Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No internet IE or FF & computer search has blank page [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The computer is communicating quite happilly with google

Could you now type in IE address bar 74.125.227.130 and let me know if that brings google up

If it does not what error do you get
  • 0

Advertisements


#17
edhalfdead

edhalfdead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Hi Essexboy, In IE & FF the Google page comes right up. She said that FF was slow yesterday, but it always seems to be that way when she is trying to get information in a hurry.
There are no problems at this time, so I think you can add one more victory to your score board.
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#19
edhalfdead

edhalfdead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Essexboy, When she got to OTL cleanup, the computer restarted and now the anti-virus won't start and no internet capabilities. So now she can't check Java or anything else. She tried to do a System Restore, but it only showed today. She ran that Restore Point and the computer froze, so she had to do a manual shut down. When she restarted a message appeared that read System Restore failed. Try Last known good configuration. She tried that but nothing changed.
I had her try a manual re-start of local area connection. It sends packets but doesn't receive them.

Any ideas on what happened or how to fix this latest glitch?

Thank you in advance for tackling this mess...ed

p.s. Years ago when I got my first computer a friend said "Welcome to Windows" followed by a cryptic laugh...now I know what he means.

Edited by edhalfdead, 03 July 2012 - 02:53 AM.

  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Intriguing as all OTL did was tidy up no system elements were changed at all

Could you ruj a fresh OTL log please so that I can compare the differences
  • 0

#21
edhalfdead

edhalfdead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Here is the OTL log and the extras log also:

OTL logfile created on: 7/3/2012 11:41:37 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = F:\Documents and Settings\Bubbles2000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.95% Memory free
3.84 Gb Paging File | 3.44 Gb Available in Paging File | 89.52% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 6.36 Gb Total Space | 1.49 Gb Free Space | 23.37% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 1295.72 Gb Free Space | 92.73% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 62.71 Gb Free Space | 42.07% Space Free | Partition Type: NTFS
Drive F: | 68.11 Gb Total Space | 5.40 Gb Free Space | 7.93% Space Free | Partition Type: NTFS
Drive H: | 7.98 Gb Total Space | 7.98 Gb Free Space | 99.97% Space Free | Partition Type: FAT32

Computer Name: GARGOYLE2 | User Name: Bubbles2000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/03 10:40:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Bubbles2000\Desktop\OTL.exe
PRC - [2012/06/15 09:52:41 | 000,935,480 | ---- | M] () -- F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/06/15 09:52:38 | 001,104,440 | ---- | M] () -- F:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/05/29 03:25:50 | 001,005,440 | ---- | M] (Crystal Rich Ltd) -- F:\Program Files\USB Safely Remove\USBSRService.exe
PRC - [2012/05/29 03:25:48 | 002,423,168 | ---- | M] (Crystal Rich Ltd) -- F:\Program Files\USB Safely Remove\USBSafelyRemove.exe
PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- F:\Documents and Settings\Bubbles2000\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/03/05 15:10:32 | 000,458,008 | ---- | M] (Tanuki Software, Ltd.) -- C:\ManageEngine\EventLog\bin\wrapper.exe
PRC - [2012/03/03 21:42:56 | 016,575,824 | ---- | M] (Comfort Software Group) -- F:\Program Files\HotAlarmClock\HotAlarmClock.exe
PRC - [2011/12/01 13:24:20 | 002,624,512 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
PRC - [2011/11/26 00:54:53 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- F:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- F:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/26 19:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- F:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/09/16 16:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- F:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/07/29 13:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- F:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/04/28 13:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- F:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- F:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/11/10 15:41:14 | 000,036,864 | ---- | M] (MAXA Research Int'l Inc.) -- F:\Program Files\MAXA Security Tools\Lock\tray.exe
PRC - [2009/09/24 18:41:40 | 000,933,888 | ---- | M] (Silicon Motion) -- F:\Program Files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe
PRC - [2008/07/21 12:59:10 | 001,069,056 | ---- | M] (Audiovox Electronics Corp.) -- F:\Documents and Settings\Bubbles2000\My Documents\RCA Detective\RCADetective.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 09:52:42 | 000,132,664 | ---- | M] () -- F:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/06/15 09:52:41 | 000,935,480 | ---- | M] () -- F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
MOD - [2012/06/15 09:52:38 | 001,104,440 | ---- | M] () -- F:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/12/01 13:24:20 | 002,624,512 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe
MOD - [2010/07/04 14:32:38 | 000,010,752 | ---- | M] () -- F:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/04 14:32:36 | 000,004,608 | ---- | M] () -- F:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- F:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- F:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- F:\WINDOWS\system32\devenum.dll
MOD - [2007/05/07 08:06:02 | 000,128,000 | ---- | M] () -- F:\Program Files\ImageBadger\extib.dll
MOD - [2005/04/15 14:18:30 | 000,483,328 | ---- | M] () -- F:\WINDOWS\system32\lxcglmpm.dll
MOD - [2005/03/13 11:32:14 | 000,061,440 | ---- | M] () -- F:\Program Files\Lexmark 2300 Series\lxcgcnv4.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/23 16:05:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/15 09:52:41 | 000,935,480 | ---- | M] () [Auto | Running] -- F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/05/29 03:25:50 | 001,005,440 | ---- | M] (Crystal Rich Ltd) [Auto | Running] -- F:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2012/04/20 18:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- F:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/05 15:10:32 | 000,458,008 | ---- | M] (Tanuki Software, Ltd.) [Auto | Running] -- C:\ManageEngine\EventLog\bin\wrapper.exe -- (eventloganalyzer)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- F:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- F:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- F:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2010/08/13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- F:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2008/04/13 17:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2005/04/15 14:15:30 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- F:\WINDOWS\system32\lxcgcoms.exe -- (lxcg_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\DOCUME~1\BUBBLE~1\LOCALS~1\Temp\vdsdk.sys -- (VDSDK)
DRV - File not found [Kernel | System | Running] -- -- (usbp2k)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\tdx.sys -- (tdx)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [File_System | Boot | Running] -- -- (nic139ex)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Running] -- -- (hidnt)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/28 13:25:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/01/05 13:10:09 | 000,144,008 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2011/11/30 18:37:24 | 000,112,648 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2011/11/23 09:59:40 | 000,130,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2011/10/01 08:30:42 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,209,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,584,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2011/04/28 12:57:38 | 000,111,688 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2011/04/28 12:57:38 | 000,097,096 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- F:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2011/03/18 09:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- F:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/12/02 18:17:50 | 000,013,696 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\avwebcam.sys -- (AVWEBCAM)
DRV - [2010/07/15 08:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- F:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/05/02 16:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- F:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-03-21 21:15:00&v=10.2.0.3&sap=hp
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{909D53DD-ED5F-405B-879E-5F5CD26B7C05}: "URL" = http://www.google.co...Terms}&aq=f&oq=
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-03-21 21:15:00&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....h?fr=mkg030&p="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.selectedEngineURL: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "igoogle.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: F:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: F:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: f:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: f:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: f:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost: F:\Program Files\EpicPlay\npEpicHost.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/26 00:55:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: F:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.7\ [2012/06/15 09:52:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2012/06/01 21:38:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: F:\Program Files\components [2012/06/01 21:38:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: F:\Program Files\plugins [2012/06/01 21:38:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/01 21:38:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/01 21:38:48 | 000,000,000 | ---D | M]

[2012/05/16 23:46:41 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Extensions
[2012/06/21 10:08:01 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions
[2012/06/17 19:09:26 | 000,000,000 | ---D | M] (FireShot) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/05/01 21:04:29 | 000,000,000 | ---D | M] (FireShot) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2)
[2011/07/18 00:26:50 | 000,000,000 | ---D | M] (Flashblock) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/05/25 06:22:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/20 04:00:12 | 000,000,000 | ---D | M] (NoScript) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2012/06/09 07:49:49 | 000,000,000 | ---D | M] (No name found) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2011/11/11 02:15:52 | 000,000,000 | ---D | M] (gTranslate) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2012/04/24 13:24:25 | 000,000,000 | ---D | M] (DownloadHelper) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/02 18:07:59 | 000,000,000 | ---D | M] (DownThemAll!) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/07/07 20:45:06 | 000,000,000 | ---D | M] (Web2PDF converter) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}
[2012/05/02 18:48:16 | 000,000,000 | ---D | M] (FoxLingo) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012/04/24 13:50:51 | 000,000,000 | ---D | M] (Ant Video Downloader) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected](2).com
[2012/05/02 18:48:08 | 000,000,000 | ---D | M] (DeeperWeb for Google) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2012/05/02 18:48:17 | 000,000,000 | ---D | M] (Show Me More) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2012/06/21 10:08:01 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\extensions\[email protected]
[2010/10/17 01:46:49 | 000,002,027 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\google-translate-any--en.xml
[2012/05/16 23:46:12 | 000,002,519 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Mozilla\Firefox\Profiles\x88k25g8.default\searchplugins\Search_Results.xml
[2012/05/22 22:43:07 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
[2012/06/06 14:07:39 | 000,061,219 | ---- | M] () (No name found) -- F:\DOCUMENTS AND SETTINGS\BUBBLES2000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X88K25G8.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2012/06/20 17:09:22 | 000,377,145 | ---- | M] () (No name found) -- F:\DOCUMENTS AND SETTINGS\BUBBLES2000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\X88K25G8.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/04/20 18:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/15 09:52:35 | 000,003,768 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnhgoncokajlafhnhjmccgcmgggiehjm\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.2_0\
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.2_0\.bak
CHR - Extension: No name found = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plccnhhjonaiagjelpfkclblmlppjcik\

O1 HOSTS File: ([2012/07/02 09:40:58 | 000,000,098 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - F:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] F:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] F:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] F:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MAXA-LockTray] F:\Program Files\MAXA Security Tools\Lock\tray.exe (MAXA Research Int'l Inc.)
O4 - HKLM..\Run: [PSUNMain] F:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [TkBellExe] F:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] F:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [vProt] F:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [HotAlarmClock] F:\Program Files\HotAlarmClock\HotAlarmClock.exe (Comfort Software Group)
O4 - HKCU..\Run: [USB Safely Remove] F:\Program Files\USB Safely Remove\USBSafelyRemove.exe (Crystal Rich Ltd)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\STIMON.lnk = F:\Program Files\USB2.0 UVC WebCam\USB2.0 UVC WebCam\STIMON.exe (Silicon Motion)
O4 - Startup: F:\Documents and Settings\Bubbles2000\Start Menu\Programs\Startup\CNET TechTracker.lnk = F:\Documents and Settings\Bubbles2000\Application Data\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O4 - Startup: F:\Documents and Settings\Bubbles2000\Start Menu\Programs\Startup\Dropbox.lnk = F:\Documents and Settings\Bubbles2000\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: F:\Documents and Settings\Bubbles2000\Start Menu\Programs\Startup\RCA Detective.lnk = F:\Documents and Settings\Bubbles2000\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E91EA0E0-F8AD-4018-AE7C-BD0430F21082}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - F:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (f:\windows\system32\userinit.exe) - F:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - F:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: F:\Documents and Settings\Bubbles2000\Desktop\cow rug.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\Bubbles2000\Desktop\cow rug.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/20 02:20:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/27 00:03:47 | 000,027,568 | ---- | M] () - E:\autopay_DPA.pdf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/03 11:41:08 | 000,595,968 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Bubbles2000\Desktop\OTL.exe
[2012/07/02 16:53:44 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\lh
[2012/07/02 16:37:59 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\detective stuff
[2012/07/02 15:19:26 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\recover1
[2012/07/01 08:39:05 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\fontconfig
[2012/07/01 08:39:04 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\gegl-0.2
[2012/07/01 08:39:04 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\.gimp-2.8
[2012/07/01 07:56:23 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Application Data\MusicOasis
[2012/07/01 07:56:17 | 000,000,000 | ---D | C] -- F:\Program Files\MusicOasis
[2012/07/01 07:44:15 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\GimpShop
[2012/07/01 07:42:19 | 000,000,000 | ---D | C] -- F:\Program Files\GimpShop
[2012/07/01 07:39:57 | 000,000,000 | ---D | C] -- F:\Program Files\Free Offers from Freeze.com
[2012/07/01 07:29:42 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\desktop
[2012/06/30 09:15:42 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Start Menu\Programs\USB Safely Remove
[2012/06/30 09:15:38 | 000,000,000 | ---D | C] -- F:\Program Files\USB Safely Remove
[2012/06/27 13:25:03 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\ow
[2012/06/27 11:10:11 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\ugly women
[2012/06/26 11:41:52 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\Copy of Ed's test 5
[2012/06/26 01:28:38 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\Copy of Eds test 6 mine
[2012/06/22 00:07:57 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\the naughtiest
[2012/06/21 02:13:41 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/17 13:25:45 | 000,000,000 | -HSD | C] -- F:\RECYCLER
[2012/06/15 09:52:45 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\cache
[2012/06/14 20:53:29 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/11 12:38:32 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\Ed's test 5
[2012/06/11 09:54:33 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\Eds test 6
[2012/06/09 23:25:22 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Application Data\Panda Security
[2012/06/09 23:23:50 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus
[2012/06/09 23:23:26 | 000,000,000 | ---D | C] -- F:\Program Files\Panda Security
[2012/06/09 23:23:26 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Panda Security
[2012/06/09 11:39:28 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/06/09 07:57:45 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Start Menu\Programs\Dropbox
[2012/06/09 07:57:17 | 000,000,000 | ---D | C] -- F:\Program Files\Dropbox
[2012/06/08 22:36:14 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\couples
[2012/06/07 04:17:10 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\WindowsPowerShell
[2012/06/07 04:17:07 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\GroupPolicy
[2012/06/07 04:16:43 | 000,000,000 | ---D | C] -- F:\WINDOWS\$968930Uinstall_KB968930$
[2012/06/07 04:10:26 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Application Data\IObit
[2012/06/07 04:10:08 | 000,000,000 | ---D | C] -- F:\Program Files\IObit
[2012/06/04 09:37:27 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Desktop\#4 test 4 Ed(2)
[2012/06/03 21:48:48 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\Start Menu\Programs\Dropbox(2)
[2012/06/03 19:25:06 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Bubbles2000\My Documents\GomPlayer
[2012/05/02 17:56:22 | 011,824,088 | ---- | C] (Mozilla Foundation) -- F:\Program Files\xul.dll
[2012/05/02 17:56:22 | 000,646,104 | ---- | C] (Mozilla Foundation) -- F:\Program Files\nss3.dll
[2012/05/02 17:56:22 | 000,505,816 | ---- | C] (sqlite.org) -- F:\Program Files\sqlite3.dll
[2012/05/02 17:56:22 | 000,371,672 | ---- | C] (Mozilla Foundation) -- F:\Program Files\nssckbi.dll
[2012/05/02 17:56:22 | 000,246,744 | ---- | C] (Mozilla Foundation) -- F:\Program Files\updater.exe
[2012/05/02 17:56:22 | 000,166,872 | ---- | C] (Mozilla Foundation) -- F:\Program Files\softokn3.dll
[2012/05/02 17:56:22 | 000,142,296 | ---- | C] (Mozilla Foundation) -- F:\Program Files\ssl3.dll
[2012/05/02 17:56:22 | 000,105,432 | ---- | C] (Mozilla Foundation) -- F:\Program Files\smime3.dll
[2012/05/02 17:56:22 | 000,105,432 | ---- | C] (Mozilla Foundation) -- F:\Program Files\nssdbm3.dll
[2012/05/02 17:56:22 | 000,089,048 | ---- | C] (Mozilla Foundation) -- F:\Program Files\nssutil3.dll
[2012/05/02 17:56:22 | 000,021,976 | ---- | C] (Mozilla Foundation) -- F:\Program Files\plc4.dll
[2012/05/02 17:56:22 | 000,019,416 | ---- | C] (Mozilla Foundation) -- F:\Program Files\xpcom.dll
[2012/05/02 17:56:22 | 000,019,416 | ---- | C] (Mozilla Foundation) -- F:\Program Files\plds4.dll
[2012/05/02 17:56:22 | 000,016,856 | ---- | C] (Mozilla Corporation) -- F:\Program Files\plugin-container.exe
[2012/05/02 17:56:21 | 000,912,344 | ---- | C] (Mozilla Corporation) -- F:\Program Files\firefox.exe
[2012/05/02 17:56:21 | 000,719,832 | ---- | C] (Mozilla Foundation) -- F:\Program Files\mozcrt19.dll
[2012/05/02 17:56:21 | 000,719,832 | ---- | C] (Mozilla Foundation) -- F:\Program Files\mozcpp19.dll
[2012/05/02 17:56:21 | 000,269,272 | ---- | C] (Mozilla Foundation) -- F:\Program Files\freebl3.dll
[2012/05/02 17:56:21 | 000,203,736 | ---- | C] (Mozilla Foundation) -- F:\Program Files\nspr4.dll
[2012/05/02 17:56:21 | 000,107,480 | ---- | C] (Mozilla Foundation) -- F:\Program Files\crashreporter.exe
[2012/05/02 17:56:21 | 000,019,416 | ---- | C] (Mozilla Foundation) -- F:\Program Files\AccessibleMarshal.dll

========== Files - Modified Within 30 Days ==========

[2012/07/03 11:38:29 | 000,000,896 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/03 11:38:29 | 000,000,290 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-725345543-1004.job
[2012/07/03 11:28:57 | 000,000,892 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/03 11:28:57 | 000,000,294 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1647877149-725345543-500.job
[2012/07/03 11:28:32 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2012/07/03 10:40:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Bubbles2000\Desktop\OTL.exe
[2012/07/03 05:24:42 | 000,000,874 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\Lock & Load Computer with MAXA-Lock (2).lnk
[2012/07/03 05:24:42 | 000,000,789 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\USB Safely Remove (2).lnk
[2012/07/03 05:24:42 | 000,000,758 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\RCA Digital Voice Manager (2).lnk
[2012/07/03 05:24:42 | 000,000,646 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\Shortcut to DVM.exe (4).lnk
[2012/07/03 05:24:42 | 000,000,646 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\Shortcut to DVM.exe (3).lnk
[2012/07/03 05:24:42 | 000,000,462 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\Shortcut to Lexmark 2300 Series (2).lnk
[2012/07/03 05:24:42 | 000,000,104 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\Shortcut to Internet Explorer.lnk
[2012/07/03 05:20:13 | 000,000,823 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\Microsoft Works (2).LNK
[2012/07/03 05:20:10 | 000,000,874 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\Lock & Load Computer with MAXA-Lock (3).lnk
[2012/07/03 05:20:10 | 000,000,646 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\Shortcut to DVM.exe (2).lnk
[2012/07/03 05:18:10 | 000,001,002 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1647877149-725345543-1004UA.job
[2012/07/03 05:05:00 | 000,000,830 | ---- | M] () -- F:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/03 03:49:09 | 000,523,830 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\cow rug.bmp
[2012/07/02 19:18:00 | 000,000,950 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1647877149-725345543-1004Core1cc209613fe80f2.job
[2012/07/02 17:54:35 | 000,000,754 | ---- | M] () -- F:\WINDOWS\WORDPAD.INI
[2012/07/02 16:17:09 | 000,028,672 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/02 12:55:50 | 000,004,708 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\wklnhst.dat
[2012/07/02 10:16:18 | 000,157,160 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/02 10:00:09 | 000,000,298 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-725345543-1004.job
[2012/07/02 09:40:58 | 000,000,098 | ---- | M] () -- F:\WINDOWS\System32\drivers\etc\Hosts
[2012/07/01 08:38:49 | 000,002,333 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\GimpShop.lnk
[2012/07/01 07:56:18 | 000,000,659 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\MusicOasis.lnk
[2012/07/01 07:15:42 | 000,001,524 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\Paint (2).lnk
[2012/07/01 06:26:44 | 000,004,507 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2012/07/01 04:13:00 | 000,000,302 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1647877149-725345543-500.job
[2012/06/30 09:15:43 | 000,000,807 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Microsoft\Internet Explorer\Quick Launch\USB Safely Remove.lnk
[2012/06/30 09:15:43 | 000,000,789 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\USB Safely Remove.lnk
[2012/06/30 08:21:17 | 000,002,317 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/29 20:22:01 | 000,000,284 | ---- | M] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/28 13:25:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/23 16:05:24 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- F:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/23 16:05:24 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- F:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/21 02:43:57 | 000,001,102 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\Desktop\Appnimi All-In-One Password Unlocker.lnk
[2012/06/21 02:16:30 | 000,000,032 | ---- | M] () -- F:\WINDOWS\System32\glmf3com.dat.dll
[2012/06/18 09:25:13 | 000,000,091 | ---- | M] () -- F:\WINDOWS\DVM.INI
[2012/06/16 04:03:27 | 000,078,776 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\My Documents\irene gillespie schaub frave.jpg
[2012/06/15 08:11:05 | 000,002,577 | ---- | M] () -- F:\WINDOWS\System32\CONFIG.NT
[2012/06/09 23:24:05 | 000,000,264 | ---- | M] () -- F:\WINDOWS\System32\PSUNCpl.dat
[2012/06/09 20:50:57 | 000,000,046 | ---- | M] () -- F:\WINDOWS\System32\_WKERNEL.FRE
[2012/06/09 08:04:33 | 000,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2012/06/07 04:54:27 | 000,484,030 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2012/06/07 04:54:27 | 000,080,082 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2012/06/06 18:05:14 | 000,487,091 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\My Documents\work=(913)+461-3895.pdf
[2012/06/06 18:03:40 | 000,747,778 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\My Documents\heather shay work maybe3233022306.pdf
[2012/06/04 21:41:07 | 000,067,309 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\My Documents\FireShot Screen Capture #319 - 'AVON - Order Confirmed' - shop_avon_com_shop_confirmed_aspx_order_id=23900597&ccauthreportcode&paypal=5HW871020D7354602.jpg
[2012/06/04 18:51:13 | 000,015,872 | ---- | M] () -- F:\Documents and Settings\Bubbles2000\My Documents\tim's letter 5-2012.wps

========== Files Created - No Company Name ==========

[2012/07/03 05:24:42 | 000,000,874 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\Lock & Load Computer with MAXA-Lock (2).lnk
[2012/07/03 05:24:42 | 000,000,789 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\USB Safely Remove (2).lnk
[2012/07/03 05:24:42 | 000,000,758 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\RCA Digital Voice Manager (2).lnk
[2012/07/03 05:24:42 | 000,000,646 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\Shortcut to DVM.exe (4).lnk
[2012/07/03 05:24:42 | 000,000,646 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\Shortcut to DVM.exe (3).lnk
[2012/07/03 05:24:42 | 000,000,462 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\Shortcut to Lexmark 2300 Series (2).lnk
[2012/07/03 05:24:42 | 000,000,104 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\Shortcut to Internet Explorer.lnk
[2012/07/03 05:20:13 | 000,000,823 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\Microsoft Works (2).LNK
[2012/07/03 05:20:10 | 000,000,874 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\Lock & Load Computer with MAXA-Lock (3).lnk
[2012/07/03 05:20:10 | 000,000,646 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\Shortcut to DVM.exe (2).lnk
[2012/07/03 03:49:09 | 000,523,830 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\cow rug.bmp
[2012/07/01 07:56:18 | 000,000,659 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\MusicOasis.lnk
[2012/07/01 07:44:15 | 000,002,333 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\GimpShop.lnk
[2012/07/01 07:15:42 | 000,001,524 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\Paint (2).lnk
[2012/06/30 09:15:43 | 000,000,807 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Application Data\Microsoft\Internet Explorer\Quick Launch\USB Safely Remove.lnk
[2012/06/30 09:15:43 | 000,000,789 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\USB Safely Remove.lnk
[2012/06/21 02:43:57 | 000,001,102 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Desktop\Appnimi All-In-One Password Unlocker.lnk
[2012/06/21 02:16:30 | 000,000,032 | ---- | C] () -- F:\WINDOWS\System32\glmf3com.dat.dll
[2012/06/16 04:03:26 | 000,078,776 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\My Documents\irene gillespie schaub frave.jpg
[2012/06/10 03:01:39 | 000,004,507 | ---- | C] () -- F:\WINDOWS\imsins.BAK
[2012/06/09 23:24:05 | 000,000,264 | ---- | C] () -- F:\WINDOWS\System32\PSUNCpl.dat
[2012/06/06 18:05:14 | 000,487,091 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\My Documents\work=(913)+461-3895.pdf
[2012/06/06 18:03:40 | 000,747,778 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\My Documents\heather shay work maybe3233022306.pdf
[2012/06/04 21:41:07 | 000,067,309 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\My Documents\FireShot Screen Capture #319 - 'AVON - Order Confirmed' - shop_avon_com_shop_confirmed_aspx_order_id=23900597&ccauthreportcode&paypal=5HW871020D7354602.jpg
[2012/06/04 18:16:10 | 000,015,872 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\My Documents\tim's letter 5-2012.wps
[2012/06/03 18:36:25 | 000,000,787 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\My Documents\mags.rtf
[2012/05/16 23:45:55 | 000,484,352 | ---- | C] () -- F:\WINDOWS\System32\lame_enc.dll
[2012/05/12 04:31:37 | 000,000,719 | ---- | C] () -- F:\WINDOWS\wininit.ini
[2012/05/09 09:40:01 | 000,003,072 | ---- | C] () -- F:\WINDOWS\System32\iacenc.dll
[2012/05/04 18:56:20 | 000,001,235 | ---- | C] () -- F:\Program Files\updates.xml
[2012/05/04 18:56:18 | 000,000,057 | ---- | C] () -- F:\Program Files\active-update.xml
[2012/05/04 18:55:46 | 000,016,246 | ---- | C] () -- F:\Program Files\removed-files
[2012/05/04 18:55:34 | 000,000,000 | ---- | C] () -- F:\Program Files\.autoreg
[2012/05/02 17:56:28 | 000,000,707 | ---- | C] () -- F:\Program Files\updater.ini
[2012/05/02 17:56:28 | 000,000,232 | ---- | C] () -- F:\Program Files\browserconfig.properties
[2012/05/02 17:56:28 | 000,000,006 | ---- | C] () -- F:\Program Files\update.locale
[2012/05/02 17:56:22 | 000,000,478 | ---- | C] () -- F:\Program Files\softokn3.chk
[2012/05/02 17:56:22 | 000,000,478 | ---- | C] () -- F:\Program Files\nssdbm3.chk
[2012/05/02 17:56:22 | 000,000,142 | ---- | C] () -- F:\Program Files\platform.ini
[2012/05/02 17:56:21 | 001,014,744 | ---- | C] () -- F:\Program Files\js3250.dll
[2012/05/02 17:56:21 | 000,031,393 | ---- | C] () -- F:\Program Files\LICENSE
[2012/05/02 17:56:21 | 000,005,183 | ---- | C] () -- F:\Program Files\blocklist.xml
[2012/05/02 17:56:21 | 000,003,803 | ---- | C] () -- F:\Program Files\crashreporter.ini
[2012/05/02 17:56:21 | 000,000,583 | ---- | C] () -- F:\Program Files\crashreporter-override.ini
[2012/05/02 17:56:21 | 000,000,478 | ---- | C] () -- F:\Program Files\freebl3.chk
[2012/05/02 17:56:21 | 000,000,115 | ---- | C] () -- F:\Program Files\dependentlibs.list
[2012/04/26 06:33:56 | 000,044,599 | ---- | C] () -- F:\Program Files\sniffpass.zip
[2012/03/02 22:59:54 | 000,108,032 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll
[2012/02/20 21:46:15 | 000,000,043 | ---- | C] () -- F:\WINDOWS\gswin32.ini
[2011/11/26 23:18:56 | 002,062,304 | ---- | C] () -- F:\Program Files\installspeedfan443.exe
[2011/10/31 18:16:38 | 015,854,592 | ---- | C] () -- F:\Program Files\Setup.msi
[2011/10/28 17:22:15 | 000,204,800 | ---- | C] () -- F:\WINDOWS\System32\igfxCoIn_v4820.dll
[2011/07/08 01:48:35 | 000,000,007 | ---- | C] () -- F:\WINDOWS\treeskp.sys
[2011/07/08 01:48:35 | 000,000,007 | ---- | C] () -- F:\WINDOWS\sbacknt.bin
[2010/11/29 16:53:55 | 000,000,037 | ---- | C] () -- F:\WINDOWS\Viewer.ini
[2010/09/02 00:33:54 | 000,015,360 | ---- | C] () -- F:\WINDOWS\System32\bdmjpeg.dll
[2010/09/02 00:32:52 | 000,058,368 | ---- | C] () -- F:\WINDOWS\System32\bdmpegv.dll
[2010/08/25 06:28:07 | 000,000,031 | ---- | C] () -- F:\WINDOWS\System32\wocsodsini.dll
[2010/08/25 06:27:47 | 000,000,530 | ---- | C] () -- F:\WINDOWS\System32\tx14_ic.ini
[2010/08/25 06:09:41 | 001,774,720 | ---- | C] () -- F:\WINDOWS\System32\BootMan.exe
[2010/08/25 06:09:41 | 000,086,408 | ---- | C] () -- F:\WINDOWS\System32\setupempdrv03.exe
[2010/08/25 06:09:41 | 000,014,848 | ---- | C] () -- F:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/25 06:09:41 | 000,013,192 | ---- | C] () -- F:\WINDOWS\System32\epmntdrv.sys
[2010/08/25 06:09:41 | 000,008,456 | ---- | C] () -- F:\WINDOWS\System32\EuGdiDrv.sys
[2010/07/23 22:17:42 | 000,000,132 | -H-- | C] () -- F:\Documents and Settings\Bubbles2000\Application Data\lakerda1967.sys
[2010/07/23 22:13:46 | 000,010,584 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Application Data\docXConverter (3).ini
[2010/05/27 22:16:54 | 000,004,708 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Application Data\wklnhst.dat
[2010/05/27 21:45:33 | 000,028,672 | ---- | C] () -- F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:82F50D1C
@Alternate Data Stream - 102 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:029666E0

< End of report >
___________________________________________________________________________________________

OTL Extras logfile created on: 7/3/2012 11:41:37 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = F:\Documents and Settings\Bubbles2000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.95% Memory free
3.84 Gb Paging File | 3.44 Gb Available in Paging File | 89.52% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 6.36 Gb Total Space | 1.49 Gb Free Space | 23.37% Space Free | Partition Type: NTFS
Drive D: | 1397.26 Gb Total Space | 1295.72 Gb Free Space | 92.73% Space Free | Partition Type: NTFS
Drive E: | 149.05 Gb Total Space | 62.71 Gb Free Space | 42.07% Space Free | Partition Type: NTFS
Drive F: | 68.11 Gb Total Space | 5.40 Gb Free Space | 7.93% Space Free | Partition Type: NTFS
Drive H: | 7.98 Gb Total Space | 7.98 Gb Free Space | 99.97% Space Free | Partition Type: FAT32

Computer Name: GARGOYLE2 | User Name: Bubbles2000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with XnView] -- "F:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\WINDOWS\system32\lxcgcoms.exe" = F:\WINDOWS\system32\lxcgcoms.exe:*:Enabled:2300 Series -- ()
"F:\Documents and Settings\Bubbles2000\My Documents\Downloads\magentic_install.exe" = F:\Documents and Settings\Bubbles2000\My Documents\Downloads\magentic_install.exe:*:Enabled:Magentic Installer -- ()
"F:\Documents and Settings\Bubbles2000\Application Data\Dropbox\bin\Dropbox.exe" = F:\Documents and Settings\Bubbles2000\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"F:\WINDOWS\system32\mmc.exe" = F:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"F:\Program Files\Google\Google Earth\plugin\geplugin.exe" = F:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"F:\Program Files\Java\jre6\bin\java.exe" = F:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"F:\WINDOWS\system32\dpvsetup.exe" = F:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"F:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = F:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = F:\Documents and Settings\Bubbles2000\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}" = GimpShop 2.8
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{672C1EE5-D13F-4EDB-A8CA-26711696C040}_is1" = Hot Alarm Clock 2.0.2.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E482AF6-AA1F-4CC5-BA13-0536675F5744}" = ASPCA TriMini Reminder by We-Care.com v5.0.2.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{856480C9-2428-15E1-97BC-685EE2A7B8E6}" = MusicOasis
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BB2EC963-6E6D-4106-A310-5AE3B31937A9}" = ManageEngine EventLog Analyzer 7
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DE718DF0-3874-4873-9BC3-3A94944C916E}_is1" = Wondershare PDF to Word (Build 3.6.0)
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 9.95 Professional Edition
"{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 10.44 Free Edition
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = USB2.0 UVC WebCam
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"7-Zip" = 7-Zip 9.22beta
"AC3Filter_is1" = AC3Filter 1.63b
"AC970D9B-E5C8-44D8-910B-D763DDF6D32A_is1" = Chrysanth Diary [Starter]
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AnVir Task Manager Free" = AnVir Task Manager Free
"AVG Secure Search" = AVG Security Toolbar
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CoreAAC" = CoreAAC
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.1.1 Home Edition
"Easy Clone Detective1.4" = Easy Clone Detective
"ffdshow_is1" = ffdshow v1.1.3572 [2010-09-13]
"FireShot for IE" = FireShot for Internet Explorer
"Free Easy Burner_is1" = Free Easy Burner V 5.1
"Garbage Finder" = Garbage Finder 2.5
"GOM Player" = GOM Player
"GOM Video Converter" = GOM Video Converter
"GPL Ghostscript 9.05" = GPL Ghostscript
"HDMI" = Intel® Graphics Media Accelerator Driver
"iCare Data Recovery_is1" = iCare Data Recovery 3.8.1
"ie8" = Windows Internet Explorer 8
"iLivid" = iLivid
"IrfanView" = IrfanView (remove only)
"Lexmark 2300 Series" = Lexmark 2300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MAXA Security Tools_is1" = MAXA Security Tools 2.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Firefox 9.0 (x86 en-US)" = Mozilla Firefox 9.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Music Duplicate Remover_is1" = Music Duplicate Remover 6.0
"MusicOasis" = MusicOasis
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter 1.0.0.5
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"RCA Detective™_is1" = RCA Detective™ 2.0.0.98
"RCA Digital Voice Manager_is1" = RCA Digital Voice Manager 5.0.3.1
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"Software Informer_is1" = Software Informer 1.0 BETA
"SpeedFan" = SpeedFan (remove only)
"Start Menu 7_is1" = Start Menu 7 3.65
"TweakNow PowerPack 2011 SP3_is1" = TweakNow PowerPack 2011 SP3
"TweakNow WinSecret 2011_is1" = TweakNow WinSecret 2011
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Unlocker" = Unlocker 1.9.0
"USB Safely Remove_is1" = USB Safely Remove 5.1
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinCleaner OneClick Professional Clean_is1" = WinCleaner OneClick Professional Clean Version 12
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.98.5
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CNET TechTracker" = CNET TechTracker
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"ImageBadger Image Converter" = ImageBadger Image Converter
"webmdshow" = WebM Project Directshow Filters
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/2/2012 10:16:55 PM | Computer Name = GARGOYLE2 | Source = Application Error | ID = 1000
Description = Faulting application mysqld-nt.exe, version 0.0.0.0, faulting module
mysqld-nt.exe, version 0.0.0.0, fault address 0x0019e719.

Error - 7/2/2012 10:16:59 PM | Computer Name = GARGOYLE2 | Source = eventloganalyzer | ID = 100
Description = There were 5 failed launches in a row, each lasting less than 300
seconds. Giving up.

Error - 7/2/2012 10:16:59 PM | Computer Name = GARGOYLE2 | Source = eventloganalyzer | ID = 100
Description = There may be a configuration problem: please check the logs.

Error - 7/3/2012 12:05:02 AM | Computer Name = GARGOYLE2 | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 7/3/2012 5:05:01 AM | Computer Name = GARGOYLE2 | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262,
faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

Error - 7/3/2012 6:22:25 AM | Computer Name = GARGOYLE2 | Source = Application Hang | ID = 1002
Description = Hanging application PictureViewer.exe, version 7.72.80.56, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/3/2012 6:22:25 AM | Computer Name = GARGOYLE2 | Source = Application Hang | ID = 1002
Description = Hanging application PictureViewer.exe, version 7.72.80.56, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/3/2012 2:37:58 PM | Computer Name = GARGOYLE2 | Source = Application Error | ID = 1000
Description = Faulting application mysqld-nt.exe, version 0.0.0.0, faulting module
mysqld-nt.exe, version 0.0.0.0, fault address 0x0019e719.

Error - 7/3/2012 2:40:53 PM | Computer Name = GARGOYLE2 | Source = Application Error | ID = 1000
Description = Faulting application mysqld-nt.exe, version 0.0.0.0, faulting module
mysqld-nt.exe, version 0.0.0.0, fault address 0x0019e719.

Error - 7/3/2012 2:42:16 PM | Computer Name = GARGOYLE2 | Source = Application Error | ID = 1000
Description = Faulting application mysqld-nt.exe, version 0.0.0.0, faulting module
mysqld-nt.exe, version 0.0.0.0, fault address 0x0019e719.

[ System Events ]
Error - 7/3/2012 2:37:33 PM | Computer Name = GARGOYLE2 | Source = Service Control Manager | ID = 7000
Description = The CryptSvc service failed to start due to the following error: %%1083

Error - 7/3/2012 2:37:33 PM | Computer Name = GARGOYLE2 | Source = Service Control Manager | ID = 7003
Description = The @%SystemRoot%\system32\iphlpsvc.dll,-200 service depends on the
following nonexistent service: NSI

Error - 7/3/2012 2:37:33 PM | Computer Name = GARGOYLE2 | Source = Service Control Manager | ID = 7001
Description = The Panda Cloud Antivirus Service service depends on the CryptSvc
service which failed to start because of the following error: %%1083

Error - 7/3/2012 2:37:33 PM | Computer Name = GARGOYLE2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IPSEC Services service
to connect.

Error - 7/3/2012 2:37:33 PM | Computer Name = GARGOYLE2 | Source = Service Control Manager | ID = 7000
Description = The IPSEC Services service failed to start due to the following error:
%%1053

Error - 7/3/2012 2:37:33 PM | Computer Name = GARGOYLE2 | Source = Service Control Manager | ID = 7000
Description = The Windows Time service failed to start due to the following error:
%%1083

Error - 7/3/2012 2:37:33 PM | Computer Name = GARGOYLE2 | Source = Service Control Manager | ID = 7000
Description = The @%systemroot%\system32\wuaueng.dll,-105 service failed to start
due to the following error: %%1290

Error - 7/3/2012 2:37:33 PM | Computer Name = GARGOYLE2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the @%SystemRoot%\System32\wscsvc.dll,-200
service to connect.

Error - 7/3/2012 2:37:33 PM | Computer Name = GARGOYLE2 | Source = Service Control Manager | ID = 7000
Description = The @%SystemRoot%\System32\wscsvc.dll,-200 service failed to start
due to the following error: %%1053

Error - 7/3/2012 2:38:03 PM | Computer Name = GARGOYLE2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
tdx


< End of report >
________________________________________________________________________________________

Hopefully you can find an easy fix for this.
Again, Thank You...ed
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Error - 7/3/2012 2:38:03 PM | Computer Name = GARGOYLE2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
tdx

This is the problem, although how it occured I have no idea

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#23
edhalfdead

edhalfdead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Here is the report that you requested:

Farbar Service Scanner Version: 02-07-2012
Ran by Bubbles2000 (administrator) on 04-07-2012 at 13:40:47
Running from "H:\Anti Virus"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc: "%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted".
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "%systemroot%\system32\wuaueng.dll".

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc: "%SystemRoot%\system32\svchost.exe -k NetworkService".
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
F:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
F:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
F:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
F:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
F:\WINDOWS\system32\netman.dll => MD5 is legit
F:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
F:\WINDOWS\system32\srsvc.dll => MD5 is legit
F:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
F:\WINDOWS\system32\wscsvc.dll => MD5 is legit
F:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
F:\WINDOWS\system32\wuauserv.dll => MD5 is legit
F:\WINDOWS\system32\qmgr.dll => MD5 is legit
F:\WINDOWS\system32\es.dll => MD5 is legit
F:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
F:\WINDOWS\system32\svchost.exe => MD5 is legit
F:\WINDOWS\system32\rpcss.dll => MD5 is legit
F:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
BridgeMP(10) fssfltr(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(8)
0x0A00000005000000010000000200000003000000040000000600000007000000080000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****
______________________________________________________________________________________________


Thank You...ed
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you go to Control Panel > System > Advanced Tab > Device Manager
Select View at the top and select show hidden devices
Click Non Plug and Play devices
Right Click AFD networking Support
Select Properties
Select the Driver tab
Is the driver started
If not start it

If it fails to start what error do you get


  • 0

#25
edhalfdead

edhalfdead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
The driver was already started
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets start at the top

Go to Control Panel > Administrative Tools > Services
Locate DCHP
Right click DCHP and select properties
Ensure the start type is Automatic
Is the service running ?
If not start the service and let me know what errors you get



On the same dialogue select dependencies
Click each plus sign and let me know if yours is the same as the screeenshot with any evident errors


  • 0

#27
edhalfdead

edhalfdead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Here are the screen grabs from her computer:

The first shows the error when trying to start the service

ScreenHunter_03 Jul. 07 23.01.jpg

The second shows the dependencies

ScreenHunter_04 Jul. 07 23.29.jpg


At this point she wants to gut it and start over(reformat).
I told her to have patience since you already put so much time into it.
She said :killcomp: :smashcomp:
What do you think?
Thank you for everything so far...ed
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
To be honest that would be the quickest option as I will have to check out the files and registry for all the dependancy services and that could take a while
  • 0

#29
edhalfdead

edhalfdead

    Member

  • Topic Starter
  • Member
  • PipPip
  • 89 posts
Got home last night and her daughter was in the middle of reformatting so I guess she went for the quick route. I will post again with the results.
Thank you for your effort trying to fix this mess. It seems that as soon as you would get one thing fixed another problem would pop up.
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Unfortunately modern malware is like that, it tries to subborn system files and registry paths for its own use. Sometimes they are easy to fix, but sometimes not..
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP