Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

printer network sharing (error 0x00000002) [Solved]

Started by salvar774 , Mar 11 2013 11:44 PM

This topic is locked

#31
salvar774

Posted 25 March 2013 - 01:23 PM

Member

Topic Starter
Member
65 posts

# AdwCleaner v2.115 - Logfile created 03/25/2013 at 14:18:44
# Updated 17/03/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Simon - SIMON-PC
# Boot Mode : Normal
# Running from : C:\Users\Simon\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Simon\AppData\Local\funmoods-speeddial.crx
Folder Deleted : C:\Program Files\adawaretb
Folder Deleted : C:\Program Files\Answers.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Simon\AppData\Local\Conduit
Folder Deleted : C:\Users\Simon\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Simon\AppData\LocalLow\Answers.com
Folder Deleted : C:\Users\Simon\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Simon\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Simon\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Simon\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Simon\AppData\LocalLow\SmartShopper

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Answers.com
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Answers.com Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6341761B-BABE-406D-B0D6-8D99B81C2EE5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6341761B-BABE-406D-B0D6-8D99B81C2EE5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Answers.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C840AC7-0EE1-43BE-8E76-E89CF71B4A24}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6341761B-BABE-406D-B0D6-8D99B81C2EE5}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6341761B-BABE-406D-B0D6-8D99B81C2EE5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Answers.com Toolbar
Key Deleted : HKLM\Software\PIP
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6341761B-BABE-406D-B0D6-8D99B81C2EE5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6341761B-BABE-406D-B0D6-8D99B81C2EE5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6341761B-BABE-406D-B0D6-8D99B81C2EE5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{6341761B-BABE-406D-B0D6-8D99B81C2EE5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\hxihw4zn.default-1363827374521\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://www.searchnu.com/102",
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/102", "hxxp://www.google.com/" ]
Deleted [l.42] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=100&systemid=102&sr=0&q={searchT[...]
Deleted [l.1339] : homepage = "hxxp://www.searchnu.com/102",
Deleted [l.1647] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/102", "hxxp://www.google.com/" ]

*************************

AdwCleaner[R1].txt - [5373 octets] - [25/03/2013 09:50:44]
AdwCleaner[R2].txt - [5460 octets] - [25/03/2013 14:18:11]
AdwCleaner[S1].txt - [371 octets] - [25/03/2013 09:52:24]
AdwCleaner[S2].txt - [5191 octets] - [25/03/2013 14:18:44]

########## EOF - C:\AdwCleaner[S2].txt - [5251 octets] ##########

#32
salvar774

Posted 25 March 2013 - 01:25 PM

Member

Topic Starter
Member
65 posts

# AdwCleaner v2.115 - Logfile created 03/25/2013 at 14:24:50
# Updated 17/03/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Simon - SIMON-PC
# Boot Mode : Normal
# Running from : C:\Users\Simon\Desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\hxihw4zn.default-1363827374521\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5373 octets] - [25/03/2013 09:50:44]
AdwCleaner[R2].txt - [5460 octets] - [25/03/2013 14:18:11]
AdwCleaner[R3].txt - [954 octets] - [25/03/2013 14:24:50]
AdwCleaner[S1].txt - [371 octets] - [25/03/2013 09:52:24]
AdwCleaner[S2].txt - [5320 octets] - [25/03/2013 14:18:44]

########## EOF - C:\AdwCleaner[R3].txt - [1132 octets] ##########

#33
salvar774

Posted 25 March 2013 - 01:42 PM

Member

Topic Starter
Member
65 posts

OTL logfile created on: 3/25/2013 2:26:42 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Simon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 59.85% Memory free
5.95 Gb Paging File | 4.87 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.59 Gb Total Space | 78.11 Gb Free Space | 34.93% Space Free | Partition Type: NTFS
Drive D: | 9.29 Gb Total Space | 1.27 Gb Free Space | 13.63% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 145.16 Gb Free Space | 31.17% Space Free | Partition Type: NTFS

Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/19 23:00:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
PRC - [2013/02/13 10:18:54 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/02/13 10:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/11/08 16:14:16 | 000,122,032 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
PRC - [2012/11/08 16:02:28 | 000,015,552 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
PRC - [2012/11/08 16:01:30 | 001,516,680 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
PRC - [2012/04/30 19:56:52 | 000,213,888 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
PRC - [2012/04/30 19:56:50 | 000,836,480 | ---- | M] (FileOpen Systems Inc.) -- C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2013/03/01 09:54:27 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/02/13 04:11:17 | 001,838,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\b9fe069cd0848273acf2ef4468bc1838\Microsoft.VisualBasic.ni.dll
MOD - [2013/02/13 04:06:03 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013/01/09 04:28:03 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 04:15:04 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 04:14:58 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013/01/09 04:14:55 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013/01/09 04:14:41 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 04:14:12 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 04:14:03 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/03/13 09:37:01 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 16:43:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/13 10:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/11/08 16:02:28 | 000,015,552 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/30 19:56:52 | 000,213,888 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/03/25 14:20:56 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C35F3EE-1FB8-4115-9C0E-7ABF3C1F486F}\MpKslf42b1426.sys -- (MpKslf42b1426)
DRV - [2013/03/01 09:54:26 | 000,055,448 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2013/03/01 09:54:16 | 000,316,984 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys -- (RapportCerberus_50414)
DRV - [2013/02/14 00:40:20 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/02/13 10:19:12 | 000,173,880 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/02/13 10:19:12 | 000,102,680 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/02/13 10:19:12 | 000,102,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/01 13:13:40 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 21:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 07:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 07:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/20 21:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2007/12/11 18:53:02 | 000,021,280 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- D:\PC-Doctor 5 for Win PE\pcd5srvc.pkms -- (PCD5SRVC{476DF190-667CD7B3-05040000})
DRV - [2007/10/26 18:51:22 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 09:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 44 9D 1A 71 23 CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Simon\AppData\Local\Roblox\Versions\version-8662400b82814a15\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/01/23 09:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 20:05:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/23 09:55:06 | 000,000,000 | ---D | M]

[2012/10/20 10:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Extensions
[2009/04/01 15:35:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/03/20 19:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\4xigq62v.default\extensions
[2013/03/20 19:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\4xigq62v.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/11/11 00:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/08 16:43:57 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/20 19:47:08 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/03/25 04:09:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DBAgent] C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker32.exe (FileOpen Systems Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Answers... - C:\Program Files\1-Click Answers\Html\atiemenu.htm ()
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{641CF3EB-4C4F-4B37-BD29-7F4BC0203EED}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/25 04:17:02 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\temp
[2013/03/25 04:10:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/25 03:43:25 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/03/23 01:13:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/23 01:13:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/23 01:13:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/23 01:02:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/22 08:54:22 | 005,042,224 | R--- | C] (Swearware) -- C:\Users\Simon\Desktop\ComboFix.exe
[2013/03/21 14:06:05 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\RK_Quarantine
[2013/03/21 13:58:21 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/03/21 13:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/03/21 13:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/03/20 21:34:12 | 000,000,000 | ---D | C] -- C:\0
[2013/03/20 19:56:22 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\Old Firefox Data
[2013/03/20 15:15:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/19 23:00:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2013/03/17 19:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/03/16 22:29:57 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Spotify
[2013/03/12 23:59:00 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2013/03/12 23:57:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/12 23:57:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/12 23:57:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/12 23:57:43 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/12 23:57:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/12 23:57:42 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/12 23:57:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/12 23:57:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/08 23:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2013/03/08 23:09:32 | 000,000,000 | ---D | C] -- C:\Brother
[2013/03/08 23:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2013/03/08 23:08:53 | 000,217,088 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2013/03/08 23:08:53 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
[2013/03/08 23:08:53 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
[2013/03/08 23:08:53 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
[2013/03/08 23:08:44 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll
[2013/03/08 16:36:26 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\New Folder
[2013/03/01 19:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/01 07:39:34 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2009/01/02 23:41:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Simon\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/03/25 14:27:24 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/25 14:27:24 | 000,107,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/25 14:21:03 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/25 14:20:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/25 14:20:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/25 14:20:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/25 14:16:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/25 13:38:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/25 04:19:21 | 000,609,993 | ---- | M] () -- C:\Users\Simon\Desktop\AdwCleaner.exe
[2013/03/25 04:09:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/03/22 19:26:03 | 000,001,159 | ---- | M] () -- C:\Users\Simon\Desktop\ROBLOX Player.lnk
[2013/03/22 08:54:51 | 005,042,224 | R--- | M] (Swearware) -- C:\Users\Simon\Desktop\ComboFix.exe
[2013/03/21 14:05:38 | 000,816,128 | ---- | M] () -- C:\Users\Simon\Desktop\RogueKiller.exe
[2013/03/21 13:59:44 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-SIMON-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
[2013/03/21 13:58:06 | 000,002,022 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/03/20 15:15:46 | 000,023,552 | ---- | M] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/19 23:28:57 | 000,016,984 | ---- | M] () -- C:\Users\Simon\Documents\Brother HL-2240D series.reg
[2013/03/19 23:00:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2013/03/18 13:33:14 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/03/18 13:33:14 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/03/17 23:35:03 | 000,001,356 | ---- | M] () -- C:\Users\Simon\AppData\Local\d3d9caps.dat
[2013/03/17 22:48:07 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/03/16 22:29:56 | 000,001,717 | ---- | M] () -- C:\Users\Simon\Desktop\Spotify.lnk
[2013/03/14 01:45:16 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/13 09:37:01 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/13 09:37:00 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/04 23:30:25 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/01 19:01:49 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/01 10:32:58 | 032,188,043 | ---- | M] () -- C:\Users\Simon\Desktop\iapmo.umc.2009.pdf
[2013/02/27 12:30:46 | 000,163,389 | ---- | M] () -- C:\Users\Simon\Desktop\Put_Your_Success_On_Auto-Pilot_Webinar_Workbook.pdf

========== Files Created - No Company Name ==========

[2013/03/25 04:19:15 | 000,609,993 | ---- | C] () -- C:\Users\Simon\Desktop\AdwCleaner.exe
[2013/03/23 01:13:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/23 01:13:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/23 01:13:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/23 01:13:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/23 01:13:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/21 14:27:32 | 000,816,128 | ---- | C] () -- C:\Users\Simon\Desktop\RogueKiller.exe
[2013/03/21 13:59:44 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-SIMON-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
[2013/03/21 13:58:05 | 000,002,022 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/03/19 23:25:27 | 000,016,984 | ---- | C] () -- C:\Users\Simon\Documents\Brother HL-2240D series.reg
[2013/03/17 19:48:19 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/03/16 22:29:56 | 000,001,717 | ---- | C] () -- C:\Users\Simon\Desktop\Spotify.lnk
[2013/03/13 23:39:30 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013/03/13 23:39:30 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2013/03/01 19:01:49 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/01 10:32:55 | 032,188,043 | ---- | C] () -- C:\Users\Simon\Desktop\iapmo.umc.2009.pdf
[2013/02/27 12:30:46 | 000,163,389 | ---- | C] () -- C:\Users\Simon\Desktop\Put_Your_Success_On_Auto-Pilot_Webinar_Workbook.pdf
[2012/11/02 20:25:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012/11/02 20:25:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012/11/02 20:25:08 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2012/09/23 22:09:56 | 000,000,201 | ---- | C] () -- C:\Users\Simon\AppData\Local\p1.htm
[2012/09/15 10:56:36 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012/09/14 14:25:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/09/14 14:25:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/09/12 19:55:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/09/12 19:07:40 | 000,023,552 | ---- | C] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/12 18:43:57 | 000,157,639 | ---- | C] () -- C:\Windows\hpoins28.dat
[2012/09/12 18:43:57 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2012/09/11 23:20:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/01/17 17:01:50 | 000,008,440 | ---- | C] () -- C:\Users\Simon\AppData\Local\8369c549
[2011/10/06 10:51:48 | 000,000,288 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\.backup.dm
[2011/08/06 00:29:52 | 000,345,438 | ---- | C] () -- C:\Users\Simon\AppData\Local\census.cache
[2011/08/06 00:28:14 | 000,262,485 | ---- | C] () -- C:\Users\Simon\AppData\Local\ars.cache
[2010/01/06 18:23:09 | 000,000,036 | ---- | C] () -- C:\Users\Simon\AppData\Local\housecall.guid.cache
[2009/08/06 22:28:17 | 000,000,000 | ---- | C] () -- C:\Users\Simon\AppData\Local\rx_image.Cache
[2009/03/25 00:32:06 | 000,394,045 | ---- | C] () -- C:\Users\Simon\AppData\Local\p2.htm
[2009/03/23 14:04:04 | 000,000,035 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\SetValue.bat
[2009/01/02 23:41:25 | 000,007,887 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\pcouffin.cat
[2009/01/02 23:41:25 | 000,001,144 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\pcouffin.inf
[2008/08/23 11:55:02 | 000,000,093 | ---- | C] () -- C:\Users\Simon\AppData\Local\fusioncache.dat
[2008/08/16 10:51:03 | 000,000,420 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\wklnhst.dat
[2008/08/14 13:57:43 | 000,001,356 | ---- | C] () -- C:\Users\Simon\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\yoku.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\wistfull kill.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\When Thou Art Converted.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\war.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\walmart money card 10 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\virginia.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\userguide_bb8130_cdma.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\usana meeting.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\TX ac.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\trigos.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\tribe wars.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\tribe 2009.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\tribalkills.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\tresure island.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\treasue condo 06 18 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\tomasa house keeping.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\temple.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\TECL.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\TDLR Home beto license.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\sprint pay 08 15 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\sprint pay 0556 05 20 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\sprint pay 03 21 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\sprint paty 09 15 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\sprint 12 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\sprint 0109.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\spirt pay 11 25 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\spirnt pay 02 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Simon Alvarado dba.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\siliva flora.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\silencer.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\SA ACCOUNT.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 06 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 05 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 04 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 03 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 02 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 01 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr pay 12 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rr acount.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\roy.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rock star gabi 06 18 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\RI_Secrets_Revealed.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\rgv rr pay 11 10 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\read 87 lorayn.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\read 61.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\prices lux air.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ppl pay.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ppl pay 02 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\posada.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\pi sevice.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\pi service2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\patience.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Paradise lien.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\padres.avi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\oogs.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Office2007TrialActivationKey.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ocean motion 05 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Obama.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Motor Vehicle Bill of Sale.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\moto.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\moto 2009.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\moto 2.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\mota.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\mormon.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\moctezuma.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\mobi book buy 06 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\master license pay 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\LV Imagining.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\lv imagining 2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\lmwd pay 04 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\LDS Library.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\LDS Library 2009.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\kri.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\judy new.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\judy brooks.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\jade pay 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Invoice that calculates total1.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\huisache house.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\How to Develop your memory.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\gtrrl trineal.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Greetings President Mata.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\gemaie.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\gabi ice maker.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\gabi condesattion pump repar.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\gabi 06 05 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\gabi 05 28 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\fitness center.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\filters gabi 06 05 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\farms.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Electrical bid eduardo 06 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\electric contractor license.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\electric bill 06 23 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\edna.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\edna computor board job.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dtv coupon 02 28 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dolphin.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish pay.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish pay 12 19 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish pay 10 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish pay 09 08 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish pay 04 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish pay 11 10 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish pay 0203 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dish 06 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dis pay 05 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\dillon science.ppt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\deli job.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Deli ac for virginia Vega.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\deli ac 2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\DallasCowboys.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\CURSO DE FORMACIÓN PARA HOMBRES.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\confession of a half hearted home yeacher.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\charley brommer work.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\change out comp 02 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\change compre sot.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ced ac.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\caveman.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\CAve.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\cave enimies.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Camfrog.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\blackberry 2.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\black berry.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\beto license.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\beto 10 08 09 license.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Bert.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Being There-the Most Important Thing in Home Teaching .pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\AWAKE_O_SLEEPER.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\APEX AIR ELECTRIC SERVICE.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\APEX AIR ELECTRIC SERVICE TECL-1.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit poay 02 90.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit pay 12c 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit pay 11 25 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit pay 09 18 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit pay 08 25 08.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit pay 07 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit pay 04 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ambit pay 01 09.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ActiveScan44.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ActiveScan 1.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\AC pi Clinic 01 09.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ac kicense.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ac island.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\Ac golf pacific.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\ac deli.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\A Halfhearted Home Teacher Repents .pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Simon\Documents\2009 invite.txt:Roxio EMC Stream
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:D2F2F703

< End of report >

#34
Dakeyras

Posted 25 March 2013 - 03:26 PM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

Perform the below scan for myself please as the main infection(rootkit) we have been dealing with can affect/change certain crucial aspects of a operating system...

Scan with FSS:

Please download Farbar Service Scanner and save to your Desktop.

Right-click FSS.exe and select Run as Administrator to start the program.
Select all available options
Then click on the Scan tab.
When the scan is complete, it will produce a log named FSS.txt.
Post the contents in your next reply.

#35
salvar774

Posted 25 March 2013 - 04:47 PM

Member

Topic Starter
Member
65 posts

Farbar Service Scanner Version: 03-03-2013
Ran by Simon (administrator) on 25-03-2013 at 17:45:41
Running from "C:\Users\Simon\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-12 15:04] - [2013-01-04 06:28] - 0914792 ____A (Microsoft Corporation) 3535CD93F944C00F098E73E12EE7FEB6

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#36
Dakeyras

Posted 26 March 2013 - 04:22 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

The results of the last scan I asked you to run are favourable so lets proceed as follows shall we...

Java Advice:

There has been a recent severe exploitation of this software(actually still on-going), further information can be read here. The aforementioned article will also explain on how to disable the plugins, though my friendly advice would be to uninstall all if you do not use anything Java related.

At present I do not even have anything Java related installed on my machines nor intend to for the foreseeable future. The below is currently all Java related you have installed:-

Java 7 Update 7
Java Auto Updater

Custom OTL Script:

Right-click OTL.exe and select Run as Administrator to start the program.
Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O8 - Extra context menu item: Answers... - C:\Program Files\1-Click Answers\Html\atiemenu.htm ()
[2013/03/20 21:34:12 | 000,000,000 | ---D | C] -- C:\0
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:D2F2F703

:Files
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\4xigq62v.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[EmptyTemp]

Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista Users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here to run the scan...

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then right click on it and select Run as Administrator to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the log file first!
Now click on:
Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Next:

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Eset Log.

#37
salvar774

Posted 26 March 2013 - 09:07 PM

Member

Topic Starter
Member
65 posts

My computer is running very fast and seems to not have any problems .
I still can not turn on my printer sharing , get the same error error 0x00000002

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Answers...\ deleted successfully.
C:\Program Files\1-Click Answers\Html\atiemenu.htm moved successfully.
C:\0\RUN\quarantine folder moved successfully.
C:\0\RUN\HiJackFree\Process folder moved successfully.
C:\0\RUN\HiJackFree\Port folder moved successfully.
C:\0\RUN\HiJackFree\Clsid folder moved successfully.
C:\0\RUN\HiJackFree\Autorun folder moved successfully.
C:\0\RUN\HiJackFree folder moved successfully.
C:\0\RUN folder moved successfully.
C:\0 folder moved successfully.
ADS C:\ProgramData\TEMP:D2F2F703 deleted successfully.
========== FILES ==========
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\zh_TW folder moved successfully.
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\zh_CN folder moved successfully.
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\pt_BR folder moved successfully.
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\ja folder moved successfully.
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\fr folder moved successfully.
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\es folder moved successfully.
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\en folder moved successfully.
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\de folder moved successfully.
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales folder moved successfully.
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\images folder moved successfully.
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 folder moved successfully.
C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm folder moved successfully.
C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\4xigq62v.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\locale folder moved successfully.
C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\4xigq62v.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Simon\Desktop\cmd.bat deleted successfully.
C:\Users\Simon\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
An unrecoverable Windows Firewall error (0x3) occurred.
C:\Users\Simon\Desktop\cmd.bat deleted successfully.
C:\Users\Simon\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Simon\Desktop\cmd.bat deleted successfully.
C:\Users\Simon\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Simon
->Temp folder emptied: 9179587 bytes
->Temporary Internet Files folder emptied: 233654746 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 379214719 bytes
->Google Chrome cache emptied: 365194624 bytes
->Apple Safari cache emptied: 3609600 bytes
->Flash cache emptied: 1436329 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46263524 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 990.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03262013_093011

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\atmosphere.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\atmosphere.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\atmosphere.glsllib scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\glsles.h scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\precipitation_double_cone.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\precipitation_double_cone.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\speedtree_configuration_glsles.h scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\speedtree_utils_glsles.h scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbillboard.arbfp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbillboard.arbvp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbillboard.asd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbillboard.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbillboard.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbillboard.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbillboard.ps_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbillboard.vs_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbranch.arbfp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbranch.arbvp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbranch.asd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbranch.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbranch.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbranch.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbranch.ps_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stbranch.vs_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stcommonobjects.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stfrond.arbfp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stfrond.arbvp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stfrond.asd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stfrond.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stfrond.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stfrond.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stfrond.ps_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stfrond.vs_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafcard.arbfp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafcard.arbvp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafcard.asd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafcard.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafcard.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafcard.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafcard.ps_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafcard.vs_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafmesh.arbfp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafmesh.arbvp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafmesh.asd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafmesh.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafmesh.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafmesh.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafmesh.ps_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\stleafmesh.vs_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\water.glsllib scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\watersurface.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\shaders\watersurface.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\planet\earth.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\keyboard\generic.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\keyboard\sr22.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\hud\generic.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\hud\sr22.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\controller\generic.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\controller\genius_maxfighter_f16u.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_attack3.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_extreme_3d.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_force_3d.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_freedom.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\controller\saitek_cyborg_evo.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\controller\saitek_x52.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_hawk.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_widow.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_cougar_flightstick.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_dark_tornado.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\controller\xbox_360.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\aircraft\f16.acf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\aircraft\sr22.acf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\flightsim\flightsim.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\application.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\balloons.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\builtin_webdata.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\cursor_crosshair_inverse.png scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\cursor_crosshair_thick.png scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\doppler.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\effects.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\filmstrip.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\leftpanel-common.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\leftpanel-layer.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\localshapes.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\navcontrols.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\notifications.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\progress.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\renderui.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\search.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\spin_icon.png scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\statusbar.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\terrainmgr.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\tmcontrols.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\toolbar.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\tourcontrols.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\unknown_plugin.png scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\userpalette.kml scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\res\webbrowser.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\ar.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\bg.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\ca.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\cs.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\da.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\de.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\el.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\en.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\es-419.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\es.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\fa.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\fi.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\fil.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\fr.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\he.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\hi.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\hr.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\hu.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\id.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\it.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\ja.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\ko.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\lt.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\lv.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\nl.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\no.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\pl.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\pt-PT.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\pt.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\ro.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\ru.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\sk.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\sl.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\sr.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\sv.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\th.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\tr.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\uk.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\vi.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\zh-Hans.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\zh-Hant-HK.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\lang\zh-Hant.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\drivers.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\googleearth.exe.local scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\google_earth.ico scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\gpl.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\ImporterGlobalSettings.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\ImporterUISettings.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\kh20 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\PCOptimizations.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\plugin\uninstall.ico scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\atmosphere.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\atmosphere.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\atmosphere.glsllib scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\glsles.h scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\precipitation_double_cone.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\precipitation_double_cone.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\speedtree_configuration_glsles.h scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\speedtree_utils_glsles.h scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbillboard.arbfp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbillboard.arbvp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbillboard.asd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbillboard.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbillboard.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbillboard.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbillboard.ps_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbillboard.vs_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbranch.arbfp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbranch.arbvp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbranch.asd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbranch.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbranch.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbranch.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbranch.ps_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stbranch.vs_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stcommonobjects.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stfrond.arbfp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stfrond.arbvp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stfrond.asd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stfrond.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stfrond.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stfrond.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stfrond.ps_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stfrond.vs_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafcard.arbfp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafcard.arbvp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafcard.asd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafcard.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafcard.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafcard.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafcard.ps_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafcard.vs_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafmesh.arbfp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafmesh.arbvp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafmesh.asd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafmesh.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafmesh.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafmesh.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafmesh.ps_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\stleafmesh.vs_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\water.glsllib scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\watersurface.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\shaders\watersurface.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\planet\earth.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\keyboard\generic.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\keyboard\sr22.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\hud\generic.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\hud\sr22.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\controller\generic.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\controller\genius_maxfighter_f16u.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\controller\logitech_attack3.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\controller\logitech_extreme_3d.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\controller\logitech_force_3d.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\controller\logitech_freedom.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\controller\saitek_cyborg_evo.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\controller\saitek_x52.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\controller\speed_link_black_hawk.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\controller\speed_link_black_widow.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\controller\speed_link_cougar_flightstick.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\controller\speed_link_dark_tornado.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\controller\xbox_360.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\aircraft\f16.acf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\aircraft\sr22.acf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\flightsim\flightsim.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\application.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\balloons.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\builtin_webdata.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\cursor_crosshair_inverse.png scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\cursor_crosshair_thick.png scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\default_myplaces.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\doppler.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\effects.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\filmstrip.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\leftpanel-common.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\leftpanel-layer.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\localshapes.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\navcontrols.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\notifications.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\progress.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\renderui.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\search.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\spin_icon.png scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\startinglocations-nonmac.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\startinglocations.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\statusbar.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\terrainmgr.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\tmcontrols.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\toolbar.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\tourcontrols.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\unknown_plugin.png scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\userpalette.kml scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\res\webbrowser.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\ar.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\bg.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\ca.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\cs.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\da.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\de.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\el.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\en.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\es-419.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\es.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\fa.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\fi.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\fil.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\fr.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\he.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\hi.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\hr.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\hu.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\id.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\it.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\ja.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\ko.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\lt.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\lv.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\nl.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\no.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\pl.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\pt-PT.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\pt.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\ro.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\ru.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\sk.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\sl.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\sr.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\sv.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\th.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\tr.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\uk.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\vi.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\zh-Hans.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\zh-Hant-HK.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\lang\zh-Hant.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\drivers.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\googleearth.exe.local scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\google_earth.ico scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\gpl.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\ImporterGlobalSettings.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\ImporterUISettings.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\kh20 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\kml_file.ico scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\kmz_file.ico scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\PCOptimizations.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\program files\Google\Google Earth\client\uninstall.ico scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\LocalAppData\Google\Custom Buttons\toolbar.google.com_MXE8GT6B9RBHXCGLZ06L.xml scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0402.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0403.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0404.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0405.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0406.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0407.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0408.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0409.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x040a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x040b.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x040c.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x040d.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x040e.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0410.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0411.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0412.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0413.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0414.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0415.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0416.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0418.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0419.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x041a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x041b.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x041d.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x041e.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x041f.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0421.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0422.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0424.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0426.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0427.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x042a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0804.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0809.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x080a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0816.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0c01.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0c0a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x0c1a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x100a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x140a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x180a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x1c0a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x200a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x240a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x280a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x2c0a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x300a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x340a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x380a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\0x3c0a.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\10250.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1026.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1027.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1028.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1029.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1030.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1031.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1032.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1033.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1034.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1035.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1036.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1037.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1038.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1040.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1041.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1042.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1043.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1044.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1045.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1046.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1048.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1049.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1050.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1051.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1053.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1054.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1055.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1057.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1058.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1060.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1062.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1063.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\1066.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\11274.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\12298.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\13322.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\14346.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\15370.mst scheduled to be moved on reboot.

File move failed. C:\Windows\temp\._msige61\2052.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\2057.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\2058.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\2070.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\3073.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\3082.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\3098.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\4106.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\5130.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\6154.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\7178.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\8202.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\9226.mst scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\Google Earth.msi scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msige61\Setup.ini scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

C:\ProgramData\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\Windows\System32\Process.exe.vir Win32/PrcView application
C:\SDFix\apps\Process.exe Win32/PrcView application
C:\Users\All Users\ProgramData\Application Data\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Simon\Desktop\New Folder\Old Firefox Data\prefs.js JS/SecurityDisabler.A.Gen application
C:\Users\Simon\Desktop\New Folder\Old Firefox Data\user.js JS/SecurityDisabler.A.Gen application
C:\Users\Simon\Downloads\Adaware_Installer (1).exe Win32/OpenCandy application
C:\Users\Simon\Downloads\camfrog.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Simon\Downloads\Exhilarate___The_Ultimate_Zumba_Fitness_DVD_Experience.exe Win32/Adware.1ClickDownload.C application
C:\Users\Simon\Downloads\freefileviewer_518.exe a variant of Win32/InstallIQ application
C:\Users\Simon\Downloads\GraboidVideoSetup-2.03a-Complete.exe Win32/Graboid application
C:\Users\Simon\Downloads\iLividSetupV1(1).exe Win32/Toolbar.SearchSuite application
C:\Users\Simon\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
C:\Users\Simon\Downloads\jZipSetup-r100-w.exe Win32/Toolbar.SearchSuite application
C:\Users\Simon\Downloads\SDFix.exe Win32/PrcView application
C:\Users\Simon\Downloads\SetupImgBurn_2.5.5.0.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Simon\Downloads\SoftonicDownloader_para_mipony.exe a variant of Win32/SoftonicDownloader.E application
C:\Users\Simon\Downloads\U_0113_01_P.msi a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Simon\Downloads\WeatherBugSetup.msi a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Simon\Downloads\WinFXVideoConverterInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Simon\more stuff\Desktop\new stuff 2011\2011\simon\short cuts\rey stuff\SmitfraudFix\Process.exe Win32/PrcView application
C:\Users\Simon\more stuff\Desktop\new stuff 2011\2011\simon\short cuts\rey stuff\SmitfraudFix\SmitfraudFix\Process.exe Win32/PrcView application
C:\Windows\Installer\19511b7.msi a variant of Win32/Bundled.Toolbar.Ask application
G:\lap top\2001\monica\XvidSetup(4).exe multiple threats
G:\lap top\2001\monica\XvidSetup(5).exe multiple threats
G:\lap top\2001\monica\XvidSetup.exe multiple threats
G:\lap top\monica\7zip_bimo_d154539.exe a variant of Win32/InstallIQ application
G:\lap top\monica\speedupmypc.exe Win32/SpeedUpMyPC application
G:\new back uo 03 13\Downloads\Adaware_Installer (1).exe Win32/OpenCandy application
G:\new back uo 03 13\Downloads\camfrog.exe a variant of Win32/Bundled.Toolbar.Ask application
G:\new back uo 03 13\Downloads\Exhilarate___The_Ultimate_Zumba_Fitness_DVD_Experience.exe Win32/Adware.1ClickDownload.C application
G:\new back uo 03 13\Downloads\freefileviewer_518.exe a variant of Win32/InstallIQ application
G:\new back uo 03 13\Downloads\GraboidVideoSetup-2.03a-Complete.exe Win32/Graboid application
G:\new back uo 03 13\Downloads\iLividSetupV1(1).exe Win32/Toolbar.SearchSuite application
G:\new back uo 03 13\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
G:\new back uo 03 13\Downloads\jZipSetup-r100-w.exe Win32/Toolbar.SearchSuite application
G:\new back uo 03 13\Downloads\SDFix.exe Win32/PrcView application
G:\new back uo 03 13\Downloads\SetupImgBurn_2.5.5.0.exe a variant of Win32/Bundled.Toolbar.Ask application
G:\new back uo 03 13\Downloads\SoftonicDownloader_para_mipony.exe a variant of Win32/SoftonicDownloader.E application
G:\new back uo 03 13\Downloads\U_0113_01_P.msi a variant of Win32/Bundled.Toolbar.Ask application
G:\new back uo 03 13\Downloads\WeatherBugSetup.msi a variant of Win32/Bundled.Toolbar.Ask application
G:\new back uo 03 13\Downloads\WinFXVideoConverterInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
G:\new back uo 03 13\more stuff\Desktop\new stuff 2011\2011\simon\short cuts\rey stuff\SmitfraudFix\Process.exe Win32/PrcView application
G:\new back uo 03 13\more stuff\Desktop\new stuff 2011\2011\simon\short cuts\rey stuff\SmitfraudFix\SmitfraudFix\Process.exe Win32/PrcView application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Qoobox\Quarantine\C\Windows\System32\Process.exe.vir Win32/PrcView application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\camfrog.exe a variant of Win32/Bundled.Toolbar.Ask application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\Exhilarate___The_Ultimate_Zumba_Fitness_DVD_Experience.exe Win32/Adware.1ClickDownload.C application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\freefileviewer_518.exe a variant of Win32/InstallIQ application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\GraboidVideoSetup-2.03a-Complete.exe Win32/Graboid application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\iLividSetupV1(1).exe Win32/Toolbar.SearchSuite application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\jZipSetup-r100-w.exe Win32/Toolbar.SearchSuite application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\SDFix.exe Win32/PrcView application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\SetupImgBurn_2.5.5.0.exe a variant of Win32/Bundled.Toolbar.Ask application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\U_0113_01_P.msi a variant of Win32/Bundled.Toolbar.Ask application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\WeatherBugSetup.msi a variant of Win32/Bundled.Toolbar.Ask application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\WinFXVideoConverterInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\more stuff\Desktop\new stuff 2011\2011\simon\short cuts\rey stuff\SmitfraudFix\Process.exe Win32/PrcView application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\more stuff\Desktop\new stuff 2011\2011\simon\short cuts\rey stuff\SmitfraudFix\SmitfraudFix\Process.exe Win32/PrcView application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130123_015806_Simon1Inc52\C\Users\Simon\Downloads\SoftonicDownloader_para_mipony.exe a variant of Win32/SoftonicDownloader.E application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130206_015809_Simon1Inc65\C\Users\Simon\Downloads\Adaware_Installer (1).exe Win32/OpenCandy application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Qoobox\Quarantine\C\Windows\System32\Process.exe.vir Win32/PrcView application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\Adaware_Installer (1).exe Win32/OpenCandy application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\camfrog.exe a variant of Win32/Bundled.Toolbar.Ask application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\Exhilarate___The_Ultimate_Zumba_Fitness_DVD_Experience.exe Win32/Adware.1ClickDownload.C application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\freefileviewer_518.exe a variant of Win32/InstallIQ application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\GraboidVideoSetup-2.03a-Complete.exe Win32/Graboid application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\iLividSetupV1(1).exe Win32/Toolbar.SearchSuite application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\jZipSetup-r100-w.exe Win32/Toolbar.SearchSuite application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\SDFix.exe Win32/PrcView application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\SetupImgBurn_2.5.5.0.exe a variant of Win32/Bundled.Toolbar.Ask application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\SoftonicDownloader_para_mipony.exe a variant of Win32/SoftonicDownloader.E application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\U_0113_01_P.msi a variant of Win32/Bundled.Toolbar.Ask application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\WeatherBugSetup.msi a variant of Win32/Bundled.Toolbar.Ask application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\WinFXVideoConverterInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\more stuff\Desktop\new stuff 2011\2011\simon\short cuts\rey stuff\SmitfraudFix\Process.exe Win32/PrcView application
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\more stuff\Desktop\new stuff 2011\2011\simon\short cuts\rey stuff\SmitfraudFix\SmitfraudFix\Process.exe Win32/PrcView application

Edited by salvar774, 26 March 2013 - 09:09 PM.

#38
Dakeyras

Posted 27 March 2013 - 03:56 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

My computer is running very fast and seems to not have any problems .

Good.

I still can not turn on my printer sharing , get the same error error 0x00000002

We may be able to rectify that if not you might have to continue with your original topic here.

Also there appears to be a problem with the actual Vista Firewall policy's as in it did not reset correctly. This may also be one of the reasons for the on-going printer sharing issue. Either way both are most likely the result of the main infection we have been dealing with.

Next:

I see both SDFix and SmitfraudFix have been downloaded in the past etc. Some friendly advice about these two particular applications, it actually takes specific training to be able too use both correctly and in-fact they are no longer used and or updated. Plus the use of the aforementioned could seriously damage a Operating System to be quite frank.

It appears some of your backups are compromised, nothing particularly untoward but we can deal with those and what else requires addressing re the online scan results in due course.

Submit a File for Analysis:

Please go to my file submission channel here.

Next to the box:- Link to topic where this file was requested: Add in the below:-

http://www.geekstogo.com/forum/topic/328229-printer-network-sharing-error-0x00000002

Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

C:\Windows\Installer\19511b7.msi

Then click on the Send File tab. I will be notified when the file has been uploaded and checked.

Vista-System File Checker:

Click on Start(Vista Orb).
Click on All Programs >> Accessories
Right click on Command Prompt and select Run as Administrator.
Click on Continue in the UAC prompt.
At the Command Prompt C:\Windows\System32> type in the following exactly:
cd c:\
Then depress the Enter/Return key, then type in the following exactly:
sfc /scannow
Then depress the Enter/Return key.

Note: This may take awhile to finish. When completed type in shutdown -r -t 1 then depress the Enter/Return key. This should automatically reboot your machine.

Download/Run a Fixit:

Please download this Fixit to your desktop.

Right-click on MicrosoftFixit.WindowsFirewall.RNP.38287806776131921.1.1.Run.exe and select Run as Administrator >> once it loads/starts click on Accept >> when the Windows Firewall Troubleshooter has loaded...
Click on Detect problems and apply fixes for me (Recommended) >> select the option Allow File and Printer Sharing >> once done it should say Fixed, click on Next >> select the appropriate option >> Next
Now click on Close >> Reboot your machine if not prompted to do so.

Next:

Let myself know when completed the above and if any problems encountered etc. We will then go from there, thank you.

#39
salvar774

Posted 27 March 2013 - 08:11 AM

Member

Topic Starter
Member
65 posts

file submitted on march 27th 2013 on bleeping computer

Your file was successfully submitted. Please let the user helping you know that you have submitted the file.

#40
Dakeyras

Posted 27 March 2013 - 08:15 AM

Anti-Malware Mammoth

Expert
9,772 posts

Acknowledged...I actually receive a email notification of such(have from the submission site) but thank you for the courtesy of informing myself anyway.

#41
salvar774

Posted 27 March 2013 - 08:52 AM

Member

Topic Starter
Member
65 posts

Mr fix it report
Windows Firewall TroubleshooterPublisher details

Issues found
Cannot Access Shared Files and PrintersCannot Access Shared Files and
Printers
You cannot access shared files and printers even though you have enabled
File and Printer Sharing in Windows.Not fixed
Allow File and Printer SharingSucceeded

Remote Assistance is not workingRemote Assistance is not working
Remote Assistance is not working even though you have enabled Remote
Assistance in Windows.Not fixed
Allow Remote AssistanceSucceeded

Issues checked
Windows could not start Windows FirewallWindows could not start Windows
Firewall
On a computer that is running Windows 7 or Windows Vista, you find that
the Windows Firewall service is not running. When you try to manually
start the service, you receive the following error message: "Windows could
not start the Windows Firewall, DHCP client, or Diagnostic Policy on Local
Computer. For more information, review the System Event Log. If this is a
non-Microsoft service, contact the service vendor, and refer to
service-specific error code 5."Checked
Windows could not start Windows Firewall BFE serviceWindows could not
start Windows Firewall BFE service
On a computer that is running Windows 7 or Windows Vista, the Windows
Firewall service is not running. When you try to manually start the
service, you receive the following error message "Windows could not start
the Windows Firewall, DHCP client, or Diagnostic Policy on Local Computer.
For more information, review the System Event Log. For more information,
review the System Event Log. If this is a non-Microsoft service, contact
the service vendor, and refer to service-specific error code 5."Checked
Windows Firewall service is not startedWindows Firewall service is not
started
Windows Firewall service is not running or is not started.Checked

Issues foundDetection details

6Cannot Access Shared Files and PrintersNot fixed

You cannot access shared files and printers even though you have enabled
File and Printer Sharing in Windows.
Allow File and Printer SharingSucceeded

Windows Firewall may be blocking File and Printer Sharing. Opening
Windows Firewall ports for File and Printer Sharing will fix this
problem.

6Remote Assistance is not workingNot fixed

Remote Assistance is not working even though you have enabled Remote
Assistance in Windows.
Allow Remote AssistanceSucceeded

Remote Assistance does not work because it is blocked by Windows
Firewall. Unblocking Remote Assistance so that it will be allowed by
Windows Firewall will fix this problem.

Issues checkedDetection details

6Windows could not start Windows FirewallChecked

On a computer that is running Windows 7 or Windows Vista, you find that
the Windows Firewall service is not running. When you try to manually
start the service, you receive the following error message: "Windows could
not start the Windows Firewall, DHCP client, or Diagnostic Policy on Local
Computer. For more information, review the System Event Log. If this is a
non-Microsoft service, contact the service vendor, and refer to
service-specific error code 5."
Set permissions for the related registry keysNot Run

This problem can occur if the "MpsSvc" and "Administrators" accounts
do not have the required permissions for the related registry
subkeys.You can resolve this problem by setting permissions for the
related registry subkeys. This fix applies only to computers that
are not using Group Policy settings to manage the firewall.

6Windows could not start Windows Firewall BFE serviceChecked

On a computer that is running Windows 7 or Windows Vista, the Windows
Firewall service is not running. When you try to manually start the
service, you receive the following error message "Windows could not start
the Windows Firewall, DHCP client, or Diagnostic Policy on Local Computer.
For more information, review the System Event Log. For more information,
review the System Event Log. If this is a non-Microsoft service, contact
the service vendor, and refer to service-specific error code 5."
Set permissions for the related registry keysNot Run

This problem can occur if the "BFE" account does not have the
required permissions for the related registry subkeys. You can
resolve this problem by setting permissions for the related registry
subkeys. This fix applies only to computers that are not using Group
Policy settings to manage the firewall.

6Windows Firewall service is not startedChecked

Windows Firewall service is not running or is not started.
Start Windows Firewall serviceNot Run

Starting the Windows Firewall service resolves this problem.

Detection details

Collection information
Computer Name: SIMON-PC
Windows Version:6.0
Architecture:x86
Time:3/27/2013 9:46:33 AM

Publisher details

Windows Firewall Troubleshooter
Automatically repair Windows Firewall problems, such as Windows fails to
start Windows Firewall service (0x5), BFE service is missing, or Windows
remote assistance is not working
Package Version:1.2
Publisher:Microsoft Corporation

#42
Dakeyras

Posted 27 March 2013 - 09:00 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

Did the System File Check run OK and or detect anything it could not fix for example ?

Re-scan with FSS:

Delete FSS.txt from the desktop if still present >> empty the Recycle Bin.

Right-click FSS.exe and select Run as Administrator to start the program.
Select all available options.
Then click on the Scan tab.
When the scan is complete, it will produce a log named FSS.txt.
Post the contents in your next reply.

#43
salvar774

Posted 27 March 2013 - 10:47 AM

Member

Topic Starter
Member
65 posts

the sfc ran and rebooted no problems . will run fss.exe later today thank you

#44
salvar774

Posted 27 March 2013 - 12:12 PM

Member

Topic Starter
Member
65 posts

Farbar Service Scanner Version: 03-03-2013
Ran by Simon (administrator) on 27-03-2013 at 13:11:02
Running from "C:\Users\Simon\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-12 15:04] - [2013-01-04 06:28] - 0914792 ____A (Microsoft Corporation) 3535CD93F944C00F098E73E12EE7FEB6

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Edited by salvar774, 27 March 2013 - 12:13 PM.

#45
Dakeyras

Posted 27 March 2013 - 04:08 PM

Anti-Malware Mammoth

Expert
9,772 posts

Hi.

the sfc ran and rebooted no problems . will run fss.exe later today thank you

Good and you're welcome!

Regarding the results of the file submission, appears to be what is known as a false positive detection so no further action is required etc.

Lets address the results of the online scan as I mentioned prior and in the process see if able to reset the windows firewall this time...

Custom OTL Script:

Right-click OTL.exe and select Run as Administrator to start the program.
Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:Files
C:\ProgramData\ProgramData\Tarma Installer
C:\Users\All Users\ProgramData\Application Data\ProgramData\Tarma Installer
C:\Users\All Users\ProgramData\Tarma Installer
C:\Users\Simon\Downloads\Adaware_Installer (1).exe
C:\Users\Simon\Downloads\freefileviewer_518.exe
C:\Users\Simon\Downloads\GraboidVideoSetup-2.03
C:\Users\Simon\Downloads\iLividSetupV1(1).exe
C:\Users\Simon\Downloads\iLividSetupV1.exe
C:\Users\Simon\Downloads\jZipSetup-r100-w.exe
C:\Users\Simon\Downloads\SDFix.exe Win32/PrcView application
C:\Users\Simon\Downloads\Exhilarate___The_Ultimate_Zumba_Fitness_DVD_Experience.exe
C:\Users\Simon\more stuff\Desktop\new stuff 2011\2011\simon\short cuts\rey stuff\SmitfraudFix
G:\lap top\2001\monica\XvidSetup(4).exe
G:\lap top\2001\monica\XvidSetup(5).exe
G:\lap top\2001\monica\XvidSetup.exe
G:\new back uo 03 13\Downloads\Adaware_Installer (1).exe
G:\new back uo 03 13\Downloads\Exhilarate___The_Ultimate_Zumba_Fitness_DVD_Experience.exe
G:\new back uo 03 13\Downloads\freefileviewer_518.exe
G:\new back uo 03 13\Downloads\GraboidVideoSetup-2.03a-Complete.exe
G:\new back uo 03 13\Downloads\iLividSetupV1(1).exe
G:\new back uo 03 13\Downloads\iLividSetupV1.exe
G:\new back uo 03 13\Downloads\jZipSetup-r100-w.exe
G:\new back uo 03 13\Downloads\SDFix.exe
G:\new back uo 03 13\Downloads\SetupImgBurn_2.5.5.0.exe
G:\new back uo 03 13\Downloads\SoftonicDownloader_para_mipony.exe
G:\new back uo 03 13\more stuff\Desktop\new stuff 2011\2011\simon\short cuts\rey stuff\SmitfraudFix
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Qoobox\Quarantine
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\Exhilarate___The_Ultimate_Zumba_Fitness_DVD_Experience.exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\freefileviewer_518.exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\GraboidVideoSetup-2.03a-Complete.exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\iLividSetupV1(1).exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\iLividSetupV1.exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\jZipSetup-r100-w.exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\Downloads\SDFix.exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20121201_015804_Simon1\C\Users\Simon\more stuff\Desktop\new stuff 2011\2011\simon\short cuts\rey stuff\SmitfraudFix
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130206_015809_Simon1Inc65\C\Users\Simon\Downloads\Adaware_Installer (1).exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Qoobox\Quarantine
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\Adaware_Installer (1).exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\Exhilarate___The_Ultimate_Zumba_Fitness_DVD_Experience.exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\freefileviewer_518.exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\GraboidVideoSetup-2.03a-Complete.exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\iLividSetupV1(1).exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\iLividSetupV1.exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\jZipSetup-r100-w.exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\Downloads\SDFix.exe
G:\Seagate Dashboard 2.0\SIMON-PC\Simon\Backup\85c3d3dd-4c91-4181-ba34-2289631b4b2e\20130311_015801_Simon1Inc98\C\Users\Simon\more stuff\Desktop\new stuff 2011\2011\simon\short cuts\rey stuff\SmitfraudFix
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[EmptyTemp]

Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

When completed the above, please post back the following in the order asked for: