[Essexboy]

I believe you had, it is just that the last report posted still showed the driver I wanted to remove

Is there a way you could borrow a copy of an XP CD so that we can run a repair install ?

[Advertisements]

On second thought, maybe you mean the one immediately before this instead of the last one that worked.

I didn't run the one immediately before this because I couldn't get it to.

I'll look into a copy of an XP CD. Just like the one to buy at the store?

[devdyer]

On second thought, maybe you mean the one immediately before this instead of the last one that worked.

I didn't run the one immediately before this because I couldn't get it to.

I'll look into a copy of an XP CD. Just like the one to buy at the store?

[Essexboy]

I didn't run the one immediately before this because I couldn't get it to.

Do you mean you were unable to run the last fixlist ?

[devdyer]

Fixlists on post #7 , #10 , and #12 ...
I was looking back and see that I posted a log after each fixlist download you provided.

So I suppose I'm mistaken. There was a time when the computer didn't run the fixlist. Looks like I didn't download a new one from you ; I just rebooted and ran the fixlist that was current at the times.

By the way , no success yet in tracking down an XP CD.

[Essexboy]

OK lets at least get access to the computer so if the worst comes to the worst at least you can back up the data

You will need another computer to download and burn this CD. You may be able to get internet access from this CD as well

• Download OTLPENet.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Drag and drop this attached scan.txt into the Custom scans and fixes box
  [attachment=60332:scan.txt]
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[devdyer]

OTL.txt



OTL logfile created on: 9/9/2012 12:57:14 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 302.00 Mb Available Physical Memory | 59.00% Memory free
458.00 Mb Paging File | 335.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 50.48 Gb Free Space | 70.64% Space Free | Partition Type: NTFS
Drive D: | 3.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 973.16 Mb Total Space | 730.80 Mb Free Space | 75.10% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TelevisionFanaticService)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/08/26 22:43:02 | 000,107,520 | ---- | M] () [Auto] -- C:\Documents and Settings\Owner\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/08/14 15:48:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/30 14:30:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 19:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/02/11 21:12:38 | 000,167,936 | ---- | M] () [Auto] -- C:\Program Files\D-Link\DWA-552 revA\WLSVC.exe -- (WLSVC)
SRV - [2008/09/26 21:01:30 | 000,356,433 | ---- | M] (Atheros Communications, Inc.) [On_Demand] -- C:\Program Files\D-Link\DWA-552 revA\jswpsapi.exe -- (jswpsapi)
SRV - [2006/03/04 00:03:10 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/02/03 21:00:00 | 000,020,480 | R--- | M] (Creative Technology Ltd.) [On_Demand] -- C:\WINDOWS\system32\P1171Srv.exe -- (PD1171Srv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto] -- -- (zumbus)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/12/20 20:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/27 18:09:36 | 001,605,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/29 08:57:12 | 000,052,624 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdr4_2k.sys -- (Cdr4_2K)
DRV - [2009/08/29 08:57:12 | 000,021,913 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/09/25 21:07:18 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/07/26 11:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 11:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 11:22:22 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/02/27 12:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2008/01/19 05:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/02 09:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/06/30 22:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 12:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.n...le/index.php?q=
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...D&si=XXXXXXXXXX
IE - HKU\Owner_ON_C\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - Reg Error: Key error. File not found
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/09/23 22:25:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\TelevisionFanatic\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/30 14:30:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/27 13:48:06 | 000,000,000 | ---D | M]

[2012/07/22 15:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/19 14:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/05/19 14:25:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/30 14:30:07 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/07/17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/22 15:42:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/22 15:42:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.7\PriceGongIE.dll (PriceGong)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\Program Files\chartertoolbar\chartertoolbar.dll (Charter Communications)
O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - File not found
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Owner\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - File not found
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - File not found
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - File not found
O3 - HKLM\..\Toolbar: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\Program Files\chartertoolbar\chartertoolbar.dll (Charter Communications)
O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {FB9E054A-CCF8-4A97-9581-93EEBF33F861} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\Program Files\chartertoolbar\chartertoolbar.dll (Charter Communications)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (TelevisionFanatic) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SpeetItUpFree] File not found
O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] File not found
O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] File not found
O4 - HKU\.DEFAULT..\Run: [Symantec NetDriver Warning] File not found
O4 - HKU\Owner_ON_C..\Run: [ares] File not found
O4 - HKU\Owner_ON_C..\Run: [EPSON NX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Owner_ON_C..\Run: [Search Protection] File not found
O4 - HKU\Owner_ON_C..\Run: [Software Informer] File not found
O4 - HKU\Owner_ON_C..\Run: [Spotify] C:\Documents and Settings\Owner\Application Data\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\Owner_ON_C..\Run: [Spotify Web Helper] C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\DWA-552 revA\wirelesscm.exe (D-Link Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.liv...es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai...0/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://zone.msn.com/...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06101001.cab (Reg Error: Key error.)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/z...s/heartbeat.cab (HeartbeatCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/08 15:49:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/06/27 09:16:56 | 000,000,145 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/09/02 19:04:19 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/02 00:47:49 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/08/30 05:06:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/08/30 05:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/08/30 05:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/08/28 03:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/08/28 03:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/08/28 03:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\D-Link
[2012/08/28 03:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\D-Link
[2012/08/28 03:07:25 | 000,405,582 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\jswscsup.dll
[2012/08/28 03:07:25 | 000,057,440 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\jswscimd.sys
[2012/08/28 03:07:25 | 000,057,440 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\jswscimd.sys
[2012/08/28 03:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link
[2012/08/28 03:06:53 | 001,605,056 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athw.sys
[2012/08/28 03:06:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pcidevice
[2012/08/27 23:02:43 | 006,955,968 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\Silverlight.exe
[2012/08/26 22:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpeedItup Free
[2012/08/26 22:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PriceGong
[2012/08/26 22:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
[2012/08/26 22:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DefaultTab
[2012/08/26 21:38:13 | 001,654,976 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Owner\Desktop\mplayer_tuguu_1271.exe
[2012/08/25 15:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2012/08/25 13:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Copy of Microsoft Security Client
[2012/08/25 13:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Copy of ArcSoft
[2012/08/16 15:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\pics
[2012/08/14 15:48:25 | 009,826,504 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2001/06/19 17:34:36 | 000,040,960 | ---- | C] (Jetsoft Development Company) -- C:\Program Files\ACMonitor_X83.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/07 23:07:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/07 23:07:04 | 534,843,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/07 23:07:04 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/01 23:48:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/31 13:54:22 | 000,092,542 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\206212_10151043012664387_389585136_n.jpg
[2012/08/30 05:07:58 | 000,435,964 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/30 05:07:58 | 000,068,860 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/28 03:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/08/28 03:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\D-Link
[2012/08/28 03:07:21 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012/08/28 03:07:21 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2012/08/28 03:07:20 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/08/27 23:10:31 | 006,955,968 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\Silverlight.exe
[2012/08/27 22:43:13 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/27 22:33:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/26 23:24:44 | 000,000,063 | ---- | M] () -- C:\1.html
[2012/08/26 22:58:35 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedItup Free.lnk
[2012/08/26 22:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpeedItup Free
[2012/08/26 22:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PriceGong
[2012/08/26 21:38:52 | 001,654,976 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Owner\Desktop\mplayer_tuguu_1271.exe
[2012/08/26 06:51:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2012/08/25 15:10:21 | 020,980,010 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dwa552_drivers_170.zip
[2012/08/25 13:32:04 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/21 16:34:49 | 001,096,976 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\windows-xp-service-pack-2-toDownload.exe
[2012/08/21 16:32:01 | 001,096,976 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\windows-xp-service-pack-3-toDownload.exe
[2012/08/16 05:18:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/14 15:48:36 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/14 15:48:36 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/14 15:48:29 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/02 13:06:38 | 534,843,392 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/31 13:53:50 | 000,092,542 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\206212_10151043012664387_389585136_n.jpg
[2012/08/28 03:07:25 | 000,035,967 | ---- | C] () -- C:\WINDOWS\System32\jswscimdp.cat
[2012/08/28 03:07:25 | 000,035,538 | ---- | C] () -- C:\WINDOWS\System32\jswscimd.cat
[2012/08/28 03:07:25 | 000,005,529 | ---- | C] () -- C:\WINDOWS\System32\jswscimdp.inf
[2012/08/28 03:07:25 | 000,002,231 | ---- | C] () -- C:\WINDOWS\System32\jswscimd.inf
[2012/08/28 03:07:21 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2012/08/28 03:07:20 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012/08/28 03:07:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.sys
[2012/08/28 03:07:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2012/08/28 03:07:17 | 000,010,667 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.cat
[2012/08/28 03:07:17 | 000,001,593 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.inf
[2012/08/26 23:24:44 | 000,000,063 | ---- | C] () -- C:\1.html
[2012/08/26 22:54:22 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedItup Free.lnk
[2012/08/25 15:10:06 | 020,980,010 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dwa552_drivers_170.zip
[2012/08/21 16:34:44 | 001,096,976 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\windows-xp-service-pack-2-toDownload.exe
[2012/08/21 16:31:17 | 001,096,976 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\windows-xp-service-pack-3-toDownload.exe
[2012/07/12 10:29:52 | 004,534,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi
[2012/02/19 21:44:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/04 14:50:45 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/28 12:22:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/06 11:45:08 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/09/02 20:01:00 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/09/02 20:01:00 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/09/02 20:01:00 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/09/02 20:01:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/09/02 20:01:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/09/02 20:01:00 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/09/02 20:01:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/09/02 20:01:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/09/02 20:01:00 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/09/02 20:01:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/09/02 20:00:59 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/09/02 20:00:59 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/09/02 20:00:59 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/09/02 20:00:59 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/09/02 20:00:59 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/09/02 20:00:59 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/09/02 19:59:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPNX100.ini
[2009/08/31 20:16:54 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/08/31 09:59:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/29 08:57:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2009/08/29 01:18:42 | 000,000,030 | ---- | C] () -- C:\WINDOWS\ACMonitor_X83.ini
[2009/08/29 01:12:52 | 000,004,672 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.DLL
[2008/01/23 22:33:49 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Owner\webct_upload_applet.properties
[2007/12/09 21:49:16 | 000,834,340 | -HS- | C] () -- C:\WINDOWS\System32\ulimojkx.ini
[2007/12/09 21:46:29 | 000,020,810 | -HS- | C] () -- C:\WINDOWS\System32\cghdwmty.dllbox
[2007/03/03 13:51:48 | 000,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/17 19:50:56 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/10/09 02:49:10 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/08 22:45:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/01/10 15:20:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2005/12/15 22:33:08 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2005/12/15 13:09:32 | 000,002,461 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/12/11 21:03:50 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/08 16:11:14 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/08 15:51:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/08 15:46:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/08 07:40:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/08 07:39:01 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/22 16:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 16:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,435,964 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,860 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/06 20:50:00 | 000,004,014 | ---- | C] () -- C:\Program Files\keygen.nfo
[2001/10/25 14:20:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXASICO.DLL
[2001/10/25 14:20:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\LXASBCE.DLL
[2001/10/25 14:20:08 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/05/28 13:26:24 | 000,131,584 | ---- | C] () -- C:\WINDOWS\Ptlic32.exe

========== LOP Check ==========

[2010/10/24 14:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2009/11/04 14:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Blitware
[2012/07/23 02:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CHARTERTOOLBAR
[2012/08/26 22:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DefaultTab
[2010/12/02 20:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2009/08/29 16:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2009/08/29 21:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HorizonWimba
[2006/01/23 21:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2009/09/02 20:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/03/18 23:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pipeliner.5A8F60606AB9E68112BC6FCD53E816B203E65DCC.1
[2011/03/06 12:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RegistryKeys
[2006/01/22 22:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2009/12/21 11:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smilebox
[2008/10/15 14:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2012/09/02 00:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spotify
[2012/08/27 18:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Teleca
[2006/02/09 10:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wildfire
[2011/02/04 15:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/08/28 03:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\D-Link
[2009/09/02 20:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/09/23 22:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fluxDVD
[2005/12/16 18:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/02/27 05:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mpDRM
[2005/12/10 21:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2005/12/10 20:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2012/08/08 18:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2008/10/27 22:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/02 20:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2012/08/26 06:51:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: QMGR.DLL >
[2004/08/04 08:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtUninstallKB923845$\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2007/03/29 08:46:44 | 000,409,600 | ---- | M] (Microsoft Corporation) MD5=65E23953D337574E549B1EF34FE0B1DA -- C:\WINDOWS\$hf_mig$\KB923845\SP2QFE\qmgr.dll
[2007/03/29 08:56:02 | 000,409,600 | ---- | M] (Microsoft Corporation) MD5=CC431E6DEAAD867A583EE5E804EE4CF2 -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll

< MD5 for: SERVICES >
[2004/08/04 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.DLL >
[2004/04/20 17:24:54 | 000,018,944 | ---- | M] () MD5=349F1FC4A07B593E3560D851A5772F78 -- C:\DELL\drivers\R78333\services.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 08:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.LNK >
[2005/12/08 15:49:05 | 000,001,602 | ---- | M] () MD5=4051B071AB2F51D5CD602625DA262327 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/04 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"Type" = 32
"Start" = 3
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = Background Intelligent Transfer Service
"DependOnService" = Rpcss [binary data] -- [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
"DependOnGroup" = [binary data]
"ObjectName" = LocalSystem
"Description" = Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = C:\WINDOWS\system32\qmgr.dll -- [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

[Essexboy]

Are you able to access the net from the Reatog desktop ?

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
[attachment=60394:fix.txt]

• Insert your USB drive with fix.txt on it
• Start OTLPE
• Drag and drop fix.txt into the Custom scans and fixes box
• If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done to normal mode if possible
• Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

THEN

As I can see nothing there that is stopping the boot, I will look for a restore point and see if I can force one

• Download Farbar Recovery Scan Tool and save it to a flash drive.
• Reboot to the Reatogo desktop
• Insert the flash drive with FRST on it
• Locate the flash drive and run FSRT
• The tool will start to run.
  
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[devdyer]

I will plug in directly to my internet (currently access via wireless when things are going smoothly) and check if I can access.

[devdyer]

OTL LOG

OTL logfile created on: 9/10/2012 9:18:00 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 309.00 Mb Available Physical Memory | 61.00% Memory free
458.00 Mb Paging File | 339.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 50.48 Gb Free Space | 70.64% Space Free | Partition Type: NTFS
Drive D: | 973.16 Mb Total Space | 730.69 Mb Free Space | 75.08% Space Free | Partition Type: FAT
Drive E: | 3.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (TelevisionFanaticService)
SRV - File not found [Auto] -- -- (DefaultTabUpdate)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/08/14 15:48:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/30 14:30:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 19:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/02/11 21:12:38 | 000,167,936 | ---- | M] () [Auto] -- C:\Program Files\D-Link\DWA-552 revA\WLSVC.exe -- (WLSVC)
SRV - [2008/09/26 21:01:30 | 000,356,433 | ---- | M] (Atheros Communications, Inc.) [On_Demand] -- C:\Program Files\D-Link\DWA-552 revA\jswpsapi.exe -- (jswpsapi)
SRV - [2006/03/04 00:03:10 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/02/03 21:00:00 | 000,020,480 | R--- | M] (Creative Technology Ltd.) [On_Demand] -- C:\WINDOWS\system32\P1171Srv.exe -- (PD1171Srv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto] -- -- (zumbus)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/12/20 20:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/27 18:09:36 | 001,605,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/29 08:57:12 | 000,052,624 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdr4_2k.sys -- (Cdr4_2K)
DRV - [2009/08/29 08:57:12 | 000,021,913 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/09/25 21:07:18 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/07/26 11:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 11:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 11:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 11:22:22 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/02/27 12:54:00 | 000,020,480 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\WLNdis50.sys -- (WLNdis50)
DRV - [2008/01/19 05:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/02 09:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2004/09/17 13:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/06/30 22:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 12:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.n...le/index.php?q=
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...D&si=XXXXXXXXXX
IE - HKU\Owner_ON_C\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - Reg Error: Key error. File not found
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/09/23 22:25:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\TelevisionFanatic\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/30 14:30:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/27 13:48:06 | 000,000,000 | ---D | M]

[2012/07/22 15:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/19 14:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/05/19 14:25:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/30 14:30:07 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/07/17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/22 15:42:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/22 15:42:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (no name) - {FB9E054A-CCF8-4A97-9581-93EEBF33F861} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\Owner_ON_C..\Run: [EPSON NX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Owner_ON_C..\Run: [Spotify] C:\Documents and Settings\Owner\Application Data\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\Owner_ON_C..\Run: [Spotify Web Helper] C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\DWA-552 revA\wirelesscm.exe (D-Link Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.mail.liv...es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab34246.cab (ZoneIntro Class)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai...0/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://zone.msn.com/...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/z...s/heartbeat.cab (HeartbeatCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/08 15:49:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/06/27 09:16:56 | 000,000,145 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/09/10 04:21:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/02 19:04:19 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/02 00:47:49 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/08/30 05:06:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/08/30 05:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/08/30 05:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/08/28 03:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/08/28 03:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/08/28 03:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\D-Link
[2012/08/28 03:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\D-Link
[2012/08/28 03:07:25 | 000,405,582 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\jswscsup.dll
[2012/08/28 03:07:25 | 000,057,440 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\jswscimd.sys
[2012/08/28 03:07:25 | 000,057,440 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\jswscimd.sys
[2012/08/28 03:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link
[2012/08/28 03:06:53 | 001,605,056 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athw.sys
[2012/08/28 03:06:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pcidevice
[2012/08/27 23:02:43 | 006,955,968 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\Silverlight.exe
[2012/08/26 21:38:13 | 001,654,976 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Owner\Desktop\mplayer_tuguu_1271.exe
[2012/08/25 15:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2012/08/25 13:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Copy of Microsoft Security Client
[2012/08/25 13:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Copy of ArcSoft
[2012/08/16 15:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\pics
[2012/08/14 15:48:25 | 009,826,504 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2001/06/19 17:34:36 | 000,040,960 | ---- | C] (Jetsoft Development Company) -- C:\Program Files\ACMonitor_X83.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/10 10:11:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/10 10:11:11 | 534,843,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/10 10:11:11 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/01 23:48:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/31 13:54:22 | 000,092,542 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\206212_10151043012664387_389585136_n.jpg
[2012/08/30 05:07:58 | 000,435,964 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/30 05:07:58 | 000,068,860 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/28 03:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/08/28 03:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\D-Link
[2012/08/28 03:07:21 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012/08/28 03:07:21 | 000,000,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2012/08/28 03:07:20 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/08/27 23:10:31 | 006,955,968 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\Silverlight.exe
[2012/08/27 22:43:13 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/27 22:33:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/26 23:24:44 | 000,000,063 | ---- | M] () -- C:\1.html
[2012/08/26 21:38:52 | 001,654,976 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Owner\Desktop\mplayer_tuguu_1271.exe
[2012/08/26 06:51:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2012/08/25 15:10:21 | 020,980,010 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dwa552_drivers_170.zip
[2012/08/25 13:32:04 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/21 16:34:49 | 001,096,976 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\windows-xp-service-pack-2-toDownload.exe
[2012/08/21 16:32:01 | 001,096,976 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\windows-xp-service-pack-3-toDownload.exe
[2012/08/16 05:18:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/14 15:48:36 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/14 15:48:36 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/14 15:48:29 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/02 13:06:38 | 534,843,392 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/31 13:53:50 | 000,092,542 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\206212_10151043012664387_389585136_n.jpg
[2012/08/28 03:07:25 | 000,035,967 | ---- | C] () -- C:\WINDOWS\System32\jswscimdp.cat
[2012/08/28 03:07:25 | 000,035,538 | ---- | C] () -- C:\WINDOWS\System32\jswscimd.cat
[2012/08/28 03:07:25 | 000,005,529 | ---- | C] () -- C:\WINDOWS\System32\jswscimdp.inf
[2012/08/28 03:07:25 | 000,002,231 | ---- | C] () -- C:\WINDOWS\System32\jswscimd.inf
[2012/08/28 03:07:21 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2012/08/28 03:07:20 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012/08/28 03:07:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.sys
[2012/08/28 03:07:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2012/08/28 03:07:17 | 000,010,667 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.cat
[2012/08/28 03:07:17 | 000,001,593 | ---- | C] () -- C:\WINDOWS\System32\wlndis50.inf
[2012/08/26 23:24:44 | 000,000,063 | ---- | C] () -- C:\1.html
[2012/08/25 15:10:06 | 020,980,010 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dwa552_drivers_170.zip
[2012/08/21 16:34:44 | 001,096,976 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\windows-xp-service-pack-2-toDownload.exe
[2012/08/21 16:31:17 | 001,096,976 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\windows-xp-service-pack-3-toDownload.exe
[2012/07/12 10:29:52 | 004,534,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi
[2012/02/19 21:44:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/04 14:50:45 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/28 12:22:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/06 11:45:08 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/09/02 20:01:00 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/09/02 20:01:00 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/09/02 20:01:00 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/09/02 20:01:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/09/02 20:01:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/09/02 20:01:00 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/09/02 20:01:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/09/02 20:01:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/09/02 20:01:00 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/09/02 20:01:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/09/02 20:00:59 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/09/02 20:00:59 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/09/02 20:00:59 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/09/02 20:00:59 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/09/02 20:00:59 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/09/02 20:00:59 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/09/02 19:59:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPNX100.ini
[2009/08/31 20:16:54 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/08/31 09:59:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/29 08:57:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2009/08/29 01:18:42 | 000,000,030 | ---- | C] () -- C:\WINDOWS\ACMonitor_X83.ini
[2009/08/29 01:12:52 | 000,004,672 | ---- | C] () -- C:\WINDOWS\System32\LXASUSCI.DLL
[2008/01/23 22:33:49 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Owner\webct_upload_applet.properties
[2007/12/09 21:49:16 | 000,834,340 | -HS- | C] () -- C:\WINDOWS\System32\ulimojkx.ini
[2007/12/09 21:46:29 | 000,020,810 | -HS- | C] () -- C:\WINDOWS\System32\cghdwmty.dllbox
[2007/03/03 13:51:48 | 000,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/17 19:50:56 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/10/09 02:49:10 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/08 22:45:06 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/01/10 15:20:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2005/12/15 22:33:08 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2005/12/15 13:09:32 | 000,002,461 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/12/11 21:03:50 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/08 16:11:14 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/08 15:51:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/08 15:46:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/08 07:40:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/08 07:39:01 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/22 16:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 16:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,435,964 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,068,860 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/06 20:50:00 | 000,004,014 | ---- | C] () -- C:\Program Files\keygen.nfo
[2001/10/25 14:20:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXASICO.DLL
[2001/10/25 14:20:08 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\LXASBCE.DLL
[2001/10/25 14:20:08 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/05/28 13:26:24 | 000,131,584 | ---- | C] () -- C:\WINDOWS\Ptlic32.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

FRST LOG
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) (x86) Version: 08-09-2012
Ran by SYSTEM at 10-09-2012 09:27:10
Running from D:\
(X86) OS Language: English(US)
Attention: Could not load system hive.
Error: The process cannot access the file because it is being used by another process.
==================== Registry (Whitelisted) ===================

HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files\D-Link\DWA-552 revA\wirelesscm.exe (D-Link Corp.)

==================== Services ================================


==================== Drivers =================================


==================== NetSvcs (Whitelisted) =================


============ One Month Created Files and Folders ==============

2012-09-10 04:21 - 2012-09-10 04:21 - 00000000 ___DC C:\_OTL
2012-09-09 01:01 - 2012-09-10 09:21 - 00060322 ___AC C:\OTL.Txt
2012-09-02 19:04 - 2012-09-10 09:27 - 00000000 ___DC C:\FRST
2012-09-02 00:49 - 2012-09-02 00:49 - 00010048 ____N C:\bootex.log
2012-09-02 00:47 - 2012-09-02 00:47 - 00000000 __SHD C:\found.000
2012-08-30 05:06 - 2012-08-31 05:29 - 00000000 ____D C:\Windows\System32\XPSViewer
2012-08-30 05:05 - 2012-08-30 05:05 - 00000000 ____D C:\Program Files\MSBuild
2012-08-30 05:04 - 2012-08-30 05:04 - 00000000 ____D C:\Program Files\Reference Assemblies
2012-08-28 03:49 - 2012-08-28 03:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-08-28 03:07 - 2012-08-28 03:07 - 00000641 ____A C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
2012-08-28 03:07 - 2012-08-28 03:07 - 00000000 ____D C:\Program Files\D-Link
2012-08-28 03:07 - 2012-08-28 03:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\D-Link
2012-08-28 03:07 - 2008-10-01 03:55 - 00035967 ____A C:\Windows\System32\jswscimdp.cat
2012-08-28 03:07 - 2008-10-01 03:55 - 00035538 ____A C:\Windows\System32\jswscimd.cat
2012-08-28 03:07 - 2008-09-26 21:01 - 00405582 ____A (Atheros Communications, Inc.) C:\Windows\System32\jswscsup.dll
2012-08-28 03:07 - 2008-09-25 21:07 - 00057440 ____A (Atheros Communications, Inc.) C:\Windows\System32\jswscimd.sys
2012-08-28 03:07 - 2008-09-25 21:07 - 00057440 ____A (Atheros Communications, Inc.) C:\Windows\System32\Drivers\jswscimd.sys
2012-08-28 03:07 - 2008-09-08 13:54 - 00010667 ____A C:\Windows\System32\wlndis50.cat
2012-08-28 03:07 - 2008-02-27 12:54 - 00020480 ____A () C:\Windows\System32\wlndis50.sys
2012-08-28 03:07 - 2008-02-27 12:54 - 00020480 ____A () C:\Windows\System32\Drivers\WLNdis50.sys
2012-08-28 03:06 - 2012-08-28 03:06 - 00000000 ____D C:\Windows\pcidevice
2012-08-28 03:06 - 2010-04-27 18:09 - 01605056 ____A (Atheros Communications, Inc.) C:\Windows\System32\Drivers\athw.sys
2012-08-28 03:05 - 2012-08-28 03:05 - 00000000 ____A C:\Windows\setuperr.log
2012-08-28 01:57 - 2012-08-28 05:02 - 00000000 ____D C:\Windows\LastGood.Tmp
2012-08-27 23:02 - 2012-08-27 23:10 - 06955968 ____A (Microsoft Corporation) C:\Documents and Settings\Owner\Desktop\Silverlight.exe
2012-08-26 23:24 - 2012-08-26 23:24 - 00000063 ___AC C:\1.html
2012-08-26 21:38 - 2012-08-26 21:38 - 01654976 ____A (W3i, LLC) C:\Documents and Settings\Owner\Desktop\mplayer_tuguu_1271.exe
2012-08-25 15:10 - 2012-08-25 15:10 - 20980010 ____A C:\Documents and Settings\Owner\Desktop\dwa552_drivers_170.zip
2012-08-25 13:36 - 2012-08-25 13:36 - 00000000 ____D C:\Program Files\Copy of Microsoft Security Client
2012-08-25 13:34 - 2012-08-25 13:34 - 00000000 ____D C:\Program Files\Copy of ArcSoft
2012-08-21 16:34 - 2012-08-21 16:34 - 01096976 ____A C:\Documents and Settings\Owner\Desktop\windows-xp-service-pack-2-toDownload.exe
2012-08-21 16:31 - 2012-08-21 16:32 - 01096976 ____A C:\Documents and Settings\Owner\Desktop\windows-xp-service-pack-3-toDownload.exe
2012-08-16 15:35 - 2012-08-25 13:27 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\pics
2012-08-16 05:16 - 2012-08-16 05:16 - 00013332 ____A C:\Windows\KB2731847.log
2012-08-16 05:08 - 2012-08-16 05:09 - 00011942 ____A C:\Windows\KB2723135.log
2012-08-16 05:01 - 2012-08-16 05:05 - 00016405 ____A C:\Windows\KB2722913-IE8.log
2012-08-15 22:25 - 2012-08-16 05:18 - 00018547 ____A C:\Windows\KB2712808.log
2012-08-15 22:25 - 2012-08-16 05:10 - 00018161 ____A C:\Windows\KB2705219.log
2012-08-14 15:48 - 2012-08-14 15:48 - 09826504 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe

============ 3 Months Modified Files ========================

2012-09-10 10:11 - 2005-12-08 07:39 - 00263824 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-10 09:21 - 2012-09-09 01:01 - 00060322 ___AC C:\OTL.Txt
2012-09-02 00:49 - 2012-09-02 00:49 - 00010048 ____N C:\bootex.log
2012-09-01 23:48 - 2012-07-22 15:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-01 23:09 - 2005-12-08 15:47 - 01225068 ____A C:\Windows\WindowsUpdate.log
2012-09-01 10:48 - 2005-12-08 15:52 - 00032460 ____A C:\Windows\SchedLgU.Txt
2012-08-31 13:57 - 2009-10-26 14:45 - 00118272 __ASH C:\Documents and Settings\Owner\Desktop\Thumbs.db
2012-08-30 05:07 - 2005-12-08 07:40 - 00511862 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-29 05:01 - 2011-10-28 19:27 - 00023894 ___AC C:\Windows\KB2564958.log
2012-08-28 05:05 - 2012-07-22 10:52 - 00025551 ____A C:\Windows\KB2695962.log
2012-08-28 05:05 - 2012-01-10 13:19 - 00019556 ___AC C:\Windows\KB2618451.log
2012-08-28 03:08 - 2011-02-08 13:06 - 00262354 ____A C:\Windows\setupapi.log
2012-08-28 03:07 - 2012-08-28 03:07 - 00000641 ____A C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
2012-08-28 03:05 - 2012-08-28 03:05 - 00000000 ____A C:\Windows\setuperr.log
2012-08-28 03:05 - 2011-02-09 05:00 - 00538508 ___AC C:\Windows\FaxSetup.log
2012-08-28 03:05 - 2011-02-09 05:00 - 00259985 ___AC C:\Windows\ocgen.log
2012-08-28 03:05 - 2011-02-09 05:00 - 00206798 ___AC C:\Windows\tsoc.log
2012-08-28 03:05 - 2011-02-09 05:00 - 00177944 ___AC C:\Windows\comsetup.log
2012-08-28 03:05 - 2011-02-09 05:00 - 00108289 ___AC C:\Windows\ntdtcsetup.log
2012-08-28 03:05 - 2011-02-09 05:00 - 00084785 ___AC C:\Windows\iis6.log
2012-08-28 03:05 - 2011-02-09 05:00 - 00029881 ___AC C:\Windows\ocmsn.log
2012-08-28 03:05 - 2011-02-09 05:00 - 00027047 ___AC C:\Windows\msgsocm.log
2012-08-28 03:05 - 2011-02-09 05:00 - 00001917 ____A C:\Windows\imsins.log
2012-08-27 23:10 - 2012-08-27 23:02 - 06955968 ____A (Microsoft Corporation) C:\Documents and Settings\Owner\Desktop\Silverlight.exe
2012-08-27 22:43 - 2012-07-22 10:46 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2012-08-27 22:33 - 2005-12-08 15:52 - 00000062 __ASH C:\Documents and Settings\Owner\Local Settings\desktop.ini
2012-08-27 22:33 - 2005-12-08 15:52 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-08-27 22:33 - 2005-12-08 15:52 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-08-27 22:33 - 2005-12-08 15:52 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-27 22:33 - 2005-12-08 07:42 - 00000159 ____A C:\Windows\wiadebug.log
2012-08-27 22:33 - 2005-12-08 07:42 - 00000049 ____A C:\Windows\wiaservc.log
2012-08-27 22:33 - 2004-08-04 08:00 - 00002206 ____A C:\Windows\System32\wpa.dbl
2012-08-27 19:41 - 2005-12-08 15:52 - 00000278 ___SH C:\Documents and Settings\Owner\ntuser.ini
2012-08-27 18:49 - 2006-01-22 15:33 - 00067216 ___AC C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-08-26 23:24 - 2012-08-26 23:24 - 00000063 ___AC C:\1.html
2012-08-26 21:38 - 2012-08-26 21:38 - 01654976 ____A (W3i, LLC) C:\Documents and Settings\Owner\Desktop\mplayer_tuguu_1271.exe
2012-08-26 06:51 - 2009-11-04 14:24 - 00000456 ____A C:\Windows\Tasks\Driver Robot.job
2012-08-25 15:10 - 2012-08-25 15:10 - 20980010 ____A C:\Documents and Settings\Owner\Desktop\dwa552_drivers_170.zip
2012-08-25 14:10 - 2011-02-08 13:06 - 00000671 ____A C:\Windows\setupact.log
2012-08-25 13:32 - 2006-10-09 02:49 - 00020992 ___AC C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-21 16:34 - 2012-08-21 16:34 - 01096976 ____A C:\Documents and Settings\Owner\Desktop\windows-xp-service-pack-2-toDownload.exe
2012-08-21 16:32 - 2012-08-21 16:31 - 01096976 ____A C:\Documents and Settings\Owner\Desktop\windows-xp-service-pack-3-toDownload.exe
2012-08-21 01:22 - 2011-06-17 19:47 - 00003627 ___AC C:\Windows\wmsetup.log
2012-08-16 05:18 - 2012-08-15 22:25 - 00018547 ____A C:\Windows\KB2712808.log
2012-08-16 05:18 - 2011-02-09 05:00 - 00001374 ____A C:\Windows\imsins.BAK
2012-08-16 05:16 - 2012-08-16 05:16 - 00013332 ____A C:\Windows\KB2731847.log
2012-08-16 05:11 - 2005-12-10 12:01 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-16 05:10 - 2012-08-15 22:25 - 00018161 ____A C:\Windows\KB2705219.log
2012-08-16 05:10 - 2011-02-09 05:01 - 00034972 ___AC C:\Windows\updspapi.log
2012-08-16 05:09 - 2012-08-16 05:08 - 00011942 ____A C:\Windows\KB2723135.log
2012-08-16 05:05 - 2012-08-16 05:01 - 00016405 ____A C:\Windows\KB2722913-IE8.log
2012-08-14 15:48 - 2012-08-14 15:48 - 09826504 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2012-08-14 15:48 - 2012-07-22 15:23 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-14 15:48 - 2011-05-26 09:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-08 18:11 - 2012-08-08 18:10 - 34294688 ____A C:\Documents and Settings\Owner\Desktop\vlcmediaplayer-setup.exe
2012-08-05 22:10 - 2009-10-26 15:00 - 01577188 __ASH C:\Documents and Settings\Owner\My Documents\Thumbs.db
2012-08-05 14:38 - 2006-10-09 02:49 - 00007680 _ASHC C:\Windows\Thumbs.db
2012-08-05 02:53 - 2012-08-05 02:53 - 00012188 ____A C:\Windows\DPINST.LOG
2012-07-23 01:28 - 2012-07-23 01:28 - 00001867 ____A C:\Documents and Settings\Owner\Desktop\Spotify.lnk
2012-07-22 17:55 - 2012-07-22 17:55 - 00000104 ____A C:\Documents and Settings\Owner\Desktop\Internet.lnk
2012-07-22 17:37 - 2012-07-22 17:37 - 00000932 ____A C:\Documents and Settings\Owner\My Documents\My Sharing Folders.lnk
2012-07-22 17:11 - 2004-08-04 08:00 - 00000578 ____A C:\Windows\win.ini
2012-07-22 11:34 - 2012-07-22 01:28 - 00026529 ____A C:\Windows\KB2707511.log
2012-07-22 11:33 - 2012-07-22 11:32 - 00013956 ____A C:\Windows\KB2659262.log
2012-07-22 11:27 - 2012-07-22 01:28 - 00024096 ____A C:\Windows\KB2691442.log
2012-07-22 11:17 - 2012-07-22 11:17 - 00016109 ____A C:\Windows\KB2718523.log
2012-07-22 11:17 - 2012-07-22 01:27 - 00023075 ____A C:\Windows\KB2655992.log
2012-07-22 11:08 - 2012-07-22 11:07 - 00015151 ____A C:\Windows\KB2686509.log
2012-07-22 11:05 - 2012-07-22 01:27 - 00022297 ____A C:\Windows\KB2719985.log
2012-07-22 11:04 - 2012-07-22 01:27 - 00021700 ____A C:\Windows\KB2718704.log
2012-07-22 10:50 - 2012-07-22 10:47 - 00018232 ____A C:\Windows\KB2699988-IE8.log
2012-07-22 10:46 - 2012-07-22 10:45 - 00009855 ____A C:\Windows\KB2685939.log
2012-07-22 10:43 - 2012-07-22 01:24 - 00016374 ____A C:\Windows\KB2653956.log
2012-07-22 10:39 - 2012-07-22 10:37 - 00009536 ____A C:\Windows\KB2698365.log
2012-07-22 10:36 - 2011-02-04 16:19 - 00001945 ___AC C:\Windows\epplauncher.mif
2012-07-22 05:28 - 2012-07-22 01:20 - 00021257 ____A C:\Windows\KB2676562.log
2012-07-12 10:29 - 2012-07-12 10:29 - 04534272 ____A C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi
2012-07-06 09:58 - 2012-07-06 09:58 - 00078336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\browser.dll
2012-07-06 09:58 - 2008-10-24 07:27 - 00337920 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\netapi32.dll
2012-07-06 09:58 - 2004-08-04 08:00 - 00337920 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-06 09:58 - 2004-08-04 08:00 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 10:05 - 2011-08-11 12:30 - 00139784 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\rdpwd.sys
2012-07-04 10:05 - 2005-12-08 15:44 - 00139784 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-07-03 09:40 - 2008-10-15 18:04 - 01866112 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\win32k.sys
2012-07-03 09:40 - 2004-08-04 08:00 - 01866112 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-03 01:19 - 2007-05-09 15:16 - 11111424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2012-07-03 01:19 - 2006-10-17 17:33 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-02 13:49 - 2012-07-22 01:27 - 00521728 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\jsdbgui.dll
2012-07-02 13:49 - 2010-06-11 21:23 - 00743424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2012-07-02 13:49 - 2009-08-30 22:02 - 00247808 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2012-07-02 13:49 - 2009-08-30 22:02 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2012-07-02 13:49 - 2007-05-09 15:16 - 02000384 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2012-07-02 13:49 - 2007-05-09 15:16 - 00629760 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2012-07-02 13:49 - 2007-05-09 15:16 - 00055296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2012-07-02 13:49 - 2006-10-17 17:33 - 00629760 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-07-02 13:49 - 2006-10-17 17:33 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-07-02 13:49 - 2006-10-17 16:57 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 06008320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 06008320 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 01469440 ____N (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-02 13:49 - 2004-08-04 08:00 - 01469440 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
2012-07-02 13:49 - 2004-08-04 08:00 - 01212416 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00916992 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00611840 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00387584 ____N (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00387584 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00206848 ____N (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00206848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00184320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00105984 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00067072 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00043520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00025600 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
2012-07-02 13:49 - 2004-08-04 08:00 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-02 08:05 - 2004-08-04 08:00 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-07-02 08:05 - 2004-08-04 08:00 - 00174080 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-07-02 08:05 - 2004-08-04 08:00 - 00174080 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

==================== Restore Points (XP) =====================

RP: -> 2012-09-01 22:49 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP73

RP: -> 2012-08-31 22:49 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP72

RP: -> 2012-08-31 05:00 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP71

RP: -> 2012-08-30 22:47 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP70

RP: -> 2012-08-30 05:00 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP69

RP: -> 2012-08-29 22:47 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP68

RP: -> 2012-08-29 05:00 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP67

RP: -> 2012-08-28 22:47 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP66

RP: -> 2012-08-28 05:01 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP65

RP: -> 2012-08-28 03:23 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP64

RP: -> 2012-08-28 03:07 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP63

RP: -> 2012-08-28 02:50 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP62

RP: -> 2012-08-28 01:59 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP61

RP: -> 2012-08-27 22:57 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP60

RP: -> 2012-08-27 19:42 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP59

RP: -> 2012-08-27 18:51 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP58

RP: -> 2012-08-27 17:37 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP57

RP: -> 2012-08-27 13:36 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP56

RP: -> 2012-08-26 22:42 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP55

RP: -> 2012-08-26 16:23 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP54

RP: -> 2012-08-26 05:00 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP53

RP: -> 2012-08-26 03:59 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP52

RP: -> 2012-08-25 16:21 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP51

RP: -> 2012-08-25 15:13 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP50

RP: -> 2012-08-24 12:55 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP49

RP: -> 2012-08-23 12:51 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP48

RP: -> 2012-08-22 18:57 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP47

RP: -> 2012-08-21 15:12 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP46

RP: -> 2012-08-20 15:09 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP45

RP: -> 2012-08-19 03:21 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP44

RP: -> 2012-08-18 16:28 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP43

RP: -> 2012-08-17 15:49 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP42

RP: -> 2012-08-16 12:28 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP41

RP: -> 2012-08-16 05:01 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP40

RP: -> 2012-08-15 12:31 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP39

RP: -> 2012-08-14 12:27 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP38

RP: -> 2012-08-13 12:30 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP37

RP: -> 2012-08-13 04:32 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP36

RP: -> 2012-08-12 02:48 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP35

RP: -> 2012-08-11 15:33 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP34

RP: -> 2012-08-10 02:46 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP33

RP: -> 2012-08-09 02:47 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP32

RP: -> 2012-08-08 02:45 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP31

RP: -> 2012-08-07 02:47 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP30

RP: -> 2012-08-06 02:42 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP29

RP: -> 2012-08-05 02:54 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP28

RP: -> 2012-08-05 02:53 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP27

RP: -> 2012-08-05 02:39 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP26

RP: -> 2012-08-02 21:10 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP25

RP: -> 2012-08-01 21:17 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP24

RP: -> 2012-08-01 18:42 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP23

RP: -> 2012-07-31 12:32 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP22

RP: -> 2012-07-30 11:43 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP21

RP: -> 2012-07-29 11:40 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP20

RP: -> 2012-07-29 04:18 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP19

RP: -> 2012-07-28 11:44 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP18

RP: -> 2012-07-27 20:57 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP17

RP: -> 2012-07-26 16:43 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP16

RP: -> 2012-07-25 13:26 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP15

RP: -> 2012-07-24 13:24 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP14

RP: -> 2012-07-23 12:23 - 024576 _restore{C5CE5F2E-4A5B-454A-9037-27DA643D364B}\RP13


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 510 MB
Available physical RAM: 259.68 MB
Total Pagefile: 457.72 MB
Available Pagefile: 301.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.18 MB

==================== Partitions ============================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: () (Fixed) (Total:71.46 GB) (Free:50.48 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: () (Removable) (Total:0.95 GB) (Free:0.71 GB) FAT
6 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 74 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 71 GB 39 MB
Partition 3 Unknown 3075 MB 71 GB
==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 FAT Partition 39 MB Healthy
==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 71 GB Healthy
==================================================================================

Disk: 0
Partition 3
Type : DB
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT32 Partition 3075 MB Healthy
==================================================================================
==================== End Of Log =============================

[Essexboy]

OK I will try this fix and if it fails I will look at forcing a restore point

Download the attached fixlist.txt to the same USB drive as FRST
[attachment=60430:fixlist.txt]
Restart the computer as before to the Reatogo desktop
Run FRST and click Fix

A log will be generated on the USB drive

Reboot to normal windows

Once there then please run OTL and post the log along with the FRST fix log

[devdyer]

Still getting the blue screen when I try to reboot to normal windows.

Time to pull out all the stops? If it helps, there isn't any data that I need to salvage. If everything needs to be wiped, that's totally fine.

Here's the FRST Log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-09-2012
Ran by SYSTEM at 2012-09-10 23:56:33 Run:3
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default value was restored successfully .
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\\Default value was restored successfully .
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\\Default value was restored successfully .
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\Default value was restored successfully .

==== End of Fixlog ====

[Essexboy]

OK lets try to force a restore point

Download the attached fixlist.txt to the same USB drive as FRST
[attachment=60433:fixlist.txt]
Restart the computer as before to the Reatogo desktop
Run FRST and click Fix

A log will be generated on the USB drive

Reboot to normal windows

[devdyer]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-09-2012
Ran by SYSTEM at 2012-09-11 13:13:12 Run:4
Running from D:\

==============================================

SAM hive was successfully restored from Restore Point.
SECURITY hive was successfully restored from Restore Point.
Software hive was successfully restored from Restore Point.
System hive was successfully restored from Restore Point.
Default hive was successfully restored from Restore Point.

==== End of Fixlog ====

[Essexboy]

Can you try normal windows now please

[devdyer]

Doesn't work