Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Boot to black screen with cursor [Solved]


  • This topic is locked This topic is locked

#121
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Apparently, I like to surf most stupidly when I'm tired and upset. I believe that I caught a re-infection of an un-related source last night. It's a recurring BSoD that pops up a little in the boot sequence after choosing which user you want. It happens on both users. Do I put that over in Malware removal? It says 'paged fault in a non paged area" on the BSoD.
  • 0

Advertisements


#122
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

We can just continue in this thread.

Was this the first reboot since you were updating the drivers?

Could you please note the STOP code and any file listed on the BSOD.

Also, if you are able to boot to the desktop, could you please get a fresh OTL scan:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#123
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
It wasn't the first reboot. Several other reboots had happened since then.

I was unable to effectively note down any stop codes because the bsod wouldn't stay on the screen long enough before forcing a reboot. I found that I could boot using safe mode, so I downloaded OTL to a flash drive and ran it. I also grabbed a huge memory.dmp file b/c it looked important and I thought it might have those STOP codes you wanted. I'll start with the memory.zip file first b/c I don't want to waste this post. Gah, I need to sleep. That made no sense :(

too big. i'll have to stick it somewhere

Here's the first OTL.txt files

OTL logfile created on: 3/6/2013 6:52:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Philip\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 85.54% Memory free
3.35 Gb Paging File | 3.27 Gb Available in Paging File | 97.41% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 282.73 Gb Free Space | 60.70% Space Free | Partition Type: NTFS
Drive E: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.90 Gb Total Space | 1.62 Gb Free Space | 85.01% Space Free | Partition Type: FAT

Computer Name: DILBERT | User Name: Philip | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/06 06:51:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philip\Desktop\OTL.exe
PRC - [2006/02/28 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/28 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe


========== Modules (No Company Name) ==========

MOD - [2006/02/28 07:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\ComboFix\pev.3XE EXEC /i C:\ComboFix\HIDEC.3XE C:\ComboFix\SWREG.3XE ACL HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep /RESET /Q -- (PEVSystemStart)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AGI\common\win32\PythonService.exe -- (AGWinService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AGI\core\3.2\AGCoreService.exe -- (AGCoreService)
SRV - [2013/03/01 19:30:15 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/01 05:27:38 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/28 03:36:01 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/02/19 16:28:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/07 07:31:22 | 001,223,704 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/02/07 07:31:20 | 000,660,504 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/01/29 21:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/11/22 09:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/28 13:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/07 11:56:11 | 000,138,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2004/10/20 09:40:04 | 000,010,328 | ---- | M] (America Online) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/24 16:12:14 | 000,057,344 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\3.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/02/28 03:36:37 | 000,765,808 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/02/28 03:36:37 | 000,368,248 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/02/28 03:36:37 | 000,163,784 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/02/28 03:36:37 | 000,062,448 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/02/28 03:36:36 | 000,066,408 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/02/28 03:36:36 | 000,049,832 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/02/28 03:36:36 | 000,049,320 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/02/28 03:36:35 | 000,029,880 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/02/07 07:15:22 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf_x86.sys -- (PSI)
DRV - [2013/01/29 20:35:36 | 000,527,848 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2012/11/22 09:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/11/16 16:04:28 | 007,874,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/05/14 01:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2012/03/02 15:03:00 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2012/03/02 15:03:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2012/03/02 15:03:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/27 15:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 15:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 15:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 13:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/12/11 08:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/07/03 16:03:14 | 004,745,216 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/05/20 18:53:36 | 000,093,696 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/25 19:01:00 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2007/09/28 13:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/09/28 13:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/12/28 11:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/24 15:51:26 | 000,650,632 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/24 15:43:18 | 000,014,520 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2004/08/24 15:40:28 | 000,229,720 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/24 15:35:14 | 000,100,240 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/24 15:33:32 | 001,395,376 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/08/24 15:24:14 | 000,013,216 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..\SearchScopes,DefaultScope = {E4C1C287-8FEA-4F2A-BA25-6C68D7630F52}
IE - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..\SearchScopes\{E4C1C287-8FEA-4F2A-BA25-6C68D7630F52}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-789336058-861567501-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-861567501-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "google-feed.net"
FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.zoneal...&tstsId=&ver=&"
FF - prefs.js..extensions.enabledAddons: flvmoviesdownloader%40rzll:1.43
FF - prefs.js..extensions.enabledAddons: PardusCopilot%40mozilla.doslash.org:1.1.5
FF - prefs.js..extensions.enabledAddons: puc%40fantamondi.it:1.2.3
FF - prefs.js..extensions.enabledAddons: %7B000F1EA4-5E08-4564-A29B-29076F63A37A%7D:1.0.3.171
FF - prefs.js..extensions.enabledAddons: %7BEDA7B1D7-F793-4e03-B074-E6F303317FB0%7D:1.2.7
FF - prefs.js..extensions.enabledAddons: unplug%40compunach:2.054
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: btpersonas%40brandthunder.com:1.6.3.4
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.31
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:1.8.0
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9rc1
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1482
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.zoneal...tsId=&ver=&&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Karen\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Philip\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013/02/06 04:26:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/05 03:15:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/02 05:07:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/22 18:39:48 | 000,000,000 | ---D | M]

[2008/10/17 17:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Extensions
[2013/03/01 18:48:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions
[2012/07/30 03:54:38 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2013/02/22 18:39:16 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013/02/23 14:09:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/12 02:59:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2013/02/14 03:04:47 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2013/02/06 04:23:55 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2011/10/29 10:10:41 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2010/01/22 02:27:09 | 000,000,000 | ---D | M] ("FTSTrader") -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2012/06/09 21:26:28 | 000,014,838 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2011/06/10 07:17:10 | 000,031,415 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2011/05/28 06:56:03 | 000,063,696 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2013/01/30 05:41:21 | 000,142,907 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2013/01/26 06:49:40 | 000,024,292 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
[2013/03/01 18:48:12 | 000,532,389 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/03/01 04:25:50 | 000,269,007 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/03/01 05:16:15 | 000,014,714 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2012/05/04 23:32:01 | 000,091,556 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
[2013/01/23 05:46:58 | 000,007,919 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]\content\Abine\chrome\content\ff\view_expiry.js
[2013/02/06 04:18:44 | 000,001,488 | ---- | M] () -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\searchplugins\zonealarm.xml
[2013/02/19 16:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/19 16:28:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/19 16:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/03/05 03:15:02 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/02/27 08:32:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/02/15 19:35:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/19 18:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 18:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/03/20 03:55:06 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2013/02/15 19:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/15 19:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: Docs = C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Philip\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/15 03:33:52 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - Startup: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe (Rainy)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = [binary data]
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: amazon.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: carboniteaddon.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...t Installer.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1274685273609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1352878580937 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://3979.mcdtt.co...hecker_8000.cab (OCXDownloadChecker Control)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} http://3979.mcdtt.co...adFile_8100.cab (DownloadFile Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABA3E625-ED42-4856-AA31-087C7FD95685}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/22 09:36:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/02/12 14:53:42 | 000,000,277 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/06 06:52:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Philip\Desktop\OTL.exe
[2013/03/05 14:20:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Philip\Recent
[2013/03/05 03:15:03 | 000,066,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/03/03 01:51:46 | 018,456,096 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Philip\Desktop\Windows-KB890830-V4.17.exe
[2013/03/03 01:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/03/02 06:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/03/02 06:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2013/03/02 06:27:34 | 004,095,448 | ---- | C] (BrightFort LLC ) -- C:\Documents and Settings\Philip\Desktop\spywareblastersetup50.exe
[2013/03/02 05:27:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2013/03/02 05:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2013/03/02 05:27:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2013/03/02 05:26:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2013/03/02 05:00:51 | 020,564,496 | ---- | C] (Mozilla) -- C:\Documents and Settings\Philip\Desktop\Firefox Setup 19.0.exe
[2013/03/01 19:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Start Menu\Programs\IrfanView
[2013/03/01 19:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Local Settings\Application Data\Secunia PSI
[2013/03/01 19:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2013/03/01 19:03:17 | 003,199,760 | ---- | C] (Secunia) -- C:\Documents and Settings\Philip\Desktop\PSISetup.exe
[2013/03/01 18:58:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Desktop\Belarc Advisor Current Profile030113_files
[2013/03/01 06:34:10 | 000,368,248 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/03/01 06:34:10 | 000,029,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/03/01 06:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/03/01 06:34:09 | 000,062,448 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/03/01 06:34:09 | 000,049,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/03/01 06:34:08 | 000,765,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/03/01 06:33:46 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/03/01 06:33:45 | 000,228,600 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/03/01 06:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/03/01 06:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/03/01 06:25:35 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Philip\Desktop\TFC.exe
[2013/03/01 05:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/03/01 05:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/03/01 05:27:56 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/01 05:27:56 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/01 05:27:51 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/01 05:27:51 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/01 05:27:51 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/01 05:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/03/01 05:22:57 | 031,512,992 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\Philip\Desktop\jre-7u15-windows-i586.exe
[2013/03/01 05:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Desktop\JavaRa-2.1
[2013/02/27 07:26:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2013/02/27 07:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/02/27 07:26:14 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/02/27 07:06:26 | 025,001,480 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Philip\Desktop\NetFx20SP2_x86.exe
[2013/02/26 09:05:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/02/26 05:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/02/26 05:37:12 | 000,000,000 | ---D | C] -- C:\50314ab87b130d9a37
[2013/02/26 05:29:00 | 050,449,456 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Philip\Desktop\dotNetFx40_Full_x86_x64.exe
[2013/02/26 05:16:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Desktop\dotnetfx_cleanup_tool
[2013/02/23 03:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Application Data\spiral
[2013/02/22 18:41:00 | 015,900,360 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Philip\Desktop\NDP1.1sp1-KB2742597-X86.exe
[2013/02/22 15:01:17 | 000,465,280 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2win32.cid
[2013/02/22 15:01:17 | 000,465,280 | ---- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2win32.cid
[2013/02/22 15:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2013/02/21 02:20:30 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Philip\Desktop\rsaenh.dll
[2013/02/19 16:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/18 02:10:46 | 001,005,792 | ---- | C] (Solid State Networks) -- C:\Documents and Settings\Philip\Desktop\install_flashplayer11x32au_mssd_aih.exe
[2013/02/17 07:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Desktop\removethreatfire(3.0)
[2013/02/17 05:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Start Menu\Programs\Trebuchet
[2013/02/17 05:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Fuzzball
[2013/02/13 04:52:52 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Philip\Desktop\MicrosoftFixit.Search.RNP.136284176360896497.2.1.Run.exe
[2013/02/10 05:14:54 | 002,139,648 | ---- | C] (hs2n Informationstechnologie GmbH) -- C:\Documents and Settings\Philip\Desktop\WUInstall.exe
[2013/02/08 09:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2013/02/08 09:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2013/02/08 09:23:08 | 000,103,040 | ---- | C] (Advanced Micro Devices) -- C:\WINDOWS\System32\drivers\AtihdXP3.sys
[2013/02/08 06:02:01 | 111,595,832 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Philip\Desktop\13-1-legacy_xp32_dd_ccc_whql.exe
[2013/02/07 07:15:22 | 000,016,024 | ---- | C] (Secunia) -- C:\WINDOWS\System32\drivers\psi_mf_x86.sys
[2013/02/06 06:51:17 | 100,496,424 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Philip\Desktop\13-1_xp32_dd_ccc_whql.exe
[2013/02/06 05:15:48 | 000,000,000 | ---D | C] -- C:\AMD
[2013/02/06 04:59:45 | 000,792,704 | ---- | C] (AMD) -- C:\Documents and Settings\Philip\Desktop\amddriverdownloader.exe
[2013/02/06 04:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\My Documents\ForceField Shared Files
[2013/02/06 04:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Application Data\CheckPoint
[2013/02/06 04:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2013/02/06 04:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Application Data\Check Point Software Technologies LTD
[2013/02/06 04:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013/02/06 04:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/02/06 04:16:13 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/02/06 04:16:02 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2013/02/06 04:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Desktop\Tweaking.com - Repair Windows Firewall
[2013/02/06 04:15:26 | 002,398,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\Documents and Settings\Philip\Desktop\zafwSetupWeb_110_000_057.exe

========== Files - Modified Within 30 Days ==========

[2013/03/06 06:51:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philip\Desktop\OTL.exe
[2013/03/06 06:47:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/06 05:49:39 | 182,734,848 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/03/06 05:48:15 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/03/06 05:48:15 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2013/03/06 05:48:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce03d7f55cfecc.job
[2013/03/06 05:48:14 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2013/03/06 05:48:13 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013/03/05 14:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/05 05:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-861567501-1801674531-1005Core1cc03f46f882a40.job
[2013/03/05 03:15:03 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/03/05 03:07:05 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/05 03:07:05 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2013/03/04 20:07:48 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/04 03:31:32 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Philip\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/03 01:54:14 | 018,456,096 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Philip\Desktop\Windows-KB890830-V4.17.exe
[2013/03/02 06:33:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/03/02 06:30:45 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/03/02 06:28:33 | 004,095,448 | ---- | M] (BrightFort LLC ) -- C:\Documents and Settings\Philip\Desktop\spywareblastersetup50.exe
[2013/03/02 06:25:10 | 000,546,964 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/02 06:25:10 | 000,107,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/02 05:28:34 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/02 05:07:07 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Philip\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/03/02 05:07:07 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/03/02 05:03:27 | 020,564,496 | ---- | M] (Mozilla) -- C:\Documents and Settings\Philip\Desktop\Firefox Setup 19.0.exe
[2013/03/02 02:07:13 | 002,434,048 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\msxml.msi
[2013/03/01 19:30:13 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/01 19:30:13 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/01 19:04:02 | 003,199,760 | ---- | M] (Secunia) -- C:\Documents and Settings\Philip\Desktop\PSISetup.exe
[2013/03/01 18:58:40 | 000,317,410 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\Belarc Advisor Current Profile030113.htm
[2013/03/01 06:34:10 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/03/01 06:25:36 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philip\Desktop\TFC.exe
[2013/03/01 05:45:49 | 000,403,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/01 05:27:38 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/03/01 05:27:38 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/03/01 05:27:38 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/01 05:27:38 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/01 05:27:38 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/01 05:27:38 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/01 05:27:38 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/01 05:26:59 | 031,512,992 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Philip\Desktop\jre-7u15-windows-i586.exe
[2013/03/01 05:18:53 | 000,143,072 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\JavaRa-2.1.zip
[2013/02/28 12:35:00 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2013/02/28 03:36:37 | 000,765,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/02/28 03:36:37 | 000,368,248 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/02/28 03:36:37 | 000,163,784 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/02/28 03:36:37 | 000,062,448 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/02/28 03:36:36 | 000,066,408 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/02/28 03:36:36 | 000,049,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/02/28 03:36:36 | 000,049,320 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/02/28 03:36:35 | 000,029,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/02/28 03:36:07 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/02/28 03:35:59 | 000,228,600 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/02/27 07:09:44 | 025,001,480 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Philip\Desktop\NetFx20SP2_x86.exe
[2013/02/26 05:35:34 | 050,449,456 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Philip\Desktop\dotNetFx40_Full_x86_x64.exe
[2013/02/26 05:15:40 | 000,265,598 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\dotnetfx_cleanup_tool.zip
[2013/02/22 18:43:01 | 015,900,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Philip\Desktop\NDP1.1sp1-KB2742597-X86.exe
[2013/02/22 18:39:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2013/02/22 15:01:17 | 000,465,280 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\cpnprt2win32.cid
[2013/02/22 15:01:17 | 000,465,280 | ---- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2win32.cid
[2013/02/18 02:10:46 | 001,005,792 | ---- | M] (Solid State Networks) -- C:\Documents and Settings\Philip\Desktop\install_flashplayer11x32au_mssd_aih.exe
[2013/02/17 06:57:39 | 000,051,521 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\removethreatfire(3.0).zip
[2013/02/17 05:23:28 | 000,003,899 | ---- | M] () -- C:\Documents and Settings\Philip\trebpref.trc
[2013/02/13 04:52:52 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Philip\Desktop\MicrosoftFixit.Search.RNP.136284176360896497.2.1.Run.exe
[2013/02/12 02:24:32 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\fix.bat
[2013/02/10 05:23:23 | 000,001,548 | ---- | M] () -- C:\Documents
[2013/02/10 05:15:06 | 002,139,648 | ---- | M] (hs2n Informationstechnologie GmbH) -- C:\Documents and Settings\Philip\Desktop\WUInstall.exe
[2013/02/08 07:53:56 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\waaag.rtf
[2013/02/08 07:40:58 | 000,008,308 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\Why am I not surprised.xml
[2013/02/08 06:16:32 | 111,595,832 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Philip\Desktop\13-1-legacy_xp32_dd_ccc_whql.exe
[2013/02/07 07:15:22 | 000,016,024 | ---- | M] (Secunia) -- C:\WINDOWS\System32\drivers\psi_mf_x86.sys
[2013/02/06 07:04:36 | 100,496,424 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Philip\Desktop\13-1_xp32_dd_ccc_whql.exe
[2013/02/06 04:59:47 | 000,792,704 | ---- | M] (AMD) -- C:\Documents and Settings\Philip\Desktop\amddriverdownloader.exe
[2013/02/06 04:52:42 | 000,417,507 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2013/02/06 04:16:13 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/02/06 04:15:40 | 002,398,248 | ---- | M] (Check Point Software Technologies LTD) -- C:\Documents and Settings\Philip\Desktop\zafwSetupWeb_110_000_057.exe
[2013/02/06 04:03:37 | 000,872,495 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\Tweaking.com-RepairWindowsFirewall.exe
[2013/02/05 04:58:38 | 000,130,115 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\WindowsUpdate.zip

========== Files Created - No Company Name ==========

[2013/03/05 03:15:03 | 000,163,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/05 03:15:03 | 000,049,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/03/03 01:50:34 | 000,001,831 | ---- | C] () -- C:\Documents and Settings\Philip\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/03 01:50:34 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/02 06:30:45 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/03/02 02:10:40 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/03/02 02:06:41 | 002,434,048 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\msxml.msi
[2013/03/01 19:07:35 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2013/03/01 18:58:40 | 000,317,410 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\Belarc Advisor Current Profile030113.htm
[2013/03/01 06:34:10 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/03/01 06:34:08 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/03/01 05:41:41 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat_com.lnk
[2013/03/01 05:18:53 | 000,143,072 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\JavaRa-2.1.zip
[2013/02/26 05:15:39 | 000,265,598 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\dotnetfx_cleanup_tool.zip
[2013/02/17 06:57:37 | 000,051,521 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\removethreatfire(3.0).zip
[2013/02/17 05:23:27 | 000,003,899 | ---- | C] () -- C:\Documents and Settings\Philip\trebpref.trc
[2013/02/16 00:27:15 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2013/02/12 02:24:32 | 000,000,209 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\fix.bat
[2013/02/10 05:16:02 | 000,001,548 | ---- | C] () -- C:\Documents
[2013/02/08 09:22:17 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2013/02/08 07:53:55 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\waaag.rtf
[2013/02/08 07:40:58 | 000,008,308 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\Why am I not surprised.xml
[2013/02/06 04:26:23 | 000,417,507 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2013/02/06 04:03:29 | 000,872,495 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\Tweaking.com-RepairWindowsFirewall.exe
[2013/02/05 14:35:31 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce03d7f55cfecc.job
[2013/02/05 04:58:38 | 000,130,115 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\WindowsUpdate.zip
[2012/12/12 02:34:29 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/08/15 03:45:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/30 05:58:24 | 000,000,063 | ---- | C] () -- C:\Documents and Settings\Philip\jagex_cl_runescape_LIVE1.dat
[2012/07/30 04:28:41 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Philip\jagex_cl_runescape_LIVE.dat
[2011/12/24 21:18:49 | 000,038,399 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011/10/25 21:21:48 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll
[2011/08/19 19:18:49 | 000,000,010 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/23 05:42:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/04/22 14:50:57 | 000,093,396 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/29 22:29:10 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll
[2011/03/21 18:56:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2010/08/02 07:18:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\prvlcl.dat
[2010/03/23 01:06:08 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\fusioncache.dat
[2010/02/14 02:10:59 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2008/10/19 21:14:44 | 000,029,794 | ---- | C] () -- C:\Documents and Settings\Philip\1.zor
[2008/10/19 18:00:44 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Philip\Untitled.zor
[2008/07/24 05:21:50 | 000,236,032 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/07/22 09:50:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2006/02/28 07:00:00 | 001,492,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB4262DE
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

Edited by Jhackofalltrades, 06 March 2013 - 06:59 AM.

  • 0

#124
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
This is the extras files

OTL Extras logfile created on: 3/6/2013 6:52:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Philip\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 85.54% Memory free
3.35 Gb Paging File | 3.27 Gb Available in Paging File | 97.41% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 282.73 Gb Free Space | 60.70% Space Free | Partition Type: NTFS
Drive E: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.90 Gb Total Space | 1.62 Gb Free Space | 85.01% Space Free | Partition Type: FAT

Computer Name: DILBERT | User Name: Philip | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{091FC618-7AAC-025A-F5FA-D2CCD2F47B3C}" = CCC Help Japanese
"{097CF8DE-C007-F3C5-2A80-C1AD2A9D7EFB}" = Catalyst Control Center Graphics Previews Common
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E5E5B46-61B6-3FF3-5C7C-87F1AC00568E}" = CCC Help Czech
"{0F200FB1-B904-1820-0EEA-15C458B575B3}" = CCC Help Portuguese
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series" = Canon MG2100 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{141EA095-30C3-422C-AAD5-E7AD64ED2CAA}" = RoAClient
"{145C6099-E682-AFBB-4E4C-2FE72333E2FB}" = CCC Help Hungarian
"{15A0B9F3-DCE9-42D8-0F81-A03C0BF9BB3B}" = CCC Help Norwegian
"{16456401-9621-4F3D-836A-59EA425C471D}" = ZoneAlarm Security
"{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4}" = Matrix-ks
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{2034E9E2-60F5-A335-363F-9FA9B0864FBA}" = CCC Help Chinese Standard
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23D00984-9D42-843F-AEDD-01ABE9F93CFB}" = CCC Help Portuguese
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{26A1E9CF-BFC1-4309-80CD-C182D80922DB}_is1" = Artweaver 0.5
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2727CC45-2DDA-AE49-1FF8-52F89DE6CA65}" = CCC Help Chinese Traditional
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2D4A7449-27A7-F7EC-DCB1-E77D2DD95ABF}" = Catalyst Control Center Graphics Previews Common
"{31A49E0E-1989-4E2F-9085-D90A732193F4}" = MySQL Server 5.1
"{32A9C5B3-D166-4C6D-A11E-A54473150000}" = Java 3D 1.5.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{354DC3BC-A17F-E931-E696-E57EF0BF39B1}" = CCC Help Japanese
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{39AC9F4E-66AD-D5B0-D935-F898CA4DEB5B}" = CCC Help Spanish
"{3BBC1361-9EBB-F5D5-4E72-B1C2C39761E1}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CFC1E5C-52C5-F564-BBBD-A791A0ED2868}" = CCC Help Swedish
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40A77C5E-831D-53B7-6DD6-049390E99737}" = CCC Help Turkish
"{410D4BAC-B0DE-A42E-651B-3C19D999DF63}" = CCC Help Norwegian
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C8228F6-56B7-4E4D-968A-4BFC8A9B4655}" = Create and Print Plugin 4.0.8045
"{4DE8C2BD-F830-CB44-3C55-FC77DE3FDB80}" = CCC Help German
"{4E0629E3-0F07-AC86-13FA-7A66457ECE13}" = CCC Help Italian
"{4FAF0223-13C2-E94B-6E9E-D5807EFE8589}" = CCC Help Korean
"{506DDFBE-983F-4BC3-84B8-65F423B2D798}" = NVIDIA PhysX
"{512ED279-E0D4-B99E-A924-E0C03D637140}" = ccc-utility
"{526AAE17-8067-9BF2-C56B-EE8CEED32254}" = CCC Help Polish
"{559DE74A-844F-1388-C87D-90E6AE3A56F1}" = CCC Help English
"{57A17677-2064-D213-F2C0-37874112BCE8}" = ccc-utility
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{6021FB62-D396-E27A-FD1C-04B7F568A1CC}" = CCC Help Dutch
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{642AE82D-7B8B-F6A5-F549-F4D2F563DA4C}" = CCC Help Russian
"{67405147-2108-B417-692C-3E318BC21AAF}" = CCC Help Finnish
"{6A462C3E-955D-FFE1-ED19-268969DEBBBE}" = Jacquie Lawson Alpine Advent Calendar
"{6B909736-F4D9-4516-82D7-D0D4784F362C}" = CCC Help Polish
"{6BB9C1F3-661C-4A19-7F48-2F9039CC3981}" = Jacquie Lawson Advent Calendar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737B13C5-990B-4339-8A4D-0FFEBBC3DB17}" = ZoneAlarm Firewall
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79896C28-C277-42d5-990A-D98E10682654}" = Titan Quest
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B14812E-5BDA-759D-33E6-FE6FE2485927}" = Catalyst Control Center Localization All
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9092875A-D6E1-4B76-84F5-F9C0C6E14D10}" = ArcSoft PhotoImpression 6
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{93693EB3-E1E9-BC11-76D9-E03BF7338FC9}" = CCC Help Greek
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{973DFE07-93EE-4EC0-73B2-1E9B1EB1B46D}" = CCC Help Danish
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97B2C4BB-08B1-6092-0F67-62AFA077444C}" = CCC Help Russian
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3179C3-C3FE-7870-0FF6-2C551A5E2FF7}" = CCC Help Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A19E1C26-6DAF-AFDC-4EFF-EFF7FA36F72D}" = Jacquie Lawson London Advent Calendar
"{A1B0D60A-3CD3-0BF7-E99A-A4BB76DAC7B5}" = CCC Help French
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9F95496-FA05-9808-2A6A-850D7CD6513A}" = CCC Help Thai
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{ADE73D87-F371-3693-38C2-5ECCBFA7119A}" = CCC Help Korean
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B18A9215-5C66-C719-F861-2491E0726B78}" = CCC Help Spanish
"{B46A1749-627F-42B4-FCF1-3E2EE6FE9DFA}" = CCC Help Swedish
"{B6903B56-FACF-8AA1-C36F-826280D9AAFD}" = CCC Help Danish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9A5D708-5F66-1B3D-A2D5-4A6E24BF32F7}" = CCC Help Chinese Traditional
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{BEDA24C7-D6F7-FE0F-052C-B1C2454E7BAD}" = CCC Help Greek
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C5ED7EC9-7C4D-AF4F-6C36-55DCDC6F4117}" = Catalyst Control Center Graphics Previews Common
"{C86492CA-DDD8-A358-75D8-7E86D5A4DE72}" = ccc-utility
"{C876E6DA-EC76-B2EC-6E09-3A7E00233750}" = CCC Help Italian
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CAEFCB7D-C290-57B2-D10D-E3DDBA524232}" = CCC Help Finnish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4147CD1-9422-B624-7E07-BE9440DB3C30}" = Catalyst Control Center
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DBD2CEED-E1C8-8FFC-5A7F-AB8D55BDE5C1}" = AMD Catalyst Install Manager
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4ABEF81-DE3D-DF19-BC99-BC34E2BD16B3}" = CCC Help Dutch
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EE9A51C5-97DC-4BD0-9083-3C1B85C499C8}" = Campfire Legends and Marooned
"{EEEC1285-F4B2-BD99-C895-BED9881795CC}" = CCC Help English
"{EF4A88E7-AB69-EB25-2920-0F46F27D0DB2}" = CCC Help French
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3B7C49A-07DF-29C2-BE82-2E373B02EF8C}" = CCC Help Hungarian
"{F3BD8E81-C020-44F9-B014-1E0214D23556}" = SA30xx Media Converter
"{F4A755C7-C25C-1184-1E93-F70AE98F10FD}" = CCC Help Czech
"{F5F16F97-9094-02B8-2BF0-F03E67C4E55C}" = CCC Help English
"{F61DD673-0030-4BB2-A382-7E57E97F1033}" = Nero 7 Essentials
"{F7B067A9-6BDE-EA72-B983-512354FE5604}" = CCC Help German
"{FA0002AF-DD1C-29FA-85D9-283383768906}" = CCC Help Thai
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"7-Zip" = 7-Zip 4.65
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"America Online us" = America Online (Choose which version to remove)
"American Greetings Crafts 2.0" = American Greetings® Crafts! 2
"American Greetings HolidayEveryday2 1.0" = American Greetings® Holiday & Everyday Collection 2
"amg-brainiversity2" = Brainiversity 2
"amg-elfbowling717thelastinsult" = Elf Bowling 7 1-7 - The Last Insult
"amg-hiddenworldofart" = Hidden World of Art
"amg-marooned" = Marooned
"amg-midnightmysteriessalemwitchtrials" = Midnight Mysteries - Salem Witch Trials
"amg-secretsofgreatart" = Secrets of Great Art
"amg-supercollapsepuzzlegallery4" = Super Collapse! Puzzle Gallery 4
"amg-totemtribe" = Totem Tribe
"AOL Connectivity Services" = AOL Connectivity Services
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"a-squared HiJackFree_is1" = a-squared HiJackFree 3.1
"Audacity_is1" = Audacity 1.2.6
"AutoHotkey" = AutoHotkey 1.0.48.05
"avast" = avast! Free Antivirus
"BBrk_is1" = BrainsBreaker 4.9(301)
"Belarc Advisor" = Belarc Advisor 8.1
"BFGC" = Big Fish Games: Game Manager
"BFG-Dark Tales - Edgar Allan Poe's The Black Cat" = Dark Tales: ™ Edgar Allan Poe's The Black Cat
"BFG-Drawn - Dark Flight" = Drawn: Dark Flight &reg;
"BFG-Drawn - The Painted Tower" = Drawn&reg;: The Painted Tower ™
"BFG-Mystery Case Files - Huntsville" = Mystery Case Files: Huntsville ™
"BFG-Mystery Legends - Beauty and the Beast Collectors Edition" = Mystery Legends: Beauty and the Beast Collectors Edition
"BhoScanner_is1" = BhoScanner 1.9
"Canon MG2100 series On-screen Manual" = Canon MG2100 series On-screen Manual
"Canon MG2100 series User Registration" = Canon MG2100 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Champions Online" = Champions Online
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DungeonSiege 1.0" = Dungeon Siege
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"EVE" = EVE Online (remove only)
"Evil Player" = Evil Player v1.27
"FileASSASSIN" = FileASSASSIN
"Free Download Manager_is1" = Free Download Manager 2.0
"Free RAR Extract Frog" = Free RAR Extract Frog
"FreeFileViewer_is1" = Free File Viewer 2012
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"Galactic Civilizations II - Dread Lords" = Galactic Civilizations II - Dread Lords
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Google Chrome" = Google Chrome
"Hijack This_is1" = Hijack This Version 1.97.7
"IconArt" = IconArt
"ie8" = Windows Internet Explorer 8
"Impulse" = Impulse
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"IrfanView" = IrfanView (remove only)
"JacquieLawsonAdventCalendar" = Jacquie Lawson Advent Calendar
"JLAdventCalendarAlpine2012" = Jacquie Lawson Alpine Advent Calendar
"JLAdventCalendarLondon2011" = Jacquie Lawson London Advent Calendar
"Karen's Replicator" = Karen's Replicator
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"MP3 Player Recovery Tool_is1" = MP3 Player Recovery Tool
"Mp3tag" = Mp3tag v2.49
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MuckClient" = MuckClient
"Muti ID3 Tag Editor" = Alex Buturuga - Muti ID3 Tag Editor 1.3b1
"MVApplication1" = Memorex exPressit Label Design Studio
"NetWorx" = NetWorx 3.1
"NVIDIA Drivers" = NVIDIA Drivers
"OnSiteMulticam" = DTT OnSite MultiCam Remote
"Photo Organizer 1.8" = Photo Organizer
"PlugY, The Survival Kit" = PlugY, The Survival Kit
"Portal© GT-D for Windows" = Portal© GT-D for Windows
"Print Artist 12.0" = SierraHome Print Artist 12.0
"Privacy Mantra 2.06" = Privacy Mantra 2.06
"Rainlendar" = Rainlendar (remove only)
"Runic Games TorchED" = TorchED
"Runic Games Torchlight" = Torchlight
"save2pc Light_is1" = save2pc Light 4.16
"SecondLifeViewer" = SecondLifeViewer (remove only)
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Steam App 46330" = Space Rangers 2: Reboot
"Super Jigsaw Kittens" = Super Jigsaw Kittens
"SuperNZB_is1" = SuperNZB v3.2.1
"SystemRequirementsLab" = System Requirements Lab
"The Print Shop Ensemble" = The Print Shop Ensemble III
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Trillian" = Trillian
"Trusted Software Assistant_is1" = File Type Assistant
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"UndeletePlus_is1" = Undelete Plus 2.98
"Unlocker" = Unlocker 1.8.9
"vfd-adk" = VideoFileDownload
"ViewpointMediaPlayer" = Viewpoint Media Player
"vol_toolbar" = Verizon Broadband Toolbar
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"WT079186" = FATE - The Traitor Soul
"Xvid_is1" = Xvid 1.2.1 final uninstall
"YNAB_Pro_is1" = YNAB Pro version 2.8.2.2
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{BE4BF7C1-AFE6-49B2-926E-FB63F7F56817}_is1" = Kongregate Client version 1.0.0.0
"090215de958f1060" = Curse Client
"Mars Simulation Project" = Mars Simulation Project
"SOE-EverQuest II" = EverQuest II
"SOE-Free Realms" = Free Realms
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"Wurm Online 2.7.5g" = Wurm Online 2.7.5g

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2013 2:17:25 PM | Computer Name = DILBERT | Source = Windows Search Service | ID = 3026
Description =

Error - 3/3/2013 7:48:12 PM | Computer Name = DILBERT | Source = Windows Search Service | ID = 1006
Description =

Error - 3/4/2013 1:11:08 AM | Computer Name = DILBERT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/4/2013 3:42:49 AM | Computer Name = DILBERT | Source = Windows Search Service | ID = 1006
Description =

Error - 3/4/2013 1:50:31 PM | Computer Name = DILBERT | Source = Windows Search Service | ID = 1006
Description =

Error - 3/5/2013 12:17:47 AM | Computer Name = DILBERT | Source = Windows Search Service | ID = 1006
Description =

Error - 3/5/2013 12:17:47 AM | Computer Name = DILBERT | Source = Windows Search Service | ID = 3026
Description =

Error - 3/5/2013 4:02:38 AM | Computer Name = DILBERT | Source = Windows Search Service | ID = 1006
Description =

Error - 3/6/2013 6:45:55 AM | Computer Name = DILBERT | Source = Windows Search Service | ID = 1006
Description =

Error - 3/6/2013 6:48:15 AM | Computer Name = DILBERT | Source = Windows Search Service | ID = 1006
Description =

[ System Events ]
Error - 3/6/2013 7:49:27 AM | Computer Name = DILBERT | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 3/6/2013 7:49:27 AM | Computer Name = DILBERT | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 3/6/2013 7:49:27 AM | Computer Name = DILBERT | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 3/6/2013 7:49:27 AM | Computer Name = DILBERT | Source = Service Control Manager | ID = 7001
Description = The TrueVector Internet Monitor service depends on the Vsdatant service
which failed to start because of the following error: %%31

Error - 3/6/2013 7:49:27 AM | Computer Name = DILBERT | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 3/6/2013 7:49:27 AM | Computer Name = DILBERT | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 3/6/2013 7:49:27 AM | Computer Name = DILBERT | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 3/6/2013 7:49:27 AM | Computer Name = DILBERT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 AswRdr aswSnx aswSP aswTdi BANTExt Fips IPSec Lbd MRxSmb NetBIOS NetBT pavboot pctgntdi
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip
Vsdatant
WS2IFSL

Error - 3/6/2013 7:50:17 AM | Computer Name = DILBERT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/6/2013 7:52:12 AM | Computer Name = DILBERT | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >
  • 0

#125
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I have been kind of busy and haven't been able to look at your logs yet. I should have something for you tomorrow. Posted Image
  • 0

#126
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
No prob, we're good ;)
  • 0

#127
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

It seems like AVAST had a glitch, so we need to uninstall and reinstall.

In Safe Mode with Networking download Avast Remover and AVAST install file. Now, disconnect your computer from the internet and uninstall AVAST from the Control Panel. Then, run the Avast Remover utility to get rid of any remnants.

Hopefully, your computer will now boot in normal mode. If so, install AVAST again from file you downloaded earlier. You can reconnect to the internet once it has installed.
  • 0

#128
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Installing from safe mode with networking failed b/c I couldn't get anywhere. But I downloaded it to a flash drive and ported it over, letting me uninstall and then reinstall in the manner described. Everything seems to work again.

AVAST recommended that it be the only antivirus program installed on my computer. If that's a problem for it, should I simply uninstall AVAST and keep my Malware Bytes and my SuperAntispyware?
  • 0

#129
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

AVAST recommended that it be the only antivirus program installed on my computer. If that's a problem for it, should I simply uninstall AVAST and keep my Malware Bytes and my SuperAntispyware?


SAS and MBAM will play okay with AVAST. SAS is an anti-spyware and MBAM is used as an on-demand scanner. You just don't want to have two real-time antivirus scanners on your computer at once.

Are we good now except for the explanation you wanted?
  • 0

#130
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Yes, we are good except for the explanation. Thank you for all your help and patience. ^^
  • 0

Advertisements


#131
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

I'll try and give you a little explanation of what happened, but I'm not sure exactly what went wrong in the first place. You initially had a TDSS infection which created a hidden partition on your hard drive to run its exploits from. You can read a little bit here. You had the latest version listed on the page. When you ran TDSSKiller, it apparently messed up in removing the infected partition and you ended up with no partition set as active (you also had some needed registry entries messed up too.) It took me awhile to finally notice that you had no active partition, but then we had trouble setting one as active, finally resorting to dumping your MBR (the first 512 bytes of your HD that contains the partition table) and manually editing it with a hexadecimal editor to set the active bit on your system partition. From there we could boot and clean up the mess left behind by the infection.

Whew! Kind of complicated. If you have any questions let me know.

Also, I just wanted to let you know that I noticed uTorrent on your computer. I would strongly recommend uninstalling it as P2P downloads are a major source of infection.
  • 0

#132
Jhackofalltrades

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
That'll work ^^

Thank you for your aid and explaination, Buddierdl. I'm pleased to have gotten my computer and data back without having to reinstall my entire OS and re-download all my game updates, amongst other things. I have noticed that my thread is larger than many others by quite a margin. And this pleased me, in that I had quite a sticky problem, one that I hope was fun and entertaining to solve. I have certainly learned a lot while I was here and have learned that there is soooooooooo much that I don't know and probably never will know. Thank you again. I think we're done here now. I'll be making a donation to the site to help with whatever it is that the donations help with. ^^

Thank you again,
Phil
  • 0

#133
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP