Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Won't Boot: Error ' Kernel data inpage error' [Cl


  • This topic is locked This topic is locked

#1
discoveringyou

discoveringyou

    Member

  • Member
  • PipPip
  • 59 posts
Hi all,

My cursed computer is down again with the blue screen of death. Error is that it will not let me load into windows - I cannot get access to windows under normal boot up, must try safe mode later.

I am running windows Vista - and the error read 'Kernel data inpage error'.

Symptoms - computer froze - rebooted , and blue screen appeared with 'Kernel data inpage error' - I can enter my password and see the desktop but it freezes before being able to run a virus scan or access anything.

Any advise on next steps to solve this - hoping I do not have to format computer ?

Thanks
Tim
  • 0

Advertisements


#2
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
OTL logfile created on: 12/8/2012 09:39:30 PM - Run 5
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\timothy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 56.11% Memory free
3.81 Gb Paging File | 3.14 Gb Available in Paging File | 82.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 2.48 Gb Free Space | 8.45% Space Free | Partition Type: NTFS
Drive E: | 436.46 Gb Total Space | 18.73 Gb Free Space | 4.29% Space Free | Partition Type: NTFS
Drive H: | 465.64 Gb Total Space | 140.28 Gb Free Space | 30.12% Space Free | Partition Type: FAT32

Computer Name: TIM | User Name: timothy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/31 02:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/10/31 02:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/08/03 05:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012/08/03 05:12:18 | 000,387,440 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2012/08/03 05:10:40 | 000,476,016 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/24 22:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\timothy\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/04/11 04:04:10 | 001,202,504 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2011/09/13 11:15:48 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\timothy\Desktop\OTL.exe
PRC - [2011/07/29 03:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/28 19:23:46 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/12/22 17:21:38 | 000,088,688 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\KaraokeSer.exe
PRC - [2010/01/15 16:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/02/18 01:45:19 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/04/14 04:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/13 15:06:58 | 002,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/02/13 15:02:46 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/02/13 15:02:24 | 000,405,776 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/02/05 20:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/12/13 18:36:46 | 000,049,220 | ---- | M] (Samsung) -- C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
PRC - [2007/06/25 10:47:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/06/25 10:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/06/25 10:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/09 14:54:50 | 002,038,272 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12120901\algo.dll
MOD - [2012/08/03 05:19:06 | 000,009,584 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2012/08/03 05:12:18 | 000,387,440 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
MOD - [2012/08/03 05:10:40 | 000,476,016 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
MOD - [2012/08/03 05:08:20 | 000,658,800 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\af_proxy.dll
MOD - [2012/04/11 04:04:10 | 001,202,504 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
MOD - [2011/11/03 19:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/07/29 03:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 03:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/18 01:45:18 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2008/04/14 04:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 04:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/13 15:13:48 | 000,108,816 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL
MOD - [2008/02/13 15:06:58 | 002,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/02/13 15:04:40 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2008/02/13 15:04:18 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
MOD - [2008/02/13 15:04:06 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
MOD - [2008/02/13 15:03:20 | 000,167,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\EFVal.dll
MOD - [2008/02/13 15:02:58 | 000,344,336 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
MOD - [2008/02/13 15:02:46 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2008/02/05 20:18:58 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
MOD - [2007/08/14 17:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 15:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 15:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2006/06/16 18:20:54 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004/10/12 09:46:32 | 001,761,280 | ---- | M] () -- C:\WINDOWS\system32\ffdshow.ax


========== Win32 Services (SafeList) ==========

SRV - [2012/10/31 02:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/08/03 05:20:24 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012/08/03 05:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012/08/03 05:12:18 | 000,387,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/08/03 05:10:40 | 000,476,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/22 17:21:38 | 000,088,688 | R--- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\WINDOWS\system32\KaraokeSer.exe -- (KaraokeService)
SRV - [2010/01/15 16:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/07/04 14:52:18 | 000,014,336 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/02/05 20:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 20:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 20:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/06/25 10:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2012/10/31 02:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/31 02:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/31 02:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/31 02:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/31 02:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/31 02:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/31 02:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/27 01:45:14 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/03/07 04:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011/03/18 20:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/12/22 17:21:40 | 002,804,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/06/25 11:07:44 | 000,061,552 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/23 12:38:50 | 000,056,320 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\DualCoreCenter\RushTop.sys -- (RushTopDevice2)
DRV - [2008/03/17 13:03:46 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/02/27 10:08:04 | 000,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter)
DRV - [2008/02/14 13:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/02/06 06:21:48 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/02/06 06:21:37 | 004,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008/02/06 06:21:25 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/06 06:20:40 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/02/05 20:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 20:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2008/01/03 18:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/25 10:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 10:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 10:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/02/08 14:56:20 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1unic.sys -- (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM)
DRV - [2007/02/08 14:56:06 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1obex.sys -- (sea1obex)
DRV - [2007/02/08 14:56:02 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1nd5.sys -- (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS)
DRV - [2007/02/08 14:56:00 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mgmt.sys -- (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM)
DRV - [2007/02/08 14:55:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdm.sys -- (sea1mdm)
DRV - [2007/02/08 14:55:50 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdfl.sys -- (sea1mdfl)
DRV - [2007/02/08 14:55:40 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1bus.sys -- (sea1bus) Sony Ericsson Device 0A1 driver (WDM)
DRV - [2006/08/28 19:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2006/08/28 19:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
DRV - [1996/04/03 23:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alnaddy.com/?t=706
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Alnaddy"
FF - prefs.js..browser.startup.homepage: "http://www.alnaddy.com/?t=706"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..keyword.URL: "http://www.alnaddy.c...com/search/?q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\timothy\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\timothy\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/16 20:07:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/12/08 20:08:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 23:57:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/18 01:54:40 | 000,000,000 | ---D | M]

[2009/08/04 00:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\timothy\Application Data\Mozilla\Extensions
[2012/07/26 01:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\extensions
[2012/06/30 11:00:17 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/07/26 01:20:01 | 000,000,000 | ---D | M] (TheBflix) -- C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\extensions\[email protected]
[2012/07/26 01:20:02 | 000,000,000 | ---D | M] (alnaddyToolbar.com) -- C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\extensions\[email protected]
[2011/12/18 22:51:32 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\extensions\[email protected].com
[2012/06/02 18:35:03 | 000,001,389 | ---- | M] () -- C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\searchplugins\alnaddyToolbar.xml
[2012/10/18 01:54:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/16 23:18:25 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/10/18 01:54:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/06/02 19:28:54 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/02/27 15:22:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/07 04:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/07 04:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/01/26 08:58:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/26 08:58:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/09/15 12:02:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Alnaddy.com Helper Object) - {55928DD2-8878-4275-AAB3-B3A09A67A1EB} - C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.23.10\bh\alnaddyToolbar.dll (Alnaddy.com)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Alnaddy.com Toolbar) - {CD3AED25-23AB-4543-B915-159449C37197} - C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.23.10\alnaddyToolbarTlbr.dll (Alnaddy.com)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk = C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
O4 - Startup: C:\Documents and Settings\timothy\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\timothy\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50CE6526-2D5C-4759-A5E6-1953A4E5F477}: DhcpNameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{636C073A-D6EC-4CEE-B0B7-2C83000ACD4A}: DhcpNameServer = 213.132.63.25 80.227.2.4
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\timothy\Application Data\ACD Systems\ACDSee\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\timothy\Application Data\ACD Systems\ACDSee\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/29 13:16:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\Alwil Software\Avast5")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/12/08 21:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\timothy\Desktop\old OTL scans
[2012/12/07 11:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\timothy\My Documents\Audible
[2011/11/08 16:15:35 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2011/11/08 16:15:35 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2011/11/08 16:14:22 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2004/11/24 22:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/08 21:35:08 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/12/08 21:25:12 | 000,436,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/08 21:25:12 | 000,068,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/08 21:24:11 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2012/12/08 21:22:30 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/12/08 21:20:33 | 000,000,532 | -H-- | M] () -- C:\WINDOWS\tasks\TheBflixUpdaterLogonTask.job
[2012/12/08 21:20:33 | 000,000,512 | -H-- | M] () -- C:\WINDOWS\tasks\TheBflixUpdaterRefreshTask.job
[2012/12/08 21:20:32 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1390067357-839522115-500.job
[2012/12/08 21:19:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/08 21:19:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/12/08 21:19:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/12/08 20:55:03 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1390067357-839522115-500UA.job
[2012/12/08 20:40:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/12/08 20:10:39 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/12/08 20:10:32 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/12/08 20:08:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/08 12:11:43 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1390067357-839522115-500.job
[2012/12/07 12:03:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/12/05 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/12/05 02:30:04 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\timothy\Desktop\Microsoft Office Word 2003.lnk
[2012/12/03 12:57:52 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\timothy\Desktop\Google Chrome.lnk
[2012/12/03 12:57:52 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/20 20:35:13 | 000,168,448 | ---- | M] () -- C:\Documents and Settings\timothy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/19 23:54:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/11/18 22:42:45 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\timothy\Desktop\Microsoft Office Excel 2003.lnk
[2012/11/14 10:10:03 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/11/14 09:55:07 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1390067357-839522115-500Core.job
[2012/11/14 07:22:12 | 000,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/14 00:57:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/03 08:21:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2012/06/30 14:30:42 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/06/16 12:09:40 | 000,178,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/03/10 19:53:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 01:53:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/14 11:11:45 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/11/08 16:14:22 | 000,000,151 | R--- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/11/08 16:14:10 | 000,982,224 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/11/08 16:14:10 | 000,439,336 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/09/14 01:19:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/14 01:19:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/14 01:19:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/14 01:19:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/14 01:19:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/28 18:40:35 | 000,065,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/30 23:44:53 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/05 02:38:34 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/04 00:19:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/07 21:54:29 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/05/18 22:45:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/02/18 02:02:01 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/02/18 01:48:04 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/14 21:36:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2009/02/09 03:09:14 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys
[2009/02/09 02:46:25 | 000,168,448 | ---- | C] () -- C:\Documents and Settings\timothy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/09 02:38:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/29 15:09:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/29 15:08:10 | 000,311,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/29 15:01:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/29 14:45:26 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2009/01/29 14:38:16 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/01/29 14:35:13 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/01/29 13:17:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/29 13:14:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/06/23 15:02:02 | 000,097,410 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/05/23 19:48:50 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2008/02/05 20:20:08 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2005/04/28 08:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/28 08:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/11/29 18:43:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/12 09:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 09:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 09:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 09:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 11:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 20:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/04 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 16:00:00 | 000,436,064 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 16:00:00 | 000,068,834 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 16:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 16:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/27 16:13:54 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 22:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/05 03:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/05 03:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/05 03:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/16 03:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/03/21 17:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/02/26 16:01:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\msasf.exe
[1996/04/03 23:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >
  • 0

#3
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hi all, got in via safe mode and restored to 5 days ago. PC worked for 30 min then the same dreaded blue screen of death. I ran avast quick scan and OTL report. By restoring to 5 days prior I have been able to remove the programmes that were installed recently ( namely Audible.com - which is the only program installed recently). Trying to run a full system Avast scan but not sure if PC will stay alive to do so. If you have any other tips please let me know?

There are 2 weird files which have been modified recently from the OTL report

[2012/12/07 12:03:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/12/05 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

not sure if they are doing something to corrupt things?
  • 0

#4
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hi all,

Really hoping someone can help me with this.
Latest update, ran an Avast boot virus scan overnight, but in the morning the dreaded blue screen appeared - see attached.

Latest symptoms and developments

1) Ran Avast virus check quick scan - found nothing from Avast scan- computer crashed 20 minutes later with blue screen (image 1) everything freezes)
2) Rebooted, attempted full system scan - computer worked properly for 30 minutes then crashed
3) Ran Avast boot scan over night on the reboot - awoke with blue screen (image 2)
3) Going to run a full system scan in safe mode this evening.

Can anyone help?? Not sure what to do? It works fine for 20 minutes and then crashes

See attached for screenshot

Image 1 - first crash
Image 2 - second crash after trying to run avast boot scan overnight.

Any help would be super appreciated!

Cheers
Tim

Attached Thumbnails

  • Image 1 -  0121209-2118.jpg
  • Image 2 -  20121210-0027.jpg

  • 0

#5
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
HI All, not sure what to do.

Any help would be super appreciated - even if its that the PC is screwed and need to take it in.
Cheers
Tim
  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Hi,

Here is a link to a likely issue with your CMOS battery. Try that and if it boots let us know and we will focus on the malware next.

Regards,

CompCav
  • 0

#7
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Thanks CompCav, super appreciate you getting back to me. I am currently at work and will try the CMOS battery tonight - i.e. 12 hours time and revert with finding.

Best,

Tim
  • 0

#8
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Tim,

No problem, looking forward to your post!

Regards.

CompCav
  • 0

#9
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hey there just got home, rebooted and logged in to XP - currently working. Thought I would upload following addition info. ( but don't seem able to upload word doc with screenshot), so will just tell ya that temp is fine(based on speedfan - cor 0 and 1 around 43C) and below from speccy. Going to try run the full virus scan Avast now and then once done - take the CMOS battery out

Operating System
MS Windows XP Professional 32-bit SP3
CPU
Intel Core 2 Duo E7300 @ 2.66GHz 43 °C
Wolfdale 45nm Technology
RAM
2.00 GB Single-Channel DDR3 @ 533MHz (7-7-7-20)
Motherboard
Gigabyte Technology Co., Ltd. G41MT-S2P (Socket 775) 23 °C
Graphics
SyncMaster ([email protected])
Intel® G41 Express Chipset
Hard Drives
488GB Seagate ST3500410AS (SATA) 37 °C
Optical Drives
ATAPI iHAS120 6
Audio
VIA High Definition Audio
  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Step 1.

Download AdwCleaner from here to your desktop
Run AdwCleaner for Vista and 7 right click and select Run as administrator

Select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please post it


Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
    {*]Under Extra Registry select Use SafeList
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 3.

Please post:

AdwCleaner log
aswMBR log
OTL.txt
Extras.txt


Give me an update on your computer's issues.
  • 0

Advertisements


#11
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
great - going to follow steps now - currently not in safe mode - so may crash. Will post when done
  • 0

#12
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
# AdwCleaner v2.100 - Logfile created 12/10/2012 at 19:12:57
# Updated 09/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : timothy - TIM
# Boot Mode : Normal
# Running from : C:\Documents and Settings\timothy\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
File Deleted : C:\user.js
Folder Deleted : C:\DOCUME~1\timothy\LOCALS~1\Temp\CT3072253
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\All Users\Application Data\TheBflix
Folder Deleted : C:\Documents and Settings\Temp\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\CT3072253
Folder Deleted : C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Deleted : C:\Documents and Settings\timothy\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\timothy\Local Settings\Application Data\uTorrentControl2
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\Program Files\uTorrentControl2

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Toolbar
Key Deleted : HKCU\Software\uTorrentControl2
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2117678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E041F1F1-34E0-4CAB-AF4F-6D5CFA3659FC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0133318-133B-489F-8A5E-87033C196922}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55928DD2-8878-4275-AAB3-B3A09A67A1EB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\uTorrentControl2
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Temp\Application Data\Mozilla\Firefox\Profiles\19zzzyaw.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\prefs.js

C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\user.js ... Deleted !

Deleted : user_pref("CT2117678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2117678.CTID", "CT2117678");
Deleted : user_pref("CT2117678.CurrentServerDate", "3-6-2011");
Deleted : user_pref("CT2117678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2117678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2117678.EMailNotifierPollDate", "Fri Jun 03 2011 14:10:46 GMT+0400 (Arabian Standard Ti[...]
Deleted : user_pref("CT2117678.FirstServerDate", "29-5-2011");
Deleted : user_pref("CT2117678.FirstTime", true);
Deleted : user_pref("CT2117678.FirstTimeFF3", true);
Deleted : user_pref("CT2117678.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2117678.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2117678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2117678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2117678.Initialize", true);
Deleted : user_pref("CT2117678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2117678.InstallationAndCookieDataSentCount", 2);
Deleted : user_pref("CT2117678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2117678.InstalledDate", "Sun May 29 2011 13:55:05 GMT+0400 (Arabian Standard Time)");
Deleted : user_pref("CT2117678.InvalidateCache", false);
Deleted : user_pref("CT2117678.IsGrouping", false);
Deleted : user_pref("CT2117678.IsMulticommunity", false);
Deleted : user_pref("CT2117678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2117678.IsOpenUninstallPage", true);
Deleted : user_pref("CT2117678.LanguagePackLastCheckTime", "Fri Jun 03 2011 14:05:47 GMT+0400 (Arabian Standar[...]
Deleted : user_pref("CT2117678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2117678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2117678.LastLogin_2.7.2.0", "Fri Jun 03 2011 14:05:47 GMT+0400 (Arabian Standard Time)"[...]
Deleted : user_pref("CT2117678.LatestVersion", "3.3.5.1");
Deleted : user_pref("CT2117678.Locale", "en-us");
Deleted : user_pref("CT2117678.LoginCache", 4);
Deleted : user_pref("CT2117678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2117678.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT2117678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2117678.RadioIsPodcast", false);
Deleted : user_pref("CT2117678.RadioLastCheckTime", "Fri Jun 03 2011 14:05:47 GMT+0400 (Arabian Standard Time)[...]
Deleted : user_pref("CT2117678.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2117678.RadioLastUpdateServer", "128929877726170000");
Deleted : user_pref("CT2117678.RadioMediaID", "9583498");
Deleted : user_pref("CT2117678.RadioMediaType", "Media Player");
Deleted : user_pref("CT2117678.RadioMenuSelectedID", "EBRadioMenu_CT21176789583498");
Deleted : user_pref("CT2117678.RadioStationName", "ABC%20Newsradio%20");
Deleted : user_pref("CT2117678.RadioStationURL", "hxxp://www.abc.net.au/streaming/newsradio.asx");
Deleted : user_pref("CT2117678.SavedHomepage", "hxxp://www.google.co.za/");
Deleted : user_pref("CT2117678.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2117678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2117678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT211[...]
Deleted : user_pref("CT2117678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2117678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2117678.SearchInNewTabLastCheckTime", "Fri Jun 03 2011 14:05:46 GMT+0400 (Arabian Stand[...]
Deleted : user_pref("CT2117678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2117678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2117678.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2117678.SettingsLastCheckTime", "Fri Jun 03 2011 14:05:46 GMT+0400 (Arabian Standard Ti[...]
Deleted : user_pref("CT2117678.SettingsLastUpdate", "1306530423");
Deleted : user_pref("CT2117678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2117678.ThirdPartyComponentsLastCheck", "Sun May 29 2011 13:55:01 GMT+0400 (Arabian Sta[...]
Deleted : user_pref("CT2117678.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2117678.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2117678.UserID", "UN47021017374332627");
Deleted : user_pref("CT2117678.WeatherNetwork", "");
Deleted : user_pref("CT2117678.WeatherPollDate", "Fri Jun 03 2011 14:05:47 GMT+0400 (Arabian Standard Time)");
Deleted : user_pref("CT2117678.WeatherUnit", "C");
Deleted : user_pref("CT2117678.alertChannelId", "522511");
Deleted : user_pref("CT2117678.clientLogIsEnabled", true);
Deleted : user_pref("CT2117678.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2117678.myStuffEnabled", true);
Deleted : user_pref("CT2117678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2117678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2117678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2117678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2117678.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Thu Jul 26 2012 01:20:12 GMT+0400 (Arabian Standa[...]
Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Thu Jul 26 2012 01:20:11 GMT+0400 (Arabian Standard [...]
Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Thu Jul 26 2012 01:20:11 GMT+0400 (Arabian Standard Ti[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Thu Jul 26 2012 01:20:11 GMT+0400 (Arabian Sta[...]
Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT3072253.autoDisableScopes", 10);
Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Thu Jul 26 2012 01:20:12 GMT+0400 (Arabian [...]
Deleted : user_pref("CT3072253.initDone", true);
Deleted : user_pref("CT3072253.revertSettingsEnabled", true);
Deleted : user_pref("CT3072253.testingCtid", "");
Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Thu Jul 26 2012 01:20:12 GMT+0400 (Arabian S[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\timothy\\Applicati[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2117678");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2117678");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2117678");
Deleted : user_pref("CommunityToolbar.notifications.locale", "");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Jul 26 2012 01:20:12 GMT+0400 (A[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.userId", "d060f8bb-03d6-46c8-a445-0c9ddacf57fc");
Deleted : user_pref("extensions.4fca23c9de50c.scode", "(function(){try{if('mystart.incredibar.com,premiumrepor[...]

-\\ Google Chrome v23.0.1271.95

File : C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [15000 octets] - [10/12/2012 19:12:57]

########## EOF - C:\AdwCleaner[S1].txt - [15061 octets] ##########
  • 0

#13
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-10 19:24:27
-----------------------------
19:24:27.484 OS Version: Windows 5.1.2600 Service Pack 3
19:24:27.484 Number of processors: 2 586 0x1706
19:24:27.484 ComputerName: TIM UserName:
19:24:28.171 Initialize success
19:24:32.562 AVAST engine defs: 12121101
19:24:44.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
19:24:44.531 Disk 0 Vendor: ST3500410AS CC33 Size: 476940MB BusType: 3
19:24:44.546 Disk 0 MBR read successfully
19:24:44.546 Disk 0 MBR scan
19:24:44.546 Disk 0 Windows XP default MBR code
19:24:44.546 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
19:24:44.546 Disk 0 Partition - 00 0F Extended LBA 446933 MB offset 61432560
19:24:44.562 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 446933 MB offset 61432623
19:24:44.562 Disk 0 scanning sectors +976752000
19:24:44.625 Disk 0 scanning C:\WINDOWS\system32\drivers
19:24:51.515 Service scanning
19:24:54.750 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
19:24:58.781 Service MSICPL D:\install4\MSICPL.sys **LOCKED** 21
19:24:59.484 Service NTACCESS D:\NTACCESS.sys **LOCKED** 21
19:25:04.656 Modules scanning
19:25:22.703 Disk 0 trace - called modules:
19:25:22.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:25:22.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa06ab8]
19:25:22.718 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8aa0a9e8]
19:25:22.718 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8aa08d98]
19:25:22.984 AVAST engine scan C:\WINDOWS
19:25:33.765 File: C:\WINDOWS\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
19:25:38.718 AVAST engine scan C:\WINDOWS\system32
19:27:10.812 AVAST engine scan C:\WINDOWS\system32\drivers
19:27:19.500 AVAST engine scan C:\Documents and Settings\timothy
19:47:10.921 AVAST engine scan C:\Documents and Settings\All Users
19:49:00.281 Scan finished successfully
19:51:45.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\timothy\Desktop\MBR.dat"
19:51:45.234 The log file has been saved successfully to "C:\Documents and Settings\timothy\Desktop\aswMBR.txt"
  • 0

#14
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
OTL logfile created on: 12/10/2012 07:54:19 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\timothy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 29.66% Memory free
3.81 Gb Paging File | 2.46 Gb Available in Paging File | 64.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 2.55 Gb Free Space | 8.69% Space Free | Partition Type: NTFS
Drive E: | 436.46 Gb Total Space | 18.73 Gb Free Space | 4.29% Space Free | Partition Type: NTFS

Computer Name: TIM | User Name: timothy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/10 19:27:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\timothy\Desktop\OTL.exe
PRC - [2012/12/10 19:23:54 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\timothy\My Documents\Downloads\aswMBR (1).exe
PRC - [2012/11/28 07:43:18 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/10/31 02:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/10/31 02:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/10/26 13:17:52 | 000,079,384 | ---- | M] (Google) -- C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/03 05:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012/08/03 05:12:18 | 000,387,440 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2012/08/03 05:10:40 | 000,476,016 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/05/24 22:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\timothy\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/04/11 04:04:10 | 001,202,504 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2011/07/29 03:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/28 19:23:46 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/12/22 17:21:38 | 000,088,688 | R--- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\KaraokeSer.exe
PRC - [2010/01/15 16:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/02/18 01:45:19 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/11/07 09:16:18 | 001,512,720 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
PRC - [2008/05/12 16:20:02 | 001,422,608 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
PRC - [2008/04/14 04:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/13 15:06:58 | 002,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/02/13 15:02:46 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/02/13 15:02:24 | 000,405,776 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/02/05 20:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/12/21 10:55:56 | 000,241,771 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2007/12/13 18:36:46 | 000,049,220 | ---- | M] (Samsung) -- C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
PRC - [2007/06/25 10:47:24 | 001,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2007/06/25 10:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/06/25 10:47:02 | 001,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/11 15:17:48 | 002,038,784 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12121101\algo.dll
MOD - [2012/11/28 07:43:17 | 000,460,904 | ---- | M] () -- C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll
MOD - [2012/11/28 07:43:15 | 004,008,040 | ---- | M] () -- C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012/11/28 07:42:30 | 000,587,880 | ---- | M] () -- C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
MOD - [2012/11/28 07:42:29 | 000,124,520 | ---- | M] () -- C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\libegl.dll
MOD - [2012/11/28 07:42:22 | 000,157,304 | ---- | M] () -- C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012/11/28 07:42:21 | 002,168,952 | ---- | M] () -- C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012/11/28 07:42:21 | 000,275,576 | ---- | M] () -- C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
MOD - [2012/08/03 05:19:06 | 000,009,584 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2012/08/03 05:12:18 | 000,387,440 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
MOD - [2012/08/03 05:10:40 | 000,476,016 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
MOD - [2012/08/03 05:08:20 | 000,658,800 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\af_proxy.dll
MOD - [2012/04/11 04:04:10 | 001,202,504 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
MOD - [2012/01/20 12:31:58 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/29 03:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 03:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/03 14:15:39 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009/02/18 01:45:18 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2008/04/14 04:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/02/13 15:13:48 | 000,108,816 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL
MOD - [2008/02/13 15:06:58 | 002,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
MOD - [2008/02/13 15:04:40 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll
MOD - [2008/02/13 15:04:18 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll
MOD - [2008/02/13 15:04:06 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll
MOD - [2008/02/13 15:03:20 | 000,167,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\EFVal.dll
MOD - [2008/02/13 15:02:58 | 000,344,336 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll
MOD - [2008/02/13 15:02:46 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2008/02/05 20:18:58 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
MOD - [2008/01/17 16:52:42 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\Research In Motion\BBBI Drivers\VBB\VBBClientCommForNokia.dll
MOD - [2007/08/14 17:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 15:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 15:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2006/06/16 18:20:54 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Unknown] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2012/10/31 02:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/03 05:20:24 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012/08/03 05:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012/08/03 05:12:18 | 000,387,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/08/03 05:10:40 | 000,476,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/12/22 17:21:38 | 000,088,688 | R--- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\WINDOWS\system32\KaraokeSer.exe -- (KaraokeService)
SRV - [2010/01/15 16:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/07/04 14:52:18 | 000,014,336 | ---- | M] (Vodafone) [Disabled | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/02/05 20:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 20:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 20:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/06/25 10:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\timothy\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/12/10 18:26:35 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/10/31 02:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/31 02:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/31 02:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/31 02:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/31 02:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/31 02:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/31 02:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/27 01:45:14 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/03/07 04:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011/03/18 20:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/12/22 17:21:40 | 002,804,720 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/06/25 11:07:44 | 000,061,552 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/23 12:38:50 | 000,056,320 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\DualCoreCenter\RushTop.sys -- (RushTopDevice2)
DRV - [2008/03/17 13:03:46 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/02/27 10:08:04 | 000,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter)
DRV - [2008/02/14 13:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/02/06 06:21:48 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/02/06 06:21:37 | 004,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2008/02/06 06:21:25 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/06 06:20:40 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/02/05 20:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 20:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2008/01/03 18:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/25 10:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 10:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 10:47:12 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2007/06/25 10:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/02/08 14:56:20 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1unic.sys -- (sea1unic)
DRV - [2007/02/08 14:56:06 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1obex.sys -- (sea1obex)
DRV - [2007/02/08 14:56:02 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1nd5.sys -- (sea1nd5)
DRV - [2007/02/08 14:56:00 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mgmt.sys -- (sea1mgmt)
DRV - [2007/02/08 14:55:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdm.sys -- (sea1mdm)
DRV - [2007/02/08 14:55:50 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1mdfl.sys -- (sea1mdfl)
DRV - [2007/02/08 14:55:40 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sea1bus.sys -- (sea1bus)
DRV - [2006/08/28 19:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2006/08/28 19:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
DRV - [1996/04/03 23:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1220945662-1390067357-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alnaddy.com/?t=706
IE - HKU\S-1-5-21-1220945662-1390067357-839522115-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1220945662-1390067357-839522115-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1220945662-1390067357-839522115-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1220945662-1390067357-839522115-500\..\SearchScopes\{8F7AE137-EA2B-45EA-A99E-E61F6F667B0B}: "URL" = http://www.alnaddy.c...q={searchTerms}
IE - HKU\S-1-5-21-1220945662-1390067357-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1220945662-1390067357-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Alnaddy"
FF - prefs.js..browser.startup.homepage: "http://www.alnaddy.com/?t=706"
FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.13.0.6
FF - prefs.js..extensions.enabledAddons: [email protected]:5.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..keyword.URL: "http://www.alnaddy.c...com/search/?q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\timothy\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\timothy\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/16 20:07:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/12/08 20:08:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 23:57:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/18 01:54:40 | 000,000,000 | ---D | M]

[2009/08/04 00:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\timothy\Application Data\Mozilla\Extensions
[2012/12/10 19:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\extensions
[2012/07/26 01:20:01 | 000,000,000 | ---D | M] (TheBflix) -- C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\extensions\[email protected]
[2012/07/26 01:20:02 | 000,000,000 | ---D | M] (alnaddyToolbar.com) -- C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\extensions\[email protected]
[2011/12/18 22:51:32 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\extensions\[email protected]
[2012/02/27 15:27:22 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/06/02 18:35:03 | 000,001,389 | ---- | M] () -- C:\Documents and Settings\timothy\Application Data\Mozilla\Firefox\Profiles\8pkoquib.default\searchplugins\alnaddyToolbar.xml
[2012/12/10 19:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/16 23:18:25 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/10/18 01:54:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TIMOTHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8PKOQUIB.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
[2012/02/27 15:22:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/07 04:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/07 04:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/01/26 08:58:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/26 08:58:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.co.za/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.co.za/
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\timothy\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\timothy\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - Extension: Google Translate = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: Google Drive = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Facebook = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Calendar = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Photo Zoom for Facebook = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: AdBlock = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.49_0\
CHR - Extension: bitly | \u2665 your bitmarks = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.54_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Downloads = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1\
CHR - Extension: Google Maps = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Dictionary (by Google) = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: DivX Plus Web Player HTML5 video = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Picasa = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/09/15 12:02:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Alnaddy.com Toolbar) - {CD3AED25-23AB-4543-B915-159449C37197} - C:\Program Files\Alnaddy.com\alnaddyToolbar\1.5.23.10\alnaddyToolbarTlbr.dll (Alnaddy.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1220945662-1390067357-839522115-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk = C:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
O4 - Startup: C:\Documents and Settings\timothy\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\timothy\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-1390067357-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1220945662-1390067357-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1220945662-1390067357-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1220945662-1390067357-839522115-500\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1220945662-1390067357-839522115-500\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50CE6526-2D5C-4759-A5E6-1953A4E5F477}: DhcpNameServer = 213.132.63.25 80.227.2.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{636C073A-D6EC-4CEE-B0B7-2C83000ACD4A}: DhcpNameServer = 213.132.63.25 80.227.2.4
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\timothy\Application Data\ACD Systems\ACDSee\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\timothy\Application Data\ACD Systems\ACDSee\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/29 13:16:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/10 18:26:35 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/12/08 21:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\timothy\Desktop\broken PC 3 Dec 2012
[2012/12/08 21:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\timothy\Desktop\old OTL scans
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/10 19:55:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1390067357-839522115-500UA.job
[2012/12/10 19:51:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\timothy\Desktop\MBR.dat
[2012/12/10 19:27:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\timothy\Desktop\OTL.exe
[2012/12/10 19:20:51 | 000,436,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/12/10 19:20:51 | 000,068,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/10 19:19:16 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2012/12/10 19:18:13 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/12/10 19:16:48 | 000,000,532 | -H-- | M] () -- C:\WINDOWS\tasks\TheBflixUpdaterLogonTask.job
[2012/12/10 19:16:48 | 000,000,512 | -H-- | M] () -- C:\WINDOWS\tasks\TheBflixUpdaterRefreshTask.job
[2012/12/10 19:16:46 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1390067357-839522115-500.job
[2012/12/10 19:15:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/10 19:15:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/12/10 19:15:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/12/10 18:26:35 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/12/10 18:16:43 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\timothy\Desktop\Microsoft Office Word 2003.lnk
[2012/12/10 18:14:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/10 18:09:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/08 21:35:08 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/12/08 20:40:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/12/08 20:10:39 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/12/08 20:10:32 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/12/08 12:11:43 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1390067357-839522115-500.job
[2012/12/07 12:03:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/12/05 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/12/03 12:57:52 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\timothy\Desktop\Google Chrome.lnk
[2012/12/03 12:57:52 | 000,002,278 | ---- | M] () -- C:\Documents and Settings\timothy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/20 20:35:13 | 000,168,448 | ---- | M] () -- C:\Documents and Settings\timothy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/19 23:54:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/11/18 22:42:45 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\timothy\Desktop\Microsoft Office Excel 2003.lnk
[2012/11/14 10:10:03 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/11/14 09:55:07 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1390067357-839522115-500Core.job
[2012/11/14 07:22:12 | 000,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/14 00:57:08 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/10 19:51:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\timothy\Desktop\MBR.dat
[2012/07/03 08:21:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2012/06/30 14:30:42 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/06/16 12:09:40 | 000,178,192 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/03/10 19:53:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 01:53:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/14 11:11:45 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/11/08 16:15:35 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2011/11/08 16:15:35 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2011/11/08 16:14:22 | 000,004,096 | R--- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2011/11/08 16:14:22 | 000,000,151 | R--- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2011/11/08 16:14:10 | 000,982,224 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/11/08 16:14:10 | 000,439,336 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/09/14 01:19:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/14 01:19:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/14 01:19:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/14 01:19:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/14 01:19:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/28 18:40:35 | 000,065,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/02/09 02:46:25 | 000,168,448 | ---- | C] () -- C:\Documents and Settings\timothy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/09 02:40:20 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\timothy\default.pls
[2008/06/23 15:02:02 | 000,097,410 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/05/23 19:48:50 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml

========== ZeroAccess Check ==========

[2009/01/29 14:43:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 20:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 16:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/03/29 00:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/11/01 17:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/09/11 19:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2012/06/02 19:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hotspot Shield
[2009/02/14 22:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/02/11 18:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/06/02 23:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheBflixUpdater
[2009/03/12 00:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2010/07/03 02:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/03/12 00:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
[2010/08/07 08:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Dropbox
[2012/06/15 20:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temp\Application Data\Alnaddy.com
[2012/06/15 19:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temp\Application Data\Research In Motion
[2010/07/03 14:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temp\Application Data\Teleca
[2009/03/29 00:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\ACD Systems
[2012/06/02 18:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Alnaddy.com
[2011/08/16 20:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\DDMSettings
[2012/12/10 19:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Dropbox
[2010/07/13 01:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\GetRightToGo
[2011/09/12 16:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\go
[2009/02/18 01:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Leadertech
[2011/02/11 18:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\NCH Swift Sound
[2011/12/14 11:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Research In Motion
[2011/09/14 09:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Sammsoft
[2012/09/30 00:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\SecondLife
[2011/11/03 11:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Teleca
[2010/07/31 16:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Uniblue
[2012/07/03 00:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\uTorrent
[2009/03/12 00:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\timothy\Application Data\Vodafone

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 04:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 04:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 04:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 17:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 04:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 04:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 21:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 15:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 04:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 03:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 04:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 04:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 04:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 04:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 04:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 04:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 04:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 04:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 04:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 20:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 15:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 17:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 04:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 04:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 04:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 16:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 04:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 04:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 04:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 04:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 09:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/28 03:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 04:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 04:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 04:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 04:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 04:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 03:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 04:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 04:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 04:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 04:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 04:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 04:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 16:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 04:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 04:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 10:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 04:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 04:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 04:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 16:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 16:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009/02/06 15:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 04:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 04:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 21:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 14:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 15:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 15:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 15:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 15:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 16:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.LNK >
[2009/01/29 13:16:31 | 000,001,602 | ---- | M] () MD5=1E4FD449495B5FC66E2BBCDA13E3D1F5 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/04 16:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/14 04:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 04:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 04:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 16:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 16:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 04:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 16:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 04:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 04:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2004/08/04 16:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/04 16:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/11/28 07:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/27 15:22:34 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/27 15:22:34 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/27 15:22:34 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/27 15:22:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/27 15:22:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/27 15:22:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/11/28 07:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/11/28 07:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/11/28 07:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/11/28 07:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 16:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 16:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 16:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/11/28 07:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/27 15:22:34 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/27 15:22:34 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/27 15:22:34 | 000,834,800 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/27 15:22:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/27 15:22:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/27 15:22:38 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/11/28 07:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/11/28 07:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/11/28 07:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/11/28 07:43:18 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 16:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 16:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 16:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.)

< End of report >





OTL Extras logfile created on: 12/10/2012 07:54:19 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\timothy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 29.66% Memory free
3.81 Gb Paging File | 2.46 Gb Available in Paging File | 64.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 2.55 Gb Free Space | 8.69% Space Free | Partition Type: NTFS
Drive E: | 436.46 Gb Total Space | 18.73 Gb Free Space | 4.29% Space Free | Partition Type: NTFS

Computer Name: TIM | User Name: timothy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1220945662-1390067357-839522115-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\timothy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\timothy\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\timothy\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\SecondLifeViewer\SLVoice.exe" = C:\Program Files\SecondLifeViewer\SLVoice.exe:*:Enabled:SLVoice


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}" = Striata Reader
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java™ 6 Update 37
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29498512-A137-4478-8691-922829F108DC}" = HP Deskjet 2050 J510 series Product Improvement Study
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8E72B982-D54F-486F-B35A-C24B6F171033}" = Nero 7 Essentials
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92022F8E-2E55-4A16-88EB-B4778B35E942}" = ACDSee for PENTAX 3.0
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0C2E24E-2496-42F8-A065-E5E49B6C1088}" = BlackBerry Desktop Software 4.6
"{E654D1E3-B18B-4953-BFBC-F16227323E05}" = HP Deskjet 2050 J510 series Basic Device Software
"{EB3DF81F-5E70-4722-9D99-C1FC3EEF4DE1}" = Roxio Media Manager
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"alnaddyToolbar" = Alnaddy.com toolbar on IE
"Amazon Kindle" = Amazon Kindle
"Applian FLV Player2.0.24" = Applian FLV Player
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"AVI Codec Pack" = AVI Codec Pack
"Avi Fix Joiner 2.11" = Avi Fix Joiner 2.11
"BlackBerry_{D0C2E24E-2496-42F8-A065-E5E49B6C1088}" = BlackBerry Desktop Software 4.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Setup" = DivX Setup
"DualCoreCenter_is1" = DualCoreCenter
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressRip" = Express Rip
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HotspotShield" = Hotspot Shield 2.67
"HP Photo Creations" = HP Photo Creations
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"Liveupdate4_is1" = Liveupdate4
"lvdrivers_11.70" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RealPlayer 12.0" = RealPlayer
"Smart WAV Converter_is1" = Smart WAV Converter
"Speccy" = Speccy
"SpeedFan" = SpeedFan (remove only)
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TheBflixUpdater" = TheBflix Updater
"Tweak UI 2.10" = Tweak UI
"Video Fixer 3.23_is1" = Video Fixer 3.23
"VLC media player" = VLC media player 1.1.11
"WavePad" = WavePad Sound Editor
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1220945662-1390067357-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

Error - 9/9/2010 07:52:15 AM | Computer Name = TIM | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 12/7/2012 11:30:38 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2125

Error - 12/7/2012 11:30:38 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2125

Error - 12/7/2012 11:30:40 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/7/2012 11:30:40 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4141

Error - 12/7/2012 11:30:40 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4141

Error - 12/7/2012 11:30:42 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/7/2012 11:30:42 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6094

Error - 12/7/2012 11:30:42 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6094

Error - 12/8/2012 11:48:53 AM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 4.6.0.17, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2012 10:11:25 AM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 4.6.0.17, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 12/7/2012 11:30:38 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2125

Error - 12/7/2012 11:30:38 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2125

Error - 12/7/2012 11:30:40 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/7/2012 11:30:40 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4141

Error - 12/7/2012 11:30:40 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4141

Error - 12/7/2012 11:30:42 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/7/2012 11:30:42 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6094

Error - 12/7/2012 11:30:42 AM | Computer Name = TIM | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6094

Error - 12/8/2012 11:48:53 AM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 4.6.0.17, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/10/2012 10:11:25 AM | Computer Name = TIM | Source = Application Hang | ID = 1002
Description = Hanging application DesktopMgr.exe, version 4.6.0.17, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/10/2012 10:11:07 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 12/10/2012 10:11:09 AM | Computer Name = TIM | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +86665 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|94.205.205.206:123->65.55.21.13:123) is working
properly.

Error - 12/10/2012 10:29:26 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 12/10/2012 10:33:08 AM | Computer Name = TIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 12/10/2012 10:33:10 AM | Computer Name = TIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 12/10/2012 10:33:16 AM | Computer Name = TIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 12/10/2012 11:16:40 AM | Computer Name = TIM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 12/10/2012 11:18:56 AM | Computer Name = TIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 12/10/2012 11:19:03 AM | Computer Name = TIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}

Error - 12/10/2012 11:19:04 AM | Computer Name = TIM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}


< End of report >
  • 0

#15
discoveringyou

discoveringyou

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Hi Compcav, as you can see have run all the reports. I have not changed the battery yet and will await your advise on that. The PC has been running for about 1h30 now in normal mode and not crashed, nor been slow. I have been able to run all the scans. I have unplugged the printer (not sure if that is making any difference). I will continue to work on it for a bit and hopefully it won't crash. Any thoughts on above scans?

Thanks again so much for your help on this! (I shall be online for next hour and then back again in 2 hours time)

Cheers
Tim
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP