:Commands
[createrestorepoint]

:OTL
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
IE - HKU\Administrator.DOBBIN.003_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autoco...?si=7148&bi=400
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...q={searchTerms}
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autoco...?si=7148&bi=400
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms}
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search,Search Page = http://search.autoco...?si=7148&bi=400
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}

O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

[2013/03/10 01:16:42 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rgbrgebrbewg.pad
[2013/03/10 00:56:00 | 000,003,334 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rgbrgebrbewg.js
[2013/03/10 00:56:00 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Startup\runctf.lnk
[2011/09/18 18:42:37 | 000,009,030 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\188FmQ8
[2011/09/18 18:42:37 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\69AB9E7ADF.sys
[2011/09/18 18:42:29 | 000,008,466 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\aPH03i
[2011/09/18 18:22:33 | 000,009,030 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\188FmQ8
[2011/09/18 18:22:17 | 000,091,648 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/18 18:22:17 | 000,008,466 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\aPH03i
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\ANTIV.EXE
[1980/01/01 00:00:00 | 000,437,332 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\skype.dat
[1980/01/01 00:00:00 | 000,070,212 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 00:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1980/01/01 00:00:00 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ALaunch.ini