted : user_pref("CT3307181.originalSearchEngine", "");
Deleted : user_pref("CT3307181.originalSearchEngineName", "");
Deleted : user_pref("CT3307181.revertSettingsEnabled", "false");
Deleted : user_pref("CT3307181.search.searchAppId", "130166768271741233");
Deleted : user_pref("CT3307181.search.searchCount", "0");
Deleted : user_pref("CT3307181.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3307181.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3307181.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3307181.searchRevert", "false");
Deleted : user_pref("CT3307181.searchSuggestEnabledByUser", "true");
Deleted : user_pref("CT3307181.searchUserMode", "2");
Deleted : user_pref("CT3307181.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3307181.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3307181.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3307181.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3307181.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3307181.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3307181.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3307181.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3307181.serviceLayer_services_Configuration_lastUpdate", "1376415419494");
Deleted : user_pref("CT3307181.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1376241441121");
Deleted : user_pref("CT3307181.serviceLayer_services_appsMetadata_lastUpdate", "1376243208339");
Deleted : user_pref("CT3307181.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1376241441330");
Deleted : user_pref("CT3307181.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1376241440[...]
Deleted : user_pref("CT3307181.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1376241445453")[...]
Deleted : user_pref("CT3307181.serviceLayer_services_login_10.16.9.506_lastUpdate", "1376432810293");
Deleted : user_pref("CT3307181.serviceLayer_services_login_10.16.9.6_lastUpdate", "1376303152590");
Deleted : user_pref("CT3307181.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1376241441224");
Deleted : user_pref("CT3307181.serviceLayer_services_searchAPI_lastUpdate", "1376415419567");
Deleted : user_pref("CT3307181.serviceLayer_services_serviceMap_lastUpdate", "1376415419348");
Deleted : user_pref("CT3307181.serviceLayer_services_toolbarContextMenu_lastUpdate", "1376241441681");
Deleted : user_pref("CT3307181.serviceLayer_services_toolbarSettings_lastUpdate", "1376440010259");
Deleted : user_pref("CT3307181.serviceLayer_services_translation_lastUpdate", "1376415419945");
Deleted : user_pref("CT3307181.settingsINI", true);
Deleted : user_pref("CT3307181.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3307181.showToolbarPermission", "false");
Deleted : user_pref("CT3307181.smartbar.CTID", "CT3307181");
Deleted : user_pref("CT3307181.smartbar.Uninstall", "0");
Deleted : user_pref("CT3307181.smartbar.homepage", "true");
Deleted : user_pref("CT3307181.smartbar.isHidden", true);
Deleted : user_pref("CT3307181.smartbar.toolbarName", "appmarket- ");
Deleted : user_pref("CT3307181.startPage", "true");
Deleted : user_pref("CT3307181.startPageXPETakeover", "true");
Deleted : user_pref("CT3307181.toolbarBornServerTime", "11-8-2013");
Deleted : user_pref("CT3307181.toolbarCurrentServerTime", "14-8-2013");
Deleted : user_pref("CT3307181.toolbarLoginClientTime", "Sun Aug 11 2013 13:17:24 GMT-0400 (Eastern Standard T[...]
Deleted : user_pref("CT3307181.url_history0001.enc", "aHR0cDovL2ZvcnVtcy50ZWNoZ3V5Lm9yZy9uZXdyZXBseS5waHA/ZG89[...]
Deleted : user_pref("CT3307181.versionFromInstaller", "10.16.9.6");
Deleted : user_pref("CT3307181.xpeMode", "3");
Deleted : user_pref("CT3307181_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3309350.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3309350.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3309350.1000234.TWC_TMP_city", "BALLSTON SPA");
Deleted : user_pref("CT3309350.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT3309350.1000234.TWC_country", "UNITED STATES");
Deleted : user_pref("CT3309350.1000234.TWC_locId", "USNY0082");
Deleted : user_pref("CT3309350.1000234.TWC_location", "Ballston Spa, NY");
Deleted : user_pref("CT3309350.1000234.TWC_region", "US");
Deleted : user_pref("CT3309350.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT3309350.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT3309350.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3309350.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3309350.FF19Solved", "true");
Deleted : user_pref("CT3309350.FirstTime", "true");
Deleted : user_pref("CT3309350.FirstTimeFF3", "true");
Deleted : user_pref("CT3309350.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT330[...]
Deleted : user_pref("CT3309350.UserID", "UN26233718531020526");
Deleted : user_pref("CT3309350.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3309350.autoDisableScopes", -1);
Deleted : user_pref("CT3309350.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3309350.countryCode", "US");
Deleted : user_pref("CT3309350.defaultSearch", "true");
Deleted : user_pref("CT3309350.embeddedsData", "[{\"appId\":\"130185669868318633\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3309350.enableAlerts", "true");
Deleted : user_pref("CT3309350.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3309350.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3309350.fixPageNotFoundError", "true");
Deleted : user_pref("CT3309350.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3309350.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3309350.fixUrls", true);
Deleted : user_pref("CT3309350.fullUserID", "UN26233718531020526.IN.20130813195209");
Deleted : user_pref("CT3309350.homepageuserchanged", true);
Deleted : user_pref("CT3309350.installDate", "13/08/2013 19:52:08");
Deleted : user_pref("CT3309350.installId", "stub.exe");
Deleted : user_pref("CT3309350.installSessionId", "{2BCE4369-415C-48AA-9728-3B259E81DB23}");
Deleted : user_pref("CT3309350.installSp", "TRUE");
Deleted : user_pref("CT3309350.installType", "conduitnsisintegration");
Deleted : user_pref("CT3309350.installUsage", "2013-08-14T02:55:33.860585+03:00");
Deleted : user_pref("CT3309350.installUsageEarly", "2013-08-14T02:55:27.21996+03:00");
Deleted : user_pref("CT3309350.installerVersion", "1.5.4.5");
Deleted : user_pref("CT3309350.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3309350.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3309350.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3309350.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3309350.keyword", "true");
Deleted : user_pref("CT3309350.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3309350.lastVersion", "10.16.9.6");
Deleted : user_pref("CT3309350.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3309350.migrateAppsAndComponents", true);
Deleted : user_pref("CT3309350.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fapps.facebook.c[...]
Deleted : user_pref("CT3309350.openThankYouPage", "false");
Deleted : user_pref("CT3309350.openUninstallPage", "true");
Deleted : user_pref("CT3309350.originalHomepage", "hxxps://www.google.com/");
Deleted : user_pref("CT3309350.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT33[...]
Deleted : user_pref("CT3309350.originalSearchEngine", "");
Deleted : user_pref("CT3309350.originalSearchEngineName", "TrustWorthy Customized Web Search");
Deleted : user_pref("CT3309350.revertSettingsEnabled", "false");
Deleted : user_pref("CT3309350.search.searchAppId", "130185669868318633");
Deleted : user_pref("CT3309350.search.searchCount", "0");
Deleted : user_pref("CT3309350.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3309350.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3309350.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3309350.searchRevert", "false");
Deleted : user_pref("CT3309350.searchSuggestEnabledByUser", "true");
Deleted : user_pref("CT3309350.searchUserMode", "2");
Deleted : user_pref("CT3309350.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3309350.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3309350.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3309350.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3309350.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3309350.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3309350.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3309350.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3309350.serviceLayer_services_Configuration_lastUpdate", "1376438126494");
Deleted : user_pref("CT3309350.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1376438128725");
Deleted : user_pref("CT3309350.serviceLayer_services_appsMetadata_lastUpdate", "1376438290740");
Deleted : user_pref("CT3309350.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1376438128466");
Deleted : user_pref("CT3309350.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1376438126[...]
Deleted : user_pref("CT3309350.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1376438133672")[...]
Deleted : user_pref("CT3309350.serviceLayer_services_login_10.16.9.6_lastUpdate", "1376438550273");
Deleted : user_pref("CT3309350.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1376438128616");
Deleted : user_pref("CT3309350.serviceLayer_services_searchAPI_lastUpdate", "1376438126576");
Deleted : user_pref("CT3309350.serviceLayer_services_serviceMap_lastUpdate", "1376438125920");
Deleted : user_pref("CT3309350.serviceLayer_services_toolbarContextMenu_lastUpdate", "1376438128339");
Deleted : user_pref("CT3309350.serviceLayer_services_toolbarSettings_lastUpdate", "1376438290547");
Deleted : user_pref("CT3309350.serviceLayer_services_translation_lastUpdate", "1376438128771");
Deleted : user_pref("CT3309350.settingsINI", true);
Deleted : user_pref("CT3309350.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3309350.showToolbarPermission", "false");
Deleted : user_pref("CT3309350.smartbar.CTID", "CT3309350");
Deleted : user_pref("CT3309350.smartbar.Uninstall", "0");
Deleted : user_pref("CT3309350.smartbar.homepage", "true");
Deleted : user_pref("CT3309350.smartbar.isHidden", true);
Deleted : user_pref("CT3309350.smartbar.toolbarName", "BrowserPlus2 ");
Deleted : user_pref("CT3309350.startPage", "true");
Deleted : user_pref("CT3309350.toolbarBornServerTime", "14-8-2013");
Deleted : user_pref("CT3309350.toolbarCurrentServerTime", "14-8-2013");
Deleted : user_pref("CT3309350.toolbarLoginClientTime", "Tue Aug 13 2013 19:55:33 GMT-0400 (Eastern Standard T[...]
Deleted : user_pref("CT3309350.versionFromInstaller", "10.16.9.6");
Deleted : user_pref("CT3309350.xpeMode", "3");
Deleted : user_pref("CT3309350_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3309758.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3309758.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3309758.1000234.TWC_TMP_city", "BALLSTON SPA");
Deleted : user_pref("CT3309758.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT3309758.1000234.TWC_country", "UNITED STATES");
Deleted : user_pref("CT3309758.1000234.TWC_locId", "USNY0082");
Deleted : user_pref("CT3309758.1000234.TWC_location", "Ballston Spa, NY");
Deleted : user_pref("CT3309758.1000234.TWC_region", "US");
Deleted : user_pref("CT3309758.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT3309758.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT3309758.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3309758.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3309758.FF19Solved", "true");
Deleted : user_pref("CT3309758.FirstTime", "true");
Deleted : user_pref("CT3309758.FirstTimeFF3", "true");
Deleted : user_pref("CT3309758.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3309758.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT3309758.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT3309758.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT330[...]
Deleted : user_pref("CT3309758.UserID", "UN15729879511901724");
Deleted : user_pref("CT3309758.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3309758.autoDisableScopes", -1);
Deleted : user_pref("CT3309758.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3309758.cb_experience_000.enc", "Mg==");
Deleted : user_pref("CT3309758.cb_firstuse0100.enc", "MQ==");
Deleted : user_pref("CT3309758.cb_user_id_000.enc", "Q0I0MjQ2NDc0MjUyMjdfMTM3NjQzMzIxNDg2M19GaXJlZm94");
Deleted : user_pref("CT3309758.cbfirsttime.enc", "VHVlIEF1ZyAxMyAyMDEzIDE4OjMzOjMzIEdNVC0wNDAwIChFYXN0ZXJuIFN0[...]
Deleted : user_pref("CT3309758.countryCode", "US");
Deleted : user_pref("CT3309758.defaultSearch", "true");
Deleted : user_pref("CT3309758.embeddedsData", "[{\"appId\":\"130189639317126526\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3309758.enableAlerts", "true");
Deleted : user_pref("CT3309758.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3309758.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3309758.fixPageNotFoundError", "true");
Deleted : user_pref("CT3309758.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3309758.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3309758.fixUrls", true);
Deleted : user_pref("CT3309758.fullUserID", "UN15729879511901724.IN.20130813182323");
Deleted : user_pref("CT3309758.homepageuserchanged", true);
Deleted : user_pref("CT3309758.installDate", "13/08/2013 18:23:23");
Deleted : user_pref("CT3309758.installId", "cidoc");
Deleted : user_pref("CT3309758.installSessionId", "{47E4A07A-ABE9-4462-A584-5E1EE6316E05}");
Deleted : user_pref("CT3309758.installSp", "TRUE");
Deleted : user_pref("CT3309758.installType", "conduitnsisintegration");
Deleted : user_pref("CT3309758.installUsage", "2013-08-14T01:25:02.0196749+03:00");
Deleted : user_pref("CT3309758.installUsageEarly", "2013-08-14T01:24:53.0496174+03:00");
Deleted : user_pref("CT3309758.installerVersion", "1.5.4.5");
Deleted : user_pref("CT3309758.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3309758.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3309758.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3309758.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3309758.keyword", "true");
Deleted : user_pref("CT3309758.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3309758.lastVersion", "10.16.9.506");
Deleted : user_pref("CT3309758.mam_gk_appStateReportTime.enc", "MTM3NjQzMjcyODkzOQ==");
Deleted : user_pref("CT3309758.mam_gk_appState_ACplus.enc", "b24=");
Deleted : user_pref("CT3309758.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3309758.mam_gk_appState_Discover.enc", "b24=");
Deleted : user_pref("CT3309758.mam_gk_appState_Easytobook.enc", "b24=");
Deleted : user_pref("CT3309758.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Deleted : user_pref("CT3309758.mam_gk_appState_Find-a-Pro.enc", "b24=");
Deleted : user_pref("CT3309758.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3309758.mam_gk_appState_WindowShopper.enc", "b24=");
Deleted : user_pref("CT3309758.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3309758.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3309758.mam_gk_calledSetupService.enc", "MQ==");
Deleted : user_pref("CT3309758.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkRpc2NvdmVyIiwiY3J[...]
Deleted : user_pref("CT3309758.mam_gk_currentVersion.enc", "MS4xMC4yLjU=");
Deleted : user_pref("CT3309758.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Deleted : user_pref("CT3309758.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3309758.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3309758.mam_gk_lastLoginTime.enc", "MTM3NjQzMjcyMTU2MQ==");
Deleted : user_pref("CT3309758.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3309758.mam_gk_new_welcome_experience.enc", "MQ==");
Deleted : user_pref("CT3309758.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3309758.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVy[...]
Deleted : user_pref("CT3309758.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3309758.mam_gk_userId.enc", "ODBiODNjMjctYWFlMi00YmU4LThmOTYtMThjMTgwYzYyYTQy");
Deleted : user_pref("CT3309758.mam_gk_user_approval_interacted.enc", "MQ==");
Deleted : user_pref("CT3309758.mam_gk_welcomeDialogMode.enc", "MQ==");
Deleted : user_pref("CT3309758.migrateAppsAndComponents", true);
Deleted : user_pref("CT3309758.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps[...]
Deleted : user_pref("CT3309758.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3309758.openThankYouPage", "false");
Deleted : user_pref("CT3309758.openUninstallPage", "true");
Deleted : user_pref("CT3309758.originalHomepage", "hxxps://www.google.com/");
Deleted : user_pref("CT3309758.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT33[...]
Deleted : user_pref("CT3309758.originalSearchEngine", "Google");
Deleted : user_pref("CT3309758.originalSearchEngineName", "appmarket- Customized Web Search");
Deleted : user_pref("CT3309758.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3309758.revertSettingsEnabled", "true");
Deleted : user_pref("CT3309758.search.searchAppId", "130189639317126526");
Deleted : user_pref("CT3309758.search.searchCount", "0");
Deleted : user_pref("CT3309758.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3309758.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3309758.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3309758.searchRevert", "true");
Deleted : user_pref("CT3309758.searchSuggestEnabledByUser", "true");
Deleted : user_pref("CT3309758.searchUserMode", "2");
Deleted : user_pref("CT3309758.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3309758.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3309758.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3309758.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3309758.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3309758.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3309758.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3309758.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3309758.serviceLayer_services_Configuration_lastUpdate", "1376432692538");
Deleted : user_pref("CT3309758.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1376432695398");
Deleted : user_pref("CT3309758.serviceLayer_services_appsMetadata_lastUpdate", "1376432695438");
Deleted : user_pref("CT3309758.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1376432695072");
Deleted : user_pref("CT3309758.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1376432692[...]
Deleted : user_pref("CT3309758.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1376432702465")[...]
Deleted : user_pref("CT3309758.serviceLayer_services_login_10.16.9.506_lastUpdate", "1376433307180");
Deleted : user_pref("CT3309758.serviceLayer_services_login_10.16.9.6_lastUpdate", "1376432701572");
Deleted : user_pref("CT3309758.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1376432695314");
Deleted : user_pref("CT3309758.serviceLayer_services_searchAPI_lastUpdate", "1376432692443");
Deleted : user_pref("CT3309758.serviceLayer_services_serviceMap_lastUpdate", "1376432691850");
Deleted : user_pref("CT3309758.serviceLayer_services_toolbarContextMenu_lastUpdate", "1376432695188");
Deleted : user_pref("CT3309758.serviceLayer_services_toolbarSettings_lastUpdate", "1376439892757");
Deleted : user_pref("CT3309758.serviceLayer_services_translation_lastUpdate", "1376432695003");
Deleted : user_pref("CT3309758.settingsINI", true);
Deleted : user_pref("CT3309758.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3309758.showToolbarPermission", "false");
Deleted : user_pref("CT3309758.smartbar.CTID", "CT3309758");
Deleted : user_pref("CT3309758.smartbar.Uninstall", "0");
Deleted : user_pref("CT3309758.smartbar.homepage", "true");
Deleted : user_pref("CT3309758.smartbar.isHidden", true);
Deleted : user_pref("CT3309758.smartbar.toolbarName", "TrustWorthy ");
Deleted : user_pref("CT3309758.startPage", "true");
Deleted : user_pref("CT3309758.toolbarBornServerTime", "14-8-2013");
Deleted : user_pref("CT3309758.toolbarCurrentServerTime", "14-8-2013");
Deleted : user_pref("CT3309758.toolbarLoginClientTime", "Tue Aug 13 2013 18:25:01 GMT-0400 (Eastern Standard T[...]
Deleted : user_pref("CT3309758.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Deleted : user_pref("CT3309758.versionFromInstaller", "10.16.9.6");
Deleted : user_pref("CT3309758.xpeMode", "3");
Deleted : user_pref("CT3309758_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3309350&CUI=UN26233718[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3309350");
Deleted : user_pref("browser.search.defaultenginename", "BrowserPlus2 Customized Web Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "BrowserPlus2 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&CUI[...]
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.bbDpng", "22");
Deleted : user_pref("extensions.delta.cntry", "US");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.hdrMd5", "F8BBB1879582C20E9777E21AD8B388D5");
Deleted : user_pref("extensions.delta.id", "6034340c000000000000001bfc68835f");
Deleted : user_pref("extensions.delta.instlDay", "15908");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.lastVrsnTs", "1.8.21.511:48:31");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.sg", "azb");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.511:48:31");
Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Deleted : user_pref("extensions.delta_i.babExt", "");
Deleted : user_pref("extensions.delta_i.babTrack", "affID=122123&tsp=4951");
Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3309350");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3307181&CUI=UN275064420[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3309350");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3309350");
Deleted : user_pref("smartbar.machineId", "7TLIDW111Y58ZOQEZO7+CJGNLUNMCJ5X192CFSYTCKGRKNDP2NKUESDCB11SDZ14JRL[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3307181&CUI=UN275064420825[...]

-\\ Google Chrome v28.0.1500.95

File : C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [9391 octets] - [03/08/2013 17:25:35]
AdwCleaner[R3].txt - [9451 octets] - [03/08/2013 17:26:17]
AdwCleaner[R4].txt - [9511 octets] - [11/08/2013 12:19:16]
AdwCleaner[R5].txt - [9571 octets] - [11/08/2013 12:22:20]
AdwCleaner[R6].txt - [46225 octets] - [13/08/2013 21:21:07]
AdwCleaner[R7].txt - [46286 octets] - [13/08/2013 21:22:17]
AdwCleaner[S2].txt - [47400 octets] - [13/08/2013 21:23:07]

########## EOF - C:\AdwCleaner[S2].txt - [47461 octets] ##########


----------



## JaneDoe999 (Feb 5, 2008)

Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.4 (08.12.2013:1)
OS: Microsoft Windows XP x86
Ran by geminilady on Tue 08/13/2013 at 21:35:30.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\systweakasp
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB81AB82-DFE8-4E80-AA91-69EE189DA265}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3178A392-8963-471E-B7A2-969CB58D6496}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3178A392-8963-471E-B7A2-969CB58D6496}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3178A392-8963-471E-B7A2-969CB58D6496}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3178A392-8963-471E-B7A2-969CB58D6496}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\systweak"
Successfully deleted: [Folder] "C:\Documents and Settings\geminilady\Application Data\systweak"
Successfully deleted: [Folder] "C:\Documents and Settings\geminilady\Local Settings\Application Data\downloadterms"
Successfully deleted: [Folder] "C:\Program Files\mypc backup"

~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\geminilady\Application Data\mozilla\firefox\profiles\9dsl95vw.default\invalidprefs.js
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\[email protected]"
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\[email protected]"
Successfully deleted: [Folder] C:\Documents and Settings\geminilady\Application Data\mozilla\firefox\profiles\9dsl95vw.default\extensions\[email protected]
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\[email protected]
Emptied folder: C:\Documents and Settings\geminilady\Application Data\mozilla\firefox\profiles\9dsl95vw.default\minidumps [1 files]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/13/2013 at 21:43:10.25
End of JRT log


----------



## TechieRanger (Nov 1, 2012)

Instead of Malwarebytes Anti-Rootkit, please Run MBAM:

*MALWAREBYTES' ANTI-MALWARE* 
------------------------------------------- 
Download *Malwarebytes' Anti-Malware*: http://www.malwarebytes.org/mbam.php to your desktop.


Double-click *mbam-setup.exe* and follow the prompts to install the program. 
At the end, be sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click *Finish*. 
If an update is found, it will download and install the latest version. 
Once the program has loaded, select *Perform quick scan*, then click *Scan*. 
When the scan is complete, click *OK*, then *Show Results* to view the results. 
Be sure that *everything is checked*, and click *Remove Selected*. 
When completed, a log will open in Notepad. Please save it to a convenient location and post the results. 
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please *reboot*. 
*In your next reply, please provide the following:*


MBAM log.
Update on how your PC is running. 

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.14.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
geminilady :: GEMINILA-D2C265 [administrator]

8/14/2013 6:13:44 AM
mbam-log-2013-08-14 (06-13-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334514
Time elapsed: 52 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Babylon.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LessTabs (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8A2BBD3A-2130-4882-B198-863271F320DE} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCR\Interface\{39E6096A-E5CA-483A-A05C-AA967F48FD1C} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Program Files\LessTabs (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files\LessTabs\3rd Party Licenses (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files\LessTabs\FireFox (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files\LessTabs\IE32 (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.

Files Detected: 55
C:\Documents and Settings\All Users\Application Data\BasicServe\basicserve111.exe (Adware.OneStep) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\adwcleaner-oc-jd.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\Avast.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\Firefox_setup.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\FlashPlayer_V.120963594b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\FlashPlayer_V.133559071b.exe (PUP.FakeFlash.Domaiq) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\FlashPlayer_V.18670186b.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\installer_firefox_English.exe (PUP.Optional.Vittalia) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\Setup(1).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\setup(2).exe (Adware.Linkular) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\Setup(3).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\1374507990itinstallerp.exe (PUP.Optional.Vittalia) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\1374588328itinstallerp.exe (PUP.Optional.Vittalia) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\74SS7jLV.exe.part (PUP.Downware) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\ICReinstall_setup(1).exe (PUP.Optional.IronInstall) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\instloffer.exe (PUP.Optional.VIT.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\SetupToparcadehits.exe (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\wUK4W965.exe.part (PUP.Downware) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\176EAFC9-BAB0-7891-BCAA-D5FB7A187312\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\176EAFC9-BAB0-7891-BCAA-D5FB7A187312\Latest\ccp.exe (PUP.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\176EAFC9-BAB0-7891-BCAA-D5FB7A187312\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\176EAFC9-BAB0-7891-BCAA-D5FB7A187312\Latest\Setup.exe (PUP.Babylon.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\ct3295465\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\ct3295465\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\ct3295465\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temp\ct3295790\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temporary Internet Files\Content.IE5\2R83RHVY\appmarket-[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temporary Internet Files\Content.IE5\2R83RHVY\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temporary Internet Files\Content.IE5\2R83RHVY\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temporary Internet Files\Content.IE5\2R83RHVY\pack[1].7z (PUP.Browser.Defender.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temporary Internet Files\Content.IE5\2R83RHVY\reg[1].exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temporary Internet Files\Content.IE5\2R83RHVY\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temporary Internet Files\Content.IE5\E7GRUFWL\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temporary Internet Files\Content.IE5\GSRICDC9\basicserve_bscsrvlink5[1].exe (Rogue.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temporary Internet Files\Content.IE5\GSRICDC9\ism[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temporary Internet Files\Content.IE5\S021ARLH\TrustWorthy[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temporary Internet Files\Content.IE5\TZUYLMMP\setup__2677_i37483710[1].exe (PUP.Optional.Amonetize) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temporary Internet Files\Content.IE5\TZUYLMMP\stubinst_pkg_en-us[2].cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temporary Internet Files\Content.IE5\TZUYLMMP\stublogic[2].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Temporary Internet Files\Content.IE5\U3WLQP0T\BrowserPlus2[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FI291WF1\upgrade[1].cab (Adware.OneStep) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\BASICSERVE\BASICSERVE111.EXE (PUP.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files\BASICSERVE\BASICSERVE.EXE (PUP.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files\BASICSERVE\BASICSERVE.DLL (PUP.Zwangi) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\WINZIPDRIVERUPDATER_UPDATES.JOB (PUP.Optional.WZDriverUpdater.A) -> Quarantined and deleted successfully.
C:\Program Files\LessTabs\TERMS-OF-SERVICE.RTF (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files\LessTabs\Uninstall.exe (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files\LessTabs\3RD PARTY LICENSES\buildcrx-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files\LessTabs\3RD PARTY LICENSES\Info-ZIP-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files\LessTabs\3RD PARTY LICENSES\nsJSON-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files\LessTabs\3RD PARTY LICENSES\UAC-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files\LessTabs\FireFox\[email protected] (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files\LessTabs\IE32\LessTabsClientIE.dll (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.

(end)

will post later update on how computer is running thank you so much for all you've done to help me it is appreciated


----------



## TechieRanger (Nov 1, 2012)

Thank you for your patience, and completing the steps requested. I look forward to the update!:up:



Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

so far no pop ups and it seems to be running faster thank you again


----------



## TechieRanger (Nov 1, 2012)

Please post a fresh OTL scan log so I can review it.

*In your next reply, please provide the following: 
*

OTL Scan log.

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

i now get this when I turn on my computer


----------



## JaneDoe999 (Feb 5, 2008)

OTL logfile created on: 8/15/2013 9:50:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\geminilady\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.97 Mb Total Physical Memory | 177.32 Mb Available Physical Memory | 19.84% Memory free
2.12 Gb Paging File | 1.44 Gb Available in Paging File | 67.98% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 3.95 Gb Free Space | 7.07% Space Free | Partition Type: NTFS
Drive D: | 230.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GEMINILA-D2C265 | User Name: geminilady | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\geminilady\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Documents and Settings\geminilady\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll ()
MOD - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\pysqlite2._sqlite.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\_elementtree.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\win32api.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\_socket.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\win32ts.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\wx._gdi_.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\windows._cacheinvalidation.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\win32com.shell.shell.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\wx._html2.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\_multiprocessing.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\win32crypt.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\wx._core_.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\wx._misc_.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\pythoncom27.dll ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\PyWinTypes27.dll ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\win32security.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\_ctypes.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\win32profile.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\_ssl.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\wx._windows_.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\_hashlib.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\wx._wizard.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\win32file.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\win32process.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\win32pdh.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\win32inet.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\wx._controls_.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\pyexpat.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\win32event.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\unicodedata.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Temp\_MEI26244\select.pyd ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll ()
MOD - C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll ()
MOD - C:\Documents and Settings\geminilady\Application Data\SanDisk\My Vaults\dmBackup.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()

========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (vToolbarUpdater15.4.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (MpKslcb9a4f3b) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CFB05BFC-C439-4852-848B-92F40BD57BC6}\MpKslcb9a4f3b.sys (Microsoft Corporation)
DRV - (gfibto) -- C:\WINDOWS\system32\drivers\gfibto.sys (GFI Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 D7 84 35 E3 A0 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={3B91076E-CA25-4458-8CA3-5C3458834C79}&mid=b8d876a0f9d3441da91fa83695c16a88-5ee23d66c5aa780405d01015974a444017385f18&lang=en&ds=hk018&pr=sa&d=2013-08-15 19:20:16&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B55A8EC97-6AF6-442c-877F-11C51DBD162D%7D:1.0.2
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B740B3FD5-4483-469D-BE7F-8555B153BD04%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B3DF4B26D-DB19-45DF-962A-6719D071245B%7D:1.3.1
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.4.0.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@richmediaplayer.com/nppluginrichmediaplayer: C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{55A8EC97-6AF6-442c-877F-11C51DBD162D}: C:\Program Files\Tomabo\YouTube Video Downloader\YVD_FF.xpi [2012/09/07 23:38:44 | 000,013,126 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/05/19 09:50:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/05/19 09:50:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3DF4B26D-DB19-45DF-962A-6719D071245B}: C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} [2013/08/13 18:26:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5 [2013/08/15 19:20:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/13 18:26:26 | 000,000,000 | ---D | M]

[2013/07/22 11:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\geminilady\Application Data\Mozilla\Extensions
[2013/08/13 21:41:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\extensions
[2013/08/13 21:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/02 21:30:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/07/02 21:30:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/07/21 09:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/21 09:29:14 | 000,000,000 | ---D | M] (BasicServe) -- C:\Program Files\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
[2013/07/28 18:04:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/15 19:20:19 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\15.4.0.5
[2013/05/19 09:50:25 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013/08/13 18:26:24 | 000,000,000 | ---D | M] (Rich Media Player extension) -- C:\DOCUMENTS AND SETTINGS\GEMINILADY\LOCAL SETTINGS\APPLICATION DATA\RICH MEDIA PLAYER\BROWSEREXTENSIONS\FIREFOX\{3DF4B26D-DB19-45DF-962A-6719D071245B}
[2012/09/07 23:38:44 | 000,013,126 | ---- | M] () (No name found) -- C:\PROGRAM FILES\TOMABO\YOUTUBE VIDEO DOWNLOADER\YVD_FF.XPI
[2013/03/12 04:27:46 | 000,093,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl\1.11.1.1216_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl\1.11.1.1216_0\.bak
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.3_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib\3_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igljnkmljjbhcellpnjppojkfdfmkjmp\1.0.2_0\

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Rich Media Downloader) - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (Radiocom CJSC)
O2 - BHO: (Rich Media Player) - {FEB703F7-E7B2-4AB0-9566-87658AC70095} - C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll ()
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Search Protection] C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [EPSON WorkForce 435 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHRA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\geminilady\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download video on this page - C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O8 - Extra context menu item: Download video this links to - C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O9 - Extra Button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (Radiocom CJSC)
O9 - Extra Button: Download Video - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O9 - Extra 'Tools' menuitem : Download video on this page - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1342699152375 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342699640281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE9C6F4A-BA34-4744-91D8-389042017037}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\geminilady\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\geminilady\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/19 07:08:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT 
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/15 19:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2013/08/15 19:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013/08/15 19:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\My Documents\pics 8-15-13
[2013/08/14 06:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/14 06:12:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/08/14 06:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/13 21:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/08/13 21:35:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/08/13 18:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rich Media Player
[2013/08/13 18:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\My Documents\rmi
[2013/08/13 18:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player
[2013/08/13 07:09:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/12 18:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Start Menu\Programs\uPlayer
[2013/08/12 18:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Application Data\uPlayer
[2013/08/12 18:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\uPlayer
[2013/08/12 18:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth Pro
[2013/08/12 13:49:10 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/08/12 13:49:10 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/08/12 13:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/08/12 13:49:07 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/08/12 13:49:07 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/08/12 13:49:07 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/08/12 13:49:06 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2013/08/12 13:49:06 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2013/08/12 13:49:06 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2013/08/12 13:48:20 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/08/12 13:48:19 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/08/12 13:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/08/12 13:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/08/11 13:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/08/11 13:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/07/30 17:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\My Documents\Rt 9
[2013/07/29 17:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/07/28 18:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/22 12:08:18 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Documents and Settings\geminilady\Local Settings\Application Data\log4cxx.dll
[2013/07/22 12:05:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2013/07/22 11:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013/07/21 06:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\BasicServe
[2013/07/21 06:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BasicServe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/15 21:28:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/15 21:07:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/15 19:22:36 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/08/15 19:20:20 | 000,003,725 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/08/15 19:20:10 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/08/15 19:18:37 | 000,000,000 | ---- | M] () -- C:\END
[2013/08/15 19:12:01 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/08/15 19:06:31 | 000,548,698 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/15 19:06:31 | 000,100,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/15 19:05:06 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\geminilady\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/15 19:02:58 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/15 19:02:47 | 000,000,324 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/08/15 19:02:47 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/08/15 19:02:47 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/08/15 19:02:47 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/08/15 19:01:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/15 15:01:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2013/08/14 22:06:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/14 16:24:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
[2013/08/14 07:09:59 | 000,010,984 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\scan 14.rtf
[2013/08/14 06:12:34 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/14 05:57:54 | 000,721,419 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\bug.rtf
[2013/08/13 21:23:00 | 000,049,936 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\adw log.rtf
[2013/08/13 18:26:53 | 000,001,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rich Media Player.lnk
[2013/08/13 09:35:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/08/13 07:58:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/13 06:23:57 | 000,000,034 | ---- | M] () -- C:\WINDOWS\AvastEmUpdate.ini
[2013/08/12 19:02:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\audi property.pdf
[2013/08/12 18:02:56 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth Pro.lnk
[2013/08/12 16:15:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\MBR.dat
[2013/08/12 13:49:10 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/08/12 13:49:06 | 000,002,638 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/08/12 12:14:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/08/11 13:59:41 | 000,065,293 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\otl.rtf
[2013/08/11 12:20:32 | 000,010,647 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\asw.rtf
[2013/08/11 12:00:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/08/10 06:42:00 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/08/08 21:09:44 | 000,755,715 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\orgami.rtf
[2013/08/07 18:37:33 | 001,301,701 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\honey lemon.rtf
[2013/08/07 09:58:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/08/07 06:57:48 | 004,253,975 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\veiners 1.rtf
[2013/08/06 16:07:03 | 000,000,678 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2013/08/06 07:23:39 | 004,253,975 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\boo.rtf
[2013/08/04 07:19:08 | 004,253,975 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\roses.rtf
[2013/08/02 10:59:13 | 000,103,936 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\fax cover tom.pub
[2013/08/02 10:58:06 | 000,103,936 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\fax cover MaryAnne.pub
[2013/08/01 09:34:23 | 001,610,279 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\diaper 6.rtf
[2013/08/01 09:31:07 | 010,385,051 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\diaper 5.rtf
[2013/08/01 09:29:40 | 005,513,330 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\diaper 4.rtf
[2013/08/01 09:27:36 | 009,526,179 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\diaper 3.rtf
[2013/08/01 09:27:11 | 010,498,454 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\diaper 2.rtf
[2013/08/01 09:23:55 | 010,385,051 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\diaper 1.rtf
[2013/07/31 15:50:56 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/07/31 12:13:35 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/07/30 17:40:08 | 002,164,140 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\img009.jpg
[2013/07/29 19:39:59 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\convo.rtf
[2013/07/29 17:09:33 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/07/28 18:05:32 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\geminilady\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/28 18:05:28 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/25 22:47:17 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/07/25 22:47:17 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/07/25 22:47:17 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/07/25 22:47:17 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/07/25 22:47:17 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013/07/25 22:47:17 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/07/25 22:47:16 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/07/25 22:47:16 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013/07/25 22:47:16 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/07/25 22:47:16 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/07/25 22:47:14 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013/07/25 22:47:14 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/07/25 22:47:14 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2013/07/25 22:47:14 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/07/25 22:47:13 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/07/25 22:47:13 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2013/07/25 22:47:13 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2013/07/25 22:47:13 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2013/07/25 22:47:13 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/07/25 22:47:12 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/07/25 22:47:12 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2013/07/25 22:47:12 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/07/25 22:47:11 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013/07/25 22:47:11 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013/07/25 22:47:10 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/07/25 22:47:06 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/07/25 22:47:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2013/07/25 22:47:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/07/25 22:10:05 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\teeth.rtf
[2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/07/25 11:52:59 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2013/07/23 11:04:34 | 002,664,894 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\google earth map.JPG
[2013/07/23 10:54:28 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\insurance letter.let
[2013/07/22 13:06:47 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\p&l pyramid.let
[2013/07/21 06:26:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2f2c3e3d213b35294437462c404f5d_c
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/15 19:20:11 | 000,003,725 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/08/15 19:17:33 | 000,000,000 | ---- | C] () -- C:\END
[2013/08/14 07:09:59 | 000,010,984 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\scan 14.rtf
[2013/08/14 06:12:34 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/14 05:57:54 | 000,721,419 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\bug.rtf
[2013/08/13 21:23:00 | 000,049,936 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\adw log.rtf
[2013/08/13 18:26:53 | 000,001,187 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rich Media Player.lnk
[2013/08/12 18:58:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\audi property.pdf
[2013/08/12 18:50:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AvastEmUpdate.ini
[2013/08/12 18:02:56 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth Pro.lnk
[2013/08/12 16:15:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\MBR.dat
[2013/08/12 13:49:10 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/08/12 13:49:06 | 000,000,324 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/08/11 13:59:41 | 000,065,293 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\otl.rtf
[2013/08/11 13:25:22 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/08/11 12:20:32 | 000,010,647 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\asw.rtf
[2013/08/08 21:09:44 | 000,755,715 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\orgami.rtf
[2013/08/07 18:37:33 | 001,301,701 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\honey lemon.rtf
[2013/08/07 06:57:48 | 004,253,975 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\veiners 1.rtf
[2013/08/06 07:23:38 | 004,253,975 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\boo.rtf
[2013/08/04 07:19:08 | 004,253,975 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\roses.rtf
[2013/08/02 10:59:13 | 000,103,936 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\fax cover tom.pub
[2013/08/02 10:58:06 | 000,103,936 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\fax cover MaryAnne.pub
[2013/08/01 09:34:23 | 001,610,279 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\diaper 6.rtf
[2013/08/01 09:31:05 | 010,385,051 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\diaper 5.rtf
[2013/08/01 09:29:39 | 005,513,330 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\diaper 4.rtf
[2013/08/01 09:27:35 | 009,526,179 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\diaper 3.rtf
[2013/08/01 09:27:10 | 010,498,454 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\diaper 2.rtf
[2013/08/01 09:23:53 | 010,385,051 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\diaper 1.rtf
[2013/07/31 16:00:43 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/30 17:40:07 | 002,164,140 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\img009.jpg
[2013/07/29 19:39:59 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\convo.rtf
[2013/07/29 17:09:33 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/07/28 18:05:31 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\geminilady\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/28 18:05:28 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/28 18:05:28 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/25 22:10:05 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\teeth.rtf
[2013/07/23 11:04:33 | 002,664,894 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\google earth map.JPG
[2013/07/23 09:59:37 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\insurance letter.let
[2013/07/22 13:06:47 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\p&l pyramid.let
[2013/07/22 12:08:19 | 000,192,512 | ---- | C] () -- C:\Documents and Settings\geminilady\Local Settings\Application Data\common_functions.dll
[2013/07/21 06:26:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2f2c3e3d213b35294437462c404f5d_c
[2013/07/08 16:41:54 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2013/05/17 10:41:00 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\geminilady\Local Settings\Application Data\ie_runner_app.exe
[2012/09/11 16:08:47 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF435.ini
[2012/08/26 18:02:48 | 000,000,678 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2012/08/26 17:15:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2012/08/26 17:15:35 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2012/08/26 17:15:35 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2012/08/26 17:15:34 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2012/08/26 17:15:34 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2012/08/25 10:27:04 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\geminilady\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/18 17:23:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/05 16:27:20 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\geminilady\Local Settings\Application Data\fusioncache.dat
[2012/07/19 20:19:27 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2012/07/19 20:19:27 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/07/19 20:18:54 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2012/07/19 20:18:54 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2012/07/19 20:18:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/07/19 08:43:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/19 07:10:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/19 07:05:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/07/19 02:56:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/07/19 02:55:15 | 000,505,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/07/19 20:20:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/04/20 15:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/08/12 13:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/08/15 19:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/06/21 16:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/08/14 07:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BasicServe
[2012/09/27 14:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2012/09/27 14:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2013/01/10 12:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2013/06/21 17:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/08/18 11:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/06/21 16:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/11/15 10:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2013/08/11 13:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/06/21 17:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\AVG SafeGuard toolbar
[2013/06/21 16:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\AVG2013
[2012/09/11 16:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\EPSON
[2013/07/08 16:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\FreeBurner
[2013/05/23 14:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\ImgBurn
[2012/09/11 21:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\Leader Technologies
[2012/08/26 17:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\MGI
[2013/06/21 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\Nico Mak Computing
[2013/01/10 13:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\SanDisk
[2013/01/10 12:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\SanDisk SecureAccess
[2013/06/21 17:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\SecureSearch
[2012/10/05 09:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\Tomabo
[2013/06/21 16:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\TuneUp Software
[2013/08/13 19:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\uPlayer
[2013/08/13 13:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geminilady\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 6034-340C
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
08/14/2013 10:05 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
08/14/2013 10:05 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
08/14/2013 10:09 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
3 Dir(s) 4,217,925,632 bytes free

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: OCZ VERTEX PLUS
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 56.00GB
Starting Offset: 32256
Hidden sectors: 0

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

< End of report >


----------



## TechieRanger (Nov 1, 2012)

That is CHKDSK wanting to check for disk errors. 

Please run *OTL.exe*.


Copy/paste the following text written *inside of the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL


```
:OTL 
FF - HKLM\Software\MozillaPlugins\@richmediaplayer.com/nppluginrichmediaplayer: C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll () 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3DF4B26D-DB19-45DF-962A-6719D071245B}: C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} [2013/08/13 18:26:24 | 000,000,000 | ---D | M] 
[2013/07/21 09:29:14 | 000,000,000 | ---D | M] (BasicServe) -- C:\Program Files\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04} 
[2013/08/13 18:26:24 | 000,000,000 | ---D | M] (Rich Media Player extension) -- C:\DOCUMENTS AND SETTINGS\GEMINILADY\LOCAL SETTINGS\APPLICATION DATA\RICH MEDIA PLAYER\BROWSEREXTENSIONS\FIREFOX\{3DF4B26D-DB19-45DF-962A-6719D071245B} 
[2013/03/12 04:27:46 | 000,093,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll 
O2 - BHO: (Rich Media Downloader) - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (Radiocom CJSC) 
O2 - BHO: (Rich Media Player) - {FEB703F7-E7B2-4AB0-9566-87658AC70095} - C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll () 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found. 
O9 - Extra Button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (Radiocom CJSC) 
[2013/08/14 07:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BasicServe 
 
:Files 
ipconfig /flushdns /c 
 
:Commands 
[purity] 
[resethosts] 
[emptytemp]
```

Then click the *Run Fix* button at the top.
Let the program run unhindered, reboot when it is done.
Then post the results of the log it produces.

*In your next reply, please provide the following:*


OTL fix log.
how is the computer behaving?

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

It'll keeps freezing will not let me x out have to shut down computer any suggestions will also post two pics of screen


----------



## JaneDoe999 (Feb 5, 2008)

this is the screens that pop up and freeze and says not responding


----------



## JaneDoe999 (Feb 5, 2008)

second screen


----------



## TechieRanger (Nov 1, 2012)

The first one seems to show Microsoft Security Essentials. Was there a threat identified? 

please let me know how long the OTL program ran unhindered.



Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

I don't think it ran at all it looked like it was just frozen


----------



## JaneDoe999 (Feb 5, 2008)

just tried again when I bring up OTL the box pops up on bottom right which is security essentials and it says "this app is not monitoring your PC because the app's service stopped. You should restart it now. Click start now to start service." there is a place to click that says "start now". If you don't click it nothing happens. If you do click it OTL says along bottom the same as it did before I clicked run fix "killing process" but nothing happens you get the wait signal if your cursor is on the box. Waited over an hour last night and nothing had to turn off PC by hitting power button


----------



## TechieRanger (Nov 1, 2012)

Let's try to run this OTL fix in Safe Mode. 

*Enter Safe Mode with Networking* 
--------------- 
To start your computer by using the *Safe Mode with Networking* feature, please do the following:


Start or restart your computer.
As your computer restarts but before Windows launches, tap and re-tap the *F8* key.
When the *Windows Advanced Options* menu appears, use the *arrow keys* to select *Safe Mode with Networking*, and then press *ENTER*.

*Next*

Please run *OTL.exe*.


Copy/paste the following text written *inside of the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL


```
:OTL 
FF - HKLM\Software\MozillaPlugins\@richmediaplayer.com/nppluginrichmediaplayer: C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll () 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3DF4B26D-DB19-45DF-962A-6719D071245B}: C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} [2013/08/13 18:26:24 | 000,000,000 | ---D | M] 
[2013/07/21 09:29:14 | 000,000,000 | ---D | M] (BasicServe) -- C:\Program Files\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04} 
[2013/08/13 18:26:24 | 000,000,000 | ---D | M] (Rich Media Player extension) -- C:\DOCUMENTS AND SETTINGS\GEMINILADY\LOCAL SETTINGS\APPLICATION DATA\RICH MEDIA PLAYER\BROWSEREXTENSIONS\FIREFOX\{3DF4B26D-DB19-45DF-962A-6719D071245B} 
[2013/03/12 04:27:46 | 000,093,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll 
O2 - BHO: (Rich Media Downloader) - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (Radiocom CJSC) 
O2 - BHO: (Rich Media Player) - {FEB703F7-E7B2-4AB0-9566-87658AC70095} - C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll () 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No CLSID value found. 
O9 - Extra Button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (Radiocom CJSC) 
[2013/08/14 07:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BasicServe 
 
:Files 
ipconfig /flushdns /c 
 
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[reboot]
```

Then click the *Run Fix* button at the top.
Let the program run unhindered, reboot when it is done.
Then post the results of the log it produces.

*In your next reply, please provide the following:*


OTL fix log.
how is the computer behaving?

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@richmediaplayer.com/nppluginrichmediaplayer\ deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3DF4B26D-DB19-45DF-962A-6719D071245B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DF4B26D-DB19-45DF-962A-6719D071245B}\ not found.
C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B}\chrome\skin\classic folder moved successfully.
C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B}\chrome\skin folder moved successfully.
C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B}\chrome\icons\default folder moved successfully.
C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B}\chrome\icons folder moved successfully.
C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B}\chrome\content folder moved successfully.
C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B}\chrome folder moved successfully.
C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\Firefox\{3DF4B26D-DB19-45DF-962A-6719D071245B} folder moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04} folder moved successfully.
Folder C:\DOCUMENTS AND SETTINGS\GEMINILADY\LOCAL SETTINGS\APPLICATION DATA\RICH MEDIA PLAYER\BROWSEREXTENSIONS\FIREFOX\{3DF4B26D-DB19-45DF-962A-6719D071245B}\ not found.
File C:\Program Files\mozilla firefox\plugins\nppluginrichmediaplayer.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FEB703F7-E7B2-4AB0-9566-87658AC70095}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEB703F7-E7B2-4AB0-9566-87658AC70095}\ deleted successfully.
C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}\ not found.
File C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll not found.
C:\Documents and Settings\All Users\Application Data\BasicServe folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\geminilady\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: geminilady
->Temp folder emptied: 30613027177 bytes
->Temporary Internet Files folder emptied: 3054821346 bytes
->Java cache emptied: 1223943 bytes
->FireFox cache emptied: 1141062883 bytes
->Google Chrome cache emptied: 229964143 bytes
->Flash cache emptied: 408929 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 3002100 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 122176252 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 476736941 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1581844 bytes

Total Files Cleaned = 33,995.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 08192013_082432

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

will post later on how computer is working thank you again for all your help it is appreciated


----------



## TechieRanger (Nov 1, 2012)

:up:



Regards, 

Richard


----------



## JaneDoe999 (Feb 5, 2008)

computer still running extremely slow and now in google chrome when i open it i get three other tabs adw lavasoft adw how did these pop up


----------



## TechieRanger (Nov 1, 2012)

Within Chrome:

click on the 3 vertical bars in the top right corner then go to *Settings* > *On Startup* > next to the radio button for _Open a specific page or set of pages_, click on _Set pages_ > remove any unwanted URLs by hovering over the URL until you see an "X" appear to the right side of the URL.

*In your next reply, please provide the following:*


Update on how your PC is running.

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

ty that got rid of tabs computer still running slow but don't have pop up ads anymore ty


----------



## TechieRanger (Nov 1, 2012)

Let's sweep for leftovers.  
* 
ESET ONLINE SCANNER* 
---------------------------- 
*I'd like us to scan your machine with ESET OnlineScan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window. 
ESET OnlineScan
Click the *ESET Online Scanner* button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps):
Click on *Download* to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the *esetsmartinstaller_enu.exe* icon on your desktop.

Check *YES, I accept the Terms of Use*.
Click the *Start* button.
Accept any security warnings from your browser.
Check *Scan archives*.
Ensure that the option "*Remove found threats*" is *Unchecked*.
Click on Advanced Settings, ensure the options *Scan for potentially unwanted applications*, *Scan for potentially unsafe applications*, and *Enable Anti-Stealth Technology* are ticked.
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push *List of found threats*.
Push *Export to text file...*, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. 
_Note - when ESET doesn't find any threats, no report will be created._
Push the *Back* button.
Push *Finish*.

*Next*

Download *Security Check* from *here* or *here*.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

*In your next reply, please provide the following:*


ESET log.
SecurityCheck log.

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

Results of screen317's Security Check version 0.99.73 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
AVG SafeGuard toolbar 
ESET Online Scanner v3 
Microsoft Security Essentials 
*`````````Anti-malware/Other Utilities Check:`````````* 
Secunia PSI (3.0.0.2004) 
Malwarebytes Anti-Malware version 1.75.0.1300 
this is the second scan

Java(TM) 6 Update 39 
*Java version out of Date!* 
Adobe Flash Player 11.7.700.202 
Adobe Reader 10.1.7 *Adobe Reader out of Date!* 
Mozilla Firefox (23.0.1) 
Google Chrome 29.0.1547.57 
Google Chrome 29.0.1547.62 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Microsoft Security Essentials msseces.exe 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes' Anti-Malware mbamscheduler.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C:: 
*````````````````````End of Log``````````````````````*

this is the first scan

C:\Documents and Settings\geminilady\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab	Win32/OpenCandy application
C:\Documents and Settings\geminilady\My Documents\Downloads\cbsidlm-cbsi4_1_1-RealPlayer-10073040.exe	a variant of Win32/CNETInstaller.A application
C:\Documents and Settings\geminilady\My Documents\Downloads\cbsidlm-cbsi4_1_2-Free_YouTube_Video_Downloader-10904885.exe	a variant of Win32/CNETInstaller.A application
C:\Documents and Settings\geminilady\My Documents\Downloads\cbsidlm-cbsi4_1_2-YouTube_Video_Downloader-10810714 (1).exe	a variant of Win32/CNETInstaller.A application
C:\Documents and Settings\geminilady\My Documents\Downloads\cbsidlm-tr1_13-ImgBurn-SEO-10847481.exe	Win32/DownloadAdmin.G application
C:\Documents and Settings\geminilady\My Documents\Downloads\cbsidlm-tr1_7-Secunia_Personal_Software_Inspector-10717855.exe	Win32/DownloadAdmin.D application
C:\Documents and Settings\geminilady\My Documents\Downloads\FlashPlayerInstaller.exe	a variant of Win32/InstallIQ.A application
C:\Documents and Settings\geminilady\My Documents\Downloads\FreemakeVideoDownloaderSetup.exe	Win32/OpenCandy application
C:\Documents and Settings\geminilady\My Documents\Downloads\MediaUpdater__2577_i54655402_il561301.exe	a variant of Win32/Amonetize.H application
C:\Documents and Settings\geminilady\My Documents\Downloads\mplayer_tuguu_d1021461.exe	a variant of Win32/InstallIQ.A application
C:\Documents and Settings\geminilady\My Documents\Downloads\SetupImgBurn_2.5.7.0.exe	a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\geminilady\My Documents\Downloads\uplayermediaplayer-setup(1).exe	Win32/DownloadAdmin.G application
C:\Documents and Settings\geminilady\My Documents\Downloads\uplayermediaplayer-setup.exe	Win32/DownloadAdmin.G application
C:\Documents and Settings\geminilady\My Documents\Downloads\utorrent.exe	a variant of Win32/Bunndle application
C:\Documents and Settings\geminilady\My Documents\Downloads\winzip.exe	a variant of Win32/OutBrowse.D application
C:\Documents and Settings\geminilady\My Documents\Downloads\WinZipRegistryOptimizer(1).exe	a variant of Win32/OpenInstall application
C:\Documents and Settings\geminilady\My Documents\Downloads\WinZipRegistryOptimizer.exe	a variant of Win32/OpenInstall application
C:\Program Files\Mozilla Firefox\browser\nsprotector.js	Win32/Conduit.SearchProtect.A application


----------



## JaneDoe999 (Feb 5, 2008)

also that clean disc screen still keeps popping up at start up can we eliminate that?


----------



## TechieRanger (Nov 1, 2012)

> also that clean disc screen still keeps popping up at start up can we eliminate that?


Yes, we will look at that later. 

Let's see if ComboFix finds anything still hiding in there. 

*COMBOFIX* 
--------------- 
Please download *ComboFix* from one of the following locations:


*Location #1*
*Location #2* 
****IMPORTANT!!! Save ComboFix.exe to your Desktop.*
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (_Click on this link to see a list of programs that should be disabled. The list is not all inclusive._)
Double click on *ComboFix.exe* and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

*Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Windows Vista/Windows 7, ComboFix will continue it's malware removal procedures.*

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a Congratulations!!! message.

Click on *Yes*, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

*WARNING:* *ComboFix will disconnect your machine from the Internet as soon as it starts.*


Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no internet connection after running ComboFix, then restart your computer to restore back your connection.

*In your next reply, please provide the following:*


ComboFix log.
Update on how your PC is running.

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

very confused with turning off firewall and other programs downloaded info you suggested but got 9 pages I have secunia would all of mine be listed there


----------



## JaneDoe999 (Feb 5, 2008)

downloaded the combofix ran it it restarted my computer put internet explorer on my computer log never came up and I had this screen come up


----------



## TechieRanger (Nov 1, 2012)

could you check Drive* C:\ *to see whether or not *ComboFix.txt* is in there?

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

since we began this process these are the new programs that are now on my computer
ESET, Malwarebytes, Tomabo, these appear in my program files

Combofix doc, adw cleaner, asw MBR, hijack this, JTR, OTL, Security check, mseinstall, these open in my downloads


----------



## JaneDoe999 (Feb 5, 2008)

ran security check to see what is was and this is the log from that

Results of screen317's Security Check version 0.99.73 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
AVG SafeGuard toolbar 
ESET Online Scanner v3 
Microsoft Security Essentials 
*`````````Anti-malware/Other Utilities Check:`````````* 
Secunia PSI (3.0.0.2004) 
Malwarebytes Anti-Malware version 1.75.0.1300 
Java(TM) 6 Update 39 
*Java version out of Date!* 
Adobe Flash Player 11.7.700.202 
Adobe Reader 10.1.7 *Adobe Reader out of Date!* 
Mozilla Firefox (23.0.1) 
Google Chrome 29.0.1547.57 
Google Chrome 29.0.1547.62 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Microsoft Security Essentials msseces.exe 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbamgui.exe 
Malwarebytes' Anti-Malware mbamscheduler.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C:: 
*````````````````````End of Log``````````````````````*


----------



## TechieRanger (Nov 1, 2012)

Go to *Start* > *Run*, type in:

*C:\ComboFix.txt*

Click *OK*

This should bring up the log that was produced. Please post the contents of that document here. :up:

*In your next reply, please provide the following:*


ComboFix log.

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

it says windows cannot find file. I ran t again it went all the way thru stage 50 showed a log rebooted and when my computer started up again it went to a black screen that said please select system then to the blue screen then another blue screen came up trying to upload picture will post when I am able to


----------



## JaneDoe999 (Feb 5, 2008)

here's the new screen


----------



## TechieRanger (Nov 1, 2012)

*Please read carefully and follow these steps.*


Download *TDSSKiller* and save it to your Desktop.
Doubleclick on *TDSSKiller.exe* to run the application. For Windows Vista or 7, right-click on the program, select *Run as Administrator*.
When the program opens, click on *Change parameters*.
Under *Additional options*, put a check mark in the box next to *Detect TDLFS File System* click OK
Press on *Start Scan.*
If an infected file is detected, the default action will be *Cure*, click on *Continue.*
*Note:* If there is no option to "Cure", please ensure that you select *Skip*.
If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*
It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.
If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file in your next reply.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file in your next reply.

*Next*

Please download Malwarebytes Anti-Rootkit (MBAR) from here http://www.malwarebytes.org/products/mbar/ and save it to your desktop.
Direct link to the file: http://downloads.malwarebytes.org/file/mbar

Be sure to print out and follow the instructions provided on that same page.
Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
Doubleclick on the MBAR file you downloaded.
Approve the UAC prompt in Vista and newer operating systems.
Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar.
By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity.
mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
After reading the Introduction, click 'Next' if you agree.
On the Update Database screen, click on the 'Update' button.
Once you see 'Success: Database was successfully updated' click on 'Next'.
Click the 'Scan' button.
With some infections, you may see two messages boxes.
1.'Could not load protection driver'. Click 'OK'.
2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.



If malware is found, do NOT press the Cleanup button when the scan completes. Click *EXIT.*
Then, please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.

mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)
system-log.txt

*Next*

please post a new OTL scan log. 

*In your next reply, please provide the following:*


TDSSKiller log.
mbar logs.
OTL scan log.

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

TDSS Killer said no threats and no log appeared

malware log
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_39

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 937398272, free: 449425408

Downloaded database version: v2013.09.09.08
Downloaded database version: v2013.08.06.01
Initializing...
======================
------------ Kernel report ------------
09/09/2013 16:54:39
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
gfibto.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
cercsr6.sys
\WINDOWS\System32\Drivers\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\psi_mf.sys
\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83C9DEEE-C62D-4842-A9C7-7D323958303F}\MpKsle0f4456a.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84b67928
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff84b6fd98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff84b67928, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84b49e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84b67928, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84b6fd98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File kernel read failed: C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
File kernel read failed: C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys
File kernel read failed: C:\WINDOWS\SYSTEM32\drivers\gm.dls
File kernel read failed: C:\WINDOWS\SYSTEM32\drivers\hsfdpsp2.sys
File kernel read failed: C:\WINDOWS\SYSTEM32\drivers\sthda.sys
File kernel read failed: C:\WINDOWS\SYSTEM32\drivers\ati2mtag.sys
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FFFFFFFF

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 117210177
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 60022480896 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-117211408-117231408)...
Kernel read failed: 117211408
Done!
Infected: C:\Documents and Settings\geminilady\My Documents\Downloads\mplayer_tuguu_d1021461.exe --> [Trojan.InstallIQ]
Scan finished
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished

OTL logfile created on: 9/9/2013 5:08:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\geminilady\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.97 Mb Total Physical Memory | 191.07 Mb Available Physical Memory | 21.37% Memory free
2.12 Gb Paging File | 1.38 Gb Available in Paging File | 65.17% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 34.83 Gb Free Space | 62.31% Space Free | Partition Type: NTFS

Computer Name: GEMINILA-D2C265 | User Name: geminilady | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\geminilady\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Documents and Settings\geminilady\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\pysqlite2._sqlite.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\win32com.shell.shell.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\_elementtree.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\win32api.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\wx._html2.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\_socket.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\_multiprocessing.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\win32ts.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\wx._gdi_.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\wx._misc_.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\windows._cacheinvalidation.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\pythoncom27.dll ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\_ctypes.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\win32profile.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\win32crypt.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\wx._core_.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\_ssl.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\_hashlib.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\PyWinTypes27.dll ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\win32security.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\win32process.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\win32pdh.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\wx._windows_.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\wx._wizard.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\win32file.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\win32inet.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\wx._controls_.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\unicodedata.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\pyexpat.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\win32event.pyd ()
MOD - C:\Documents and Settings\geminilady\Local Settings\temp\_MEI27402\select.pyd ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll ()
MOD - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Documents and Settings\geminilady\Application Data\SanDisk\My Vaults\dmBackup.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()

========== Services (SafeList) ==========

SRV - (MBAMSwissArmy) -- File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (vToolbarUpdater15.4.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\GEMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys (MalwareBytes)
DRV - (MpKsle0f4456a) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83C9DEEE-C62D-4842-A9C7-7D323958303F}\MpKsle0f4456a.sys (Microsoft Corporation)
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (gfibto) -- C:\WINDOWS\system32\drivers\gfibto.sys (GFI Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 D7 84 35 E3 A0 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B55A8EC97-6AF6-442c-877F-11C51DBD162D%7D:1.0.2
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.4.0.5
FF - prefs.js..extensions.enabledAddons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{55A8EC97-6AF6-442c-877F-11C51DBD162D}: C:\Program Files\Tomabo\YouTube Video Downloader\YVD_FF.xpi [2012/09/07 23:38:44 | 000,013,126 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/08 14:36:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5 [2013/08/15 19:20:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/08 14:36:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/08 14:35:56 | 000,000,000 | ---D | M]

[2013/07/22 11:48:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\geminilady\Application Data\Mozilla\Extensions
[2013/08/13 21:41:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\geminilady\Application Data\Mozilla\Firefox\Profiles\9dsl95vw.default\extensions
[2013/08/16 20:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/16 20:27:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/08/16 20:28:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/08/19 08:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/16 20:29:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/15 19:20:19 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\15.4.0.5
[2013/09/08 14:36:46 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2012/09/07 23:38:44 | 000,013,126 | ---- | M] () (No name found) -- C:\PROGRAM FILES\TOMABO\YOUTUBE VIDEO DOWNLOADER\YVD_FF.XPI
[2013/09/08 14:35:44 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl\1.11.1.1216_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl\1.11.1.1216_0\.bak
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib\3_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\doagiokpgboiomffjfhaiimafndmmpni\1.3.1_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igljnkmljjbhcellpnjppojkfdfmkjmp\1.0.2_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: No name found = C:\Documents and Settings\geminilady\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\

O1 HOSTS File: ([2013/09/05 16:10:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Search Protection] C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\geminilady\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKLM..\RunOnce: [ (A0)] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download video on this page - C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O8 - Extra context menu item: Download video this links to - C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O9 - Extra Button: Download Video - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O9 - Extra 'Tools' menuitem : Download video on this page - {B4FECE59-6D0A-4EE6-A07F-E6A94F846E55} - C:\Program Files\Tomabo\YouTube Video Downloader\YVD_IE.dll ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1342699152375 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342699640281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE9C6F4A-BA34-4744-91D8-389042017037}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\geminilady\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\geminilady\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/19 07:08:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/09 16:53:54 | 000,048,728 | ---- | C] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/09/09 16:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Desktop\mbar
[2013/09/09 16:00:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/09/09 15:41:39 | 000,000,000 | ---D | C] -- C:\New Folder
[2013/09/09 14:28:41 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2013/09/08 14:37:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Application Data\RealNetworks
[2013/09/08 14:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/09/08 14:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks
[2013/09/05 15:42:54 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/09/01 16:31:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/09/01 16:30:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/09/01 16:30:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/09/01 16:30:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/09/01 16:30:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/09/01 16:29:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/01 16:29:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/09/01 16:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Application Data\Radiocom
[2013/08/28 15:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/08/16 20:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/16 17:39:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/15 19:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2013/08/15 19:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013/08/15 19:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\My Documents\pics 8-15-13
[2013/08/14 06:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/14 06:12:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/08/14 06:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/13 21:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/08/13 21:35:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/08/13 18:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rich Media Player
[2013/08/13 18:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\My Documents\rmi
[2013/08/13 18:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Local Settings\Application Data\Rich Media Player
[2013/08/13 07:09:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/08/12 18:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Start Menu\Programs\uPlayer
[2013/08/12 18:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geminilady\Application Data\uPlayer
[2013/08/12 18:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\uPlayer
[2013/08/12 18:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth Pro
[2013/08/12 13:49:10 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/08/12 13:49:10 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/08/12 13:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/08/12 13:49:07 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/08/12 13:49:07 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/08/12 13:49:07 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/08/12 13:49:06 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2013/08/12 13:49:06 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2013/08/12 13:49:06 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2013/08/12 13:48:20 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/08/12 13:48:19 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/08/12 13:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/08/12 13:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/08/11 13:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/08/11 13:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/07/22 12:08:18 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Documents and Settings\geminilady\Local Settings\Application Data\log4cxx.dll
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/09 17:07:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/09 16:53:54 | 000,048,728 | ---- | M] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/09/09 16:40:02 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/09/09 16:34:32 | 000,548,698 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/09 16:34:32 | 000,100,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/09 16:31:31 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/09/09 16:31:30 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/09/09 16:30:47 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/09 16:30:44 | 000,000,324 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/09/09 16:30:43 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/09/09 16:30:43 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/09/09 16:29:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/09 16:28:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/09 15:01:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2013/09/08 14:36:58 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/09/08 14:35:56 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/09/08 14:35:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/09/08 14:35:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/09/08 14:35:36 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/09/08 12:00:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/09/08 11:18:18 | 000,000,678 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2013/09/08 11:10:55 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\geminilady\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/06 09:58:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/09/05 16:41:57 | 001,861,956 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\comp screen.jpg
[2013/09/05 16:10:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/05 15:38:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/04 18:16:20 | 002,658,158 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\mm face.rtf
[2013/09/04 16:25:20 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
[2013/09/04 07:14:48 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/09/03 09:35:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/09/01 16:31:04 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2013/09/01 16:15:14 | 001,895,123 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\IMG_2345.JPG
[2013/09/01 15:41:05 | 003,155,758 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\towel rack.rtf
[2013/08/30 08:25:08 | 000,450,157 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\forecast.rtf
[2013/08/30 08:20:08 | 001,595,512 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\wine chart.rtf
[2013/08/28 06:56:54 | 002,802,518 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\ice.rtf
[2013/08/27 19:48:55 | 008,507,800 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\holders.rtf
[2013/08/24 06:42:00 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1532298954-725345543-1004.job
[2013/08/23 09:44:18 | 000,776,113 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\happy bday.rtf
[2013/08/22 20:16:44 | 000,020,976 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\Twins.jpg
[2013/08/20 16:23:37 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\mortgage cohoes.sig
[2013/08/19 18:25:23 | 000,015,133 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\avatar_8379.gif
[2013/08/18 22:52:34 | 000,748,908 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\xmas sleigh.rtf
[2013/08/15 19:22:36 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/08/15 19:20:20 | 000,003,725 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/08/15 19:20:10 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/08/15 19:18:37 | 000,000,000 | ---- | M] () -- C:\END
[2013/08/14 22:17:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/14 07:09:59 | 000,010,984 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\scan 14.rtf
[2013/08/14 05:57:54 | 000,721,419 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\bug.rtf
[2013/08/13 21:23:00 | 000,049,936 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\adw log.rtf
[2013/08/13 06:23:57 | 000,000,034 | ---- | M] () -- C:\WINDOWS\AvastEmUpdate.ini
[2013/08/12 19:02:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\audi property.pdf
[2013/08/12 18:02:56 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth Pro.lnk
[2013/08/12 16:15:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\MBR.dat
[2013/08/12 13:49:06 | 000,002,638 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/08/11 13:59:41 | 000,065,293 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\otl.rtf
[2013/08/11 12:20:32 | 000,010,647 | ---- | M] () -- C:\Documents and Settings\geminilady\My Documents\asw.rtf
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/08 14:36:58 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/09/05 16:41:55 | 001,861,956 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\comp screen.jpg
[2013/09/04 18:16:20 | 002,658,158 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\mm face.rtf
[2013/09/01 17:14:42 | 001,895,123 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\IMG_2345.JPG
[2013/09/01 16:31:04 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2013/09/01 16:31:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/09/01 16:30:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/01 16:30:06 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/01 16:30:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/01 16:30:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/01 16:30:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/01 16:24:22 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/09/01 15:41:04 | 003,155,758 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\towel rack.rtf
[2013/08/30 08:25:08 | 000,450,157 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\forecast.rtf
[2013/08/30 08:20:07 | 001,595,512 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\wine chart.rtf
[2013/08/28 06:56:54 | 002,802,518 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\ice.rtf
[2013/08/27 19:43:52 | 008,507,800 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\holders.rtf
[2013/08/23 09:44:17 | 000,776,113 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\happy bday.rtf
[2013/08/22 20:16:42 | 000,020,976 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\Twins.jpg
[2013/08/20 16:23:37 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\mortgage cohoes.sig
[2013/08/19 18:25:22 | 000,015,133 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\avatar_8379.gif
[2013/08/18 22:52:34 | 000,748,908 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\xmas sleigh.rtf
[2013/08/15 19:20:11 | 000,003,725 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/08/15 19:17:33 | 000,000,000 | ---- | C] () -- C:\END
[2013/08/14 07:09:59 | 000,010,984 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\scan 14.rtf
[2013/08/14 05:57:54 | 000,721,419 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\bug.rtf
[2013/08/13 21:23:00 | 000,049,936 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\adw log.rtf
[2013/08/12 18:58:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\audi property.pdf
[2013/08/12 18:50:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AvastEmUpdate.ini
[2013/08/12 18:02:56 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth Pro.lnk
[2013/08/12 16:15:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\MBR.dat
[2013/08/12 13:49:06 | 000,000,324 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/08/11 13:59:41 | 000,065,293 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\otl.rtf
[2013/08/11 13:25:22 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/08/11 12:20:32 | 000,010,647 | ---- | C] () -- C:\Documents and Settings\geminilady\My Documents\asw.rtf
[2013/07/08 16:41:54 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2012/09/11 16:08:47 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF435.ini
[2012/08/26 18:02:48 | 000,000,678 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2012/08/26 17:15:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2012/08/26 17:15:35 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2012/08/26 17:15:35 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2012/08/26 17:15:34 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2012/08/26 17:15:34 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2012/08/25 10:27:04 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\geminilady\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/18 17:23:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/05 16:27:20 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\geminilady\Local Settings\Application Data\fusioncache.dat
[2012/07/19 20:19:27 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2012/07/19 20:19:27 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/07/19 20:18:54 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2012/07/19 20:18:54 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2012/07/19 20:18:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2012/07/19 08:43:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/19 07:10:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/19 07:05:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/07/19 02:56:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/07/19 02:55:15 | 000,505,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/07/19 20:20:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/04/20 15:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

also lost Microsoft XP hardware Wizard since we started this. Tries to transfer photos from my phone to computer using USB cable and it says no device found and won't let me download . It seems things are getting worse as while we are in the process of doing this I don't know if my firewall is back on but my checking got hacked Hopefully we will have everything fixed real soon. Again I want to thank you for all your hard work trying to help me fix my computer. I really appreeciate it.


----------



## TechieRanger (Nov 1, 2012)

> ...but my checking got hacked


I don't really understand what you are trying to say here. Please let me know.

Could you have a look in the locations below and let me know whether you see *ComboFix.txt*?

C:\*ComboFix*
C:\*Qoobox*

It's possible that the Combofix log file exists.:up:

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

there is no qoobox on my computer and combo fix goes thru the whole process and then when it wants to show log that blue screen comes up that says it shut down windows


----------



## TechieRanger (Nov 1, 2012)

Please run *OTL.exe*.


Copy/paste the following text written *inside of the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL


```
:OTL 
O4 - HKLM..\Run: [Search Protection] C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe File not found 
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found 
 
:Files 
C:\Program Files\Mozilla Firefox\browser\nsprotector.js 
C:\Documents and Settings\geminilady\My Documents\Downloads\WinZipRegistryOptimizer.exe 
C:\Documents and Settings\geminilady\My Documents\Downloads\WinZipRegistryOptimizer(1).exe 
C:\Documents and Settings\geminilady\My Documents\Downloads\MediaUpdater__2577_i54655402_il561301.exe 
C:\Documents and Settings\geminilady\My Documents\Downloads\utorrent.exe 
C:\Documents and Settings\geminilady\My Documents\Downloads\FlashPlayerInstaller.exe 
C:\Documents and Settings\geminilady\My Documents\Downloads\mplayer_tuguu_d1021461.exe 
 
:Commands 
[purity] 
[emptytemp]
```

Then click the *Run Fix* button at the top.
Let the program run unhindered, reboot when it is done.
Then post the results of the log it produces.

*Next *

Please download Windows Repair (all in one) from:

http ://www.majorgeeks.com/files/details/tw...ws_repair.html 


Install the program then run it.

Go to step *2* and allow it to run *Disk check*.

Once that is done then go to the *Start Repairs* tab => Click the *Start*.

Click on *select all* and then click on *Start*.

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Could you let me know whether you still experience the same issues after running the Windows Repair Tool? 

*In your next reply, please provide the following:*


OTL log.
Description of how your PC is running.

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

can't get OTL to run so I uninstalled it and downloaded it again but when I paste what you said in box and hit run/fix it freezes


----------



## TechieRanger (Nov 1, 2012)

Please try running *OTL* in Safe Mode.:up:

*Enter Safe Mode with Networking* 
--------------- 
To start your computer by using the *Safe Mode with Networking* feature, please do the following:


Start or restart your computer.
As your computer restarts but before Windows launches, tap and re-tap the *F8* key.
When the *Windows Advanced Options* menu appears, use the *arrow keys* to select *Safe Mode with Networking*, and then press *ENTER*.

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

OTL log in safe mode

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 deleted successfully.
========== FILES ==========
C:\Program Files\Mozilla Firefox\browser\nsprotector.js moved successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\WinZipRegistryOptimizer.exe moved successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\WinZipRegistryOptimizer(1).exe moved successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\MediaUpdater__2577_i54655402_il561301.exe moved successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\utorrent.exe moved successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\FlashPlayerInstaller.exe moved successfully.
C:\Documents and Settings\geminilady\My Documents\Downloads\mplayer_tuguu_d1021461.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: geminilady
->Temp folder emptied: 367311645 bytes
->Temporary Internet Files folder emptied: 20587622 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 368258675 bytes
->Google Chrome cache emptied: 207251069 bytes
->Flash cache emptied: 47043 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 74200 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33936 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 691226 bytes

Total Files Cleaned = 920.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 09142013_151759

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## JaneDoe999 (Feb 5, 2008)

OMG since I did the last two things you requested I now have all these programs on my computer:bb
continue codec, see similar02, speed analysis, PC performer (which runs now when my computer starts up and shows 564 errors and wants me to purchase coverage) JRT, mbar, 
It now takes longer for my computer to start and to shut off. I really didn't think it would take this long to fix my computer I must have done something wrong in the process.


----------



## JaneDoe999 (Feb 5, 2008)

latest update computer keeps freezing and getting error messages all the time


----------



## JaneDoe999 (Feb 5, 2008)

here are some of the error messages:
firefox.exe application error failed to initialize (0xc0000142)
wordpad.exe same application message
dumprep.exe same application message


----------



## TechieRanger (Nov 1, 2012)

Please don't download and install any programs that I didn't ask while we are working on the computer. I only asked you to download the Windows Repair Tool which isn't bundled with potentially unwanted applications. 

Please remove the programs, follow these steps:


Click on *Start* > *Control Panel*.
Click on *Add or Remove Programs*.
*Select* the following from the list:

* 
see similar 02 
speed analysis 
PC performer 
*
Click the *Remove* button.

*Next*

Please try running ComboFix once more.

*In your next reply, please provide the following:*


ComboFix log.
Description of how your PC is running.

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

I DID NOT download those programs I have no idea where they came from. I removed all of them. Combo Fix will run but again it will not post log. The critical message comes up again. However, my computer will not go into a safe mode to run it that way. Suggestion?


----------



## TechieRanger (Nov 1, 2012)

I suggest trying a repair install (providing that the hard drive is ok). 

It seems that the Windows installation itself is corrupt - this can be caused by any number of reasons: bad memory, failing hard drive, bad driver. A repair install will delete important Windows files and reinstall them off the disc to repair your copy of windows without having to delete all the files on your computer.:up:

Please take a look at the tutorials for a repair install:

support.microsoft.com/kb/917964 
helpdesk.its.uiowa.edu/windows/instructions/repairinstall.htm 
 
You will need the installation disk that came with your PC.

Please read the links I gave you carefully as to how to perform a repair install. Do you have any questions to ask about the repair install? Please do not hesitate to do so.

Let me know how that goes.

*In your next reply, please provide the following:*


Description of how your PC is running.

Regards,

Richard


----------



## JaneDoe999 (Feb 5, 2008)

PC seems to be working much better thank you so much Richard I appreciate all the hard work you did on my behalf


----------



## TechieRanger (Nov 1, 2012)

good job with the repair install. 

The repair install has hopefully corrected the issues which the Windows Repair Tool couldn't. As the repair install repaired the Windows installation without having to delete all the files on your computer, there could still be malware around that were not detected.

Please let me know whether or not the error messages and the popups/system slowness you experienced before are still occurring. Please post as much information as possible.:up:

Download *DDS* to your Desktop. 
Disable any script blocker/antivirus software temporarily.


Double click *DDS.scr* to run it and wait for the scan to finish
When finished *DDS.txt* will open
At the next prompt, press *Yes*
DDS will continue scanning
When done, *Attach.txt* will open
Save both reports to your Desktop.
Please post the contents of the logs in your next reply.

*In your next reply, please provide the following:*


DDS.txt
attach.txt
Description of how your PC is running.

Regards,

Richard


----------



## TechieRanger (Nov 1, 2012)

It has been two days or more since my last post. Do you still need help or more time?



Regards, 

Richard


----------



## TechieRanger (Nov 1, 2012)

Due to lack of response, this topic will no longer be on my topics list.

If you need additional help with your PC please start a new topic.



Regards, 

Richard


----------

