Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Warning Scripts Warning Spricts everywhere Warning Scripts [Closed]

Started by sidhedraoi , Mar 20 2013 08:24 AM

  • This topic is locked This topic is locked

#1
sidhedraoi
Posted 20 March 2013 - 08:24 AM

sidhedraoi

    Member

  • Member
  • PipPip
  • 72 posts
well it has been forever since I needed some help as the last time you guys proved to be awsome....you helped to clean my puter up wonderfully, to bad I have kids....I work with XP sp2-sp3 and have Avast as my virus protection. Lately things are moveing incredibly slow, programs stop responding continuasly and I am ready to throw Firefox out a window...every page I go to takes about 10-15 mins because of script problems....here is a copy of the OTL report;

OTL logfile created on: 20/03/2013 9:55:25 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

383.48 Mb Total Physical Memory | 53.87 Mb Available Physical Memory | 14.05% Memory free
920.48 Mb Paging File | 336.15 Mb Available in Paging File | 36.52% Paging File free
Paging file location(s): C:\pagefile.sys 576 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.31 Gb Total Space | 85.11 Gb Free Space | 47.20% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 0.83 Gb Free Space | 13.80% Space Free | Partition Type: FAT32
Unable to calculate disk information.
Drive M: | 931.51 Gb Total Space | 479.81 Gb Free Space | 51.51% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/20 09:54:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe
PRC - [2013/03/19 11:35:06 | 001,037,648 | ---- | M] (BitTorrent Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2013/03/07 21:19:08 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/03/07 10:03:10 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/30 16:08:58 | 001,149,400 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2012/07/30 16:08:56 | 000,921,048 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2012/07/30 16:08:55 | 006,956,504 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2004/10/14 15:54:32 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
PRC - [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/20 05:08:33 | 002,075,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13032000\algo.dll
MOD - [2013/03/12 21:04:19 | 014,717,144 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/03/07 21:19:02 | 003,069,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2005/03/17 10:17:34 | 000,192,512 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSPrtEn.dll
MOD - [2005/03/17 10:17:34 | 000,126,976 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSCAPI.dll
MOD - [2005/03/17 10:17:34 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSDrComm.dll
MOD - [2005/03/17 10:17:34 | 000,034,304 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSProxy.dll
MOD - [2005/03/17 10:17:34 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSLog.dll
MOD - [2004/08/04 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/12 21:04:25 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 21:19:03 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/07 10:03:10 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/30 16:08:55 | 006,956,504 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\intelppm.sys -- (intelppm)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/06 18:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/06 18:33:24 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/03/06 18:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/03/06 18:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/07/30 21:18:28 | 000,021,888 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkUsbPort_6.3.40660.0.sys -- (DisplayLinkUsbPort)
DRV - [2012/07/30 16:09:13 | 000,040,576 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkGAport.sys -- (DisplayLinkGA)
DRV - [2012/07/30 16:09:13 | 000,024,448 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys -- (DisplayLinkmirror)
DRV - [2012/07/30 16:09:13 | 000,007,296 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys -- (DisplayLinkFilter)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/04 19:46:14 | 000,013,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/01/04 19:01:48 | 000,239,104 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/10/01 12:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/06/29 12:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/11 17:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/29 16:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/16 20:41:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 21:19:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/19 13:57:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

[2012/02/01 18:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2013/03/19 12:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\y46pg8o4.default-1353184508953\extensions
[2013/03/07 21:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/07 21:15:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/07 21:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/03/07 21:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/07 21:16:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/03/07 21:19:09 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/26 21:40:54 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013/01/26 21:40:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/26 21:40:54 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2013/01/26 21:40:54 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2013/02/19 11:08:09 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2013/01/26 21:40:54 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Keyboard Monitor.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pelbegal.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{247AA097-D830-4C72-B7BB-FD9E7C5AEC15}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-tt2010 - No CLSID value found
O18 - Protocol\Handler\intu-tt2011 - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/26 23:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/05/29 15:04:14 | 000,000,000 | R--D | M] - M:\autorun -- [ NTFS ]
O33 - MountPoints2\{090edf84-0a98-11e2-91a4-0013d41188af}\Shell - "" = AutoRun
O33 - MountPoints2\{090edf84-0a98-11e2-91a4-0013d41188af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{090edf84-0a98-11e2-91a4-0013d41188af}\Shell\AutoRun\command - "" = L:\OpenSecureFiles.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/19 12:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/03/19 12:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/03/18 10:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Pro Antivirus
[2013/03/16 20:41:54 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/03/09 08:41:57 | 000,023,360 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2013/03/09 08:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/03/09 08:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/03/09 08:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\IObit
[2013/03/09 08:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2013/03/08 20:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logs
[2013/03/08 19:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\vlc
[2013/03/08 19:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/03/08 18:56:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2013/03/07 21:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/03 11:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\.dvdcss
[2013/02/28 04:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Sun
[2013/02/21 16:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2013/02/19 17:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/02/19 17:17:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Apple
[2013/02/19 17:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2005/12/30 10:35:51 | 053,955,480 | ---- | C] (Avery Dennison Corporation ) -- C:\Program Files\DesignPro5_2_Limited.exe
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/20 10:08:01 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3A961CB5-A804-44DB-BC72-E3D13FFE294D}.job
[2013/03/20 10:03:20 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/20 08:24:55 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2013/03/20 08:17:31 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/03/20 08:17:24 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2631901462-4197184921-2057584378-1009.job
[2013/03/20 08:17:17 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3923169914-3464587186-2825511443-1009.job
[2013/03/20 08:16:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/20 08:16:54 | 402,182,144 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/19 15:01:02 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2013/03/19 11:35:09 | 000,000,656 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/03/19 11:35:09 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2013/03/18 18:49:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2631901462-4197184921-2057584378-1009.job
[2013/03/18 11:12:36 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/03/18 10:33:09 | 000,001,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2013/03/16 20:48:50 | 000,131,584 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/16 18:08:49 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013/03/15 20:00:00 | 000,000,562 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job
[2013/03/15 09:06:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3923169914-3464587186-2825511443-1009.job
[2013/03/13 19:19:01 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
[2013/03/11 13:32:33 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2013/03/08 20:21:20 | 000,645,632 | ---- | M] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/03/08 19:51:48 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/03/06 18:33:24 | 000,164,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/03/06 18:33:24 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/03/06 18:33:24 | 000,049,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/03/06 18:33:22 | 000,021,576 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2013/03/06 18:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/03/06 18:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/02/28 08:35:18 | 000,001,484 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\DivX Movies.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/18 10:33:09 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2013/03/16 20:41:56 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/03/16 20:41:55 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/03/11 13:32:33 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2013/03/08 20:21:09 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/03/08 19:51:48 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/07/17 19:03:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2011/09/04 08:40:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\POTATO.INI
[2011/08/25 12:45:01 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/06/23 22:58:32 | 000,242,259 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/24 13:28:02 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2006/12/19 12:40:15 | 000,131,584 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/12 09:48:36 | 000,042,850 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2005/07/11 21:40:54 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\PFP120JPR.{PB
[2005/07/11 21:40:54 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\PFP120JCM.{PB
[2005/07/08 12:31:19 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/05/05 12:30:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2005/01/27 19:13:17 | 001,483,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/04 07:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2007/04/10 14:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-68-q9-66-33-ns
[2011/07/14 19:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5600-6600 Series
[2007/08/19 11:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2008/06/08 11:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOPSettings
[2011/06/14 18:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2005/11/21 17:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2007/06/27 17:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CaveDays
[2007/11/14 03:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2007/05/07 20:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2007/08/28 18:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2007/06/09 11:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friends Games
[2007/06/18 16:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gamelab
[2007/04/07 20:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genimo
[2013/03/09 08:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2007/04/25 13:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2006/10/09 19:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leenie Games
[2011/10/23 14:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 5600-6600 Series
[2013/03/08 20:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logs
[2007/11/07 12:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2005/08/09 18:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2007/08/19 10:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/06/19 15:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playtonium Games
[2005/07/12 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2006/12/21 17:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2005/09/01 16:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/06/23 11:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenSeven
[2006/11/27 13:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2005/10/11 08:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2005/07/12 18:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2007/10/04 10:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Super X Studios
[2008/09/11 15:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/19 12:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2013/03/09 08:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2006/08/08 19:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\7Wonders
[2007/01/27 15:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Angkor
[2007/08/19 11:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Big Fish Games
[2007/05/07 20:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Bitbliss Studios
[2007/10/10 08:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Canon
[2006/10/23 15:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\EA
[2008/04/02 18:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\eBay
[2012/10/06 14:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\encryptX
[2007/05/07 20:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\FloodLightGames
[2007/06/18 16:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\gamelab
[2007/04/07 20:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Genimo
[2006/10/20 08:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Hulabee
[2005/05/05 13:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute
[2005/07/12 18:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterTrust
[2012/05/03 19:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterVideo
[2013/03/18 09:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\IObit
[2007/11/19 11:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\iWin
[2005/07/11 19:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2007/05/11 10:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Magic Academy
[2005/11/15 20:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Magic Match
[2007/06/11 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MonkeyMadness
[2007/10/09 13:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mysteryville2
[2012/09/10 18:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Nico Mak Computing
[2007/08/30 15:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\OfficeUpdate12
[2007/10/04 08:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PlayFirst
[2005/05/05 13:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2005/07/12 18:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ScanSoft
[2007/10/04 07:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TrueSwitch
[2013/03/20 10:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
[2006/12/10 09:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WholeSecurity

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1361E51
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C235A19
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36B21411
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D16E7091
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Compaq_Owner\My Documents\laurieins.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Compaq_Owner\My Documents\bestadvmagpic.bmp:SummaryInformation
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:712DCF50
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7F8B6E9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AE68282
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981884E7
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84ECD9DF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C24B973A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30E1CCBA
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE5EBE9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34FC1C45
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B894C266
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2591223C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F54261D3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB18FF26
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:970A6A7C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0968DA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E254DB3A
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7ADAD10
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ECC1364
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24AB14E7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EBBBA95
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D6E1C1E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B212553
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18FE1445
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75714345
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:340E7CCA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B00070D
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FCA620A
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E9E8F66
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1ACF0286
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4F5D824
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01654EBC
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69D94DFA
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3EE97B6
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7ADB4DA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F51822D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B3E9221
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8BD643C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:765D258D
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB384C06
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5344D76C
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC832A16
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618BF152
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE802548
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DED60D49
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D11BEC54
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B89E8A0
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A7C726F
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F00E008B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B60301F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E55CE2D1
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FF5872D

< End of report >


Thanks for any and all help and if its just time for a computer ....
  • 0

Advertisements

#2
godawgs
Posted 20 March 2013 - 12:52 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello sidhedraoi, :wave: Welcome back to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.


You biggest slowness problem is here:

383.48 Mb Total Physical Memory | 53.87 Mb Available Physical Memory | 14.05% Memory free
920.48 Mb Paging File | 336.15 Mb Available in Paging File | 36.52% Paging File free
Paging file location(s): C:\pagefile.sys 576 1500 [binary data]

Windows XP really needs a minimum of 1GB of RAM to function properly.

You also said:

....I work with XP sp2-sp3 and have Avast as my virus protection.

The OTL log shows that you only have SP2 installed. We will need to update the service pack. SP3 contains numerous security updates and is essential to the security of XP.
Hasn't Windows updates ever offered SP3 or did you just decicde not to install it?

We can try to clean the machine and update the service pack with the sparce amount of ram that you have, but it may prove problematic.

If you would like to add aditional ram Crucial has a neet program that will give you the information you need to order memory from them, or you can get the information and buy the ram or have it installed locally.

Using the Crucial Memory Advisor

Though Microsoft claims XP will run with a mere 128 MB installed in my humble opinion a minimum of 1 or even 2 GB is far better.
If you wish to upgrade the memory you can go to the Crucial site to find what you need.

Memory manufacturer Crucial has put together an amazing website, combined with an optional system scanner tool that will detect the memory already installed in your computer the same way System Information for Windows does… It’s just not as geeky.

On their homepage, there’s the two options… if you’ve already figured out the memory you have installed, you can use the drop-down menus on the right to select your system.

Posted Image

They will give you some great information about what your computer can support, along with a list of questions and answers. Turns out I can upgrade to faster PC2-5300 memory if I wanted…
NOTE: Your computer may be different!

Posted Image

If you chose the system scanner route, you’ll be redirected to a web page showing you the current memory configuration, and what they recommend for upgrading, although they seem to give you less information on this screen.

Posted Image

Click the link below to go to the Advisor Page

Crucial Memory Manager

I don't think that the problem with FF is entirely memory related. It looks like your profile may be corrupted.

If you decide that you want to attempt the cleanup with the memory you have, please post the Extras.txt log that I asked about and we'll give it a try.
Just know that even if we are able to run the necessary tools to clean the computer and update the service pack that it will still be very slow because of the lack of memory.
  • 0

#3
sidhedraoi
Posted 21 March 2013 - 09:48 AM

sidhedraoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hey godawgs,

Thanks for the info I was starting to lose hope...

The OTL log shows that you only have SP2 installed. We will need to update the service pack. SP3 contains numerous security updates and is essential to the security of XP.
Hasn't Windows updates ever offered SP3 or did you just decicde not to install it?

the last tie I tried to download sp 3 I became so bogged down with glitches that I had to send out the tower, my main problem is that the info on this tower belongs to my mother.. I am looking at more RAM as well, thank you for the quick link (sometimes its hard to get at the tower(dogs get in the way)).
And just so you know I listened(read..lol);

Memory Type: DDR PC2700, DDR PC3200, DDR (non-ECC)
Maximum Memory: 2GB
Currently Installed Memory: 512MB
Total Memory Slots: 2
Available Memory Slots: 1

and $57. not a bad price for 2 gb

Here is the copy of the Extras.txt;

OTL Extras logfile created on: 20/03/2013 9:55:25 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

383.48 Mb Total Physical Memory | 53.87 Mb Available Physical Memory | 14.05% Memory free
920.48 Mb Paging File | 336.15 Mb Available in Paging File | 36.52% Paging File free
Paging file location(s): C:\pagefile.sys 576 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.31 Gb Total Space | 85.11 Gb Free Space | 47.20% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 0.83 Gb Free Space | 13.80% Space Free | Partition Type: FAT32
Unable to calculate disk information.
Drive M: | 931.51 Gb Total Space | 479.81 Gb Free Space | 51.51% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7D6C0CA7-43C2-4964-A53C-442DA73C903A}" = DisplayLink Graphics
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{BE6B5757-43F4-44CF-BB65-9C58867288A8}" = DisplayLink Core Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBACCC0D-7B8B-4C3E-AA96-B6C64DCF19BB}" = LS_HSI
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_PhotoShop_Album" = Remove Adobe Photoshop Album 2.0 Starter Edition installer
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"avast" = avast! Pro Antivirus
"Help and Support Additions" = Help and Support Additions
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money" = Remove Microsoft Money 2005 installer
"Mozilla Firefox 17.0.1 (x86 en-GB)" = Mozilla Firefox 17.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PS2" = PS2
"PS3 Media Server" = PS3 Media Server
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Quicken_NUE" = Remove Quicken New User Edition installer
"SiS VGA Driver" = SiS VGA Utilities
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"VisualBee for Microsoft PowerPoint" = VisualBee for Microsoft PowerPoint

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13/02/2013 10:03:30 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.390.4, faulting module
unknown, version 0.0.0.0, fault address 0x4fe0ad84.

Error - 14/02/2013 3:47:41 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 19/02/2013 5:52:39 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 19.0.0.4794, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 19/02/2013 5:56:13 PM | Computer Name = HOME | Source = Application Hang | ID = 1001
Description = Fault bucket -876961314.

Error - 20/02/2013 5:58:59 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 19.0.0.4794, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/02/2013 5:59:27 PM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 19.0.0.4794, faulting
module xul.dll, version 19.0.0.4794, fault address 0x0088fdaa.

Error - 26/02/2013 8:15:23 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5262, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/02/2013 7:28:40 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application SoftwareUpdate.exe, version 2.1.3.127, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/03/2013 11:40:01 AM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 19.0.2.4814, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 08/03/2013 11:41:03 AM | Computer Name = HOME | Source = Application Hang | ID = 1001
Description = Fault bucket -840653343.

[ System Events ]
Error - 20/03/2013 3:11:17 AM | Computer Name = HOME | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 20/03/2013 3:12:53 AM | Computer Name = HOME | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 20/03/2013 3:12:53 AM | Computer Name = HOME | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 20/03/2013 3:59:59 AM | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JAY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{247AA097-D830-4C72-B7.
The
master browser is stopping or an election is being forced.

Error - 20/03/2013 5:00:02 AM | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JAY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{247AA097-D830-4C72-B7.
The
master browser is stopping or an election is being forced.

Error - 20/03/2013 6:00:09 AM | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JAY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{247AA097-D830-4C72-B7.
The
master browser is stopping or an election is being forced.

Error - 20/03/2013 7:00:12 AM | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JAY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{247AA097-D830-4C72-B7.
The
master browser is stopping or an election is being forced.

Error - 20/03/2013 8:12:05 AM | Computer Name = HOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JAY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{247AA097-D830-4C72-B7.
The
master browser is stopping or an election is being forced.

Error - 20/03/2013 9:19:30 AM | Computer Name = HOME | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 20/03/2013 9:19:34 AM | Computer Name = HOME | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2781'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.


< End of report >
  • 0

#4
godawgs
Posted 22 March 2013 - 12:55 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

.. I am looking at more RAM as well, thank you for the quick link (sometimes its hard to get at the tower(dogs get in the way)).

You have dogs guarding the laptop? :lol: Seriously, if there are animals always close to the computer you should be aware that the inside of the machine is probably full of dust and dog hair. Let me know if you plan on upgrading the memory and if you plan to do it yourself. I will post some links that show you how to replace memory modules and links describing cleaning the computer while you are at it.

The Windows firewall is turned off.

Registry Cleaning Tools

I see that IOBIT was installed on the system on 3/13/2013. Perhaps the registry optimizing program. But I don't see it in the list of installed programs. Did you install an IOBIT program and then try to uninstall it?

Please do not use registry cleaners at all. A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.

You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors.


Step-1.

Optional Removals

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

uTorrent

3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\uTorrent
C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent

2. Close Windows Explorer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O18 - Protocol\Handler\intu-tt2010 - No CLSID value found
O18 - Protocol\Handler\intu-tt2011 - No CLSID value found
O33 - MountPoints2\{090edf84-0a98-11e2-91a4-0013d41188af}\Shell - "" = AutoRun
O33 - MountPoints2\{090edf84-0a98-11e2-91a4-0013d41188af}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{090edf84-0a98-11e2-91a4-0013d41188af}\Shell\AutoRun\command - "" = L:\OpenSecureFiles.exe
[2013/03/15 20:00:00 | 000,000,562 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1361E51
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6C235A19
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:36B21411
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D16E7091
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Compaq_Owner\My Documents\laurieins.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Compaq_Owner\My Documents\bestadvmagpic.bmp:SummaryInformation
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:712DCF50
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7F8B6E9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AE68282
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981884E7
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84ECD9DF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C24B973A
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30E1CCBA
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE5EBE9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:34FC1C45
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B894C266
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2591223C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F54261D3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB18FF26
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:970A6A7C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0968DA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E254DB3A
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7ADAD10
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ECC1364
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24AB14E7
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2EBBBA95
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D6E1C1E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B212553
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18FE1445
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75714345
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:340E7CCA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B00070D
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FCA620A
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E9E8F66
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1ACF0286
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4F5D824
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01654EBC
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69D94DFA
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3EE97B6
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B7ADB4DA
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F51822D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B3E9221
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8BD643C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:765D258D
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB384C06
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5344D76C
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC832A16
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618BF152
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE802548
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DED60D49
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D11BEC54
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B89E8A0
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A7C726F
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F00E008B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B60301F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E55CE2D1
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FF5872D

:FILES
ipconfig /flushdns /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • XP users: Double click the icon.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

Turn the Windows firewall on

To enable Windows Firewall, follow these steps:

  • Click Start, click Run, type Firewall.cpl in the Open box and then click OK.
  • On the General tab, click On (recommended).
  • Click OK.
  • Close the Windows firewall window.

Step-4.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-5.

Run RogueKiller

  • Download RogueKiller.
  • Click the English Webpage link.
  • Click the 32bits (x86) download link and save the RogueKiller.exe file to the desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs and close all browsers.
  • Double click the RogueKiller icon to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-6.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • XP users, double click the adwcleaner.exe file to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it may ask to reboot, allow this.
  • Do Not delete anything at this time.
  • On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt

Step-7.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if you uninstalled uTorrent so I can make sure the process is stopped.
2. The OTL fixes log
3. Let my know if you were able to turn the firewall on
4. The aswMBR log
5. The RKreport.txt log
6. The AdwCleaner[R1].txt log
  • 0

#5
sidhedraoi
Posted 25 March 2013 - 11:14 AM

sidhedraoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
The Orbit was my kids....and I uninstalled as soon as I saw it...I have removed that final file since OTL ran(saw it hanging around in the report, and i hate Orbit) and will be deleting Utorrent as well..

At this point just want this tower cleaned up. Give me a day or two to run the other programs and I will post results as I get them
  • 0

#6
godawgs
Posted 29 March 2013 - 03:48 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#7
godawgs
Posted 02 April 2013 - 08:46 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
User returned. Topic has been re-opened.
  • 0

#8
sidhedraoi
Posted 02 April 2013 - 08:59 AM

sidhedraoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}\ not found.
File C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent not found.
File C:\Program Files\uTorrent\uTorrent.exe not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\intu-tt2010\ deleted successfully.
File Protocol\Handler\intu-tt2010 - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\intu-tt2011\ deleted successfully.
File Protocol\Handler\intu-tt2011 - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{090edf84-0a98-11e2-91a4-0013d41188af}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{090edf84-0a98-11e2-91a4-0013d41188af}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{090edf84-0a98-11e2-91a4-0013d41188af}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{090edf84-0a98-11e2-91a4-0013d41188af}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{090edf84-0a98-11e2-91a4-0013d41188af}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{090edf84-0a98-11e2-91a4-0013d41188af}\ not found.
File L:\OpenSecureFiles.exe not found.
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1361E51 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6C235A19 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:36B21411 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D16E7091 deleted successfully.
ADS C:\Documents and Settings\Compaq_Owner\My Documents\laurieins.jpg:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Compaq_Owner\My Documents\bestadvmagpic.bmp:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:712DCF50 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A7F8B6E9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:54997B77 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1AE68282 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:981884E7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:84ECD9DF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C24B973A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:30E1CCBA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4EE5EBE9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:34FC1C45 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B894C266 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2591223C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F54261D3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EB18FF26 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:970A6A7C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC0968DA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E254DB3A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D7ADAD10 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3ECC1364 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:24AB14E7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2EBBBA95 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0D6E1C1E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7B212553 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:18FE1445 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:75714345 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:340E7CCA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B00070D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2FCA620A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3E9E8F66 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1ACF0286 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E4F5D824 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:01654EBC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:69D94DFA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3EE97B6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B7ADB4DA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5F51822D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5B3E9221 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8BD643C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:765D258D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FB384C06 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:861A898F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5344D76C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CC832A16 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:618BF152 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FE802548 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DED60D49 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D11BEC54 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7B89E8A0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7A7C726F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F00E008B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7B60301F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E55CE2D1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0FF5872D deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Compaq_Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2834822 bytes
->Temporary Internet Files folder emptied: 142200 bytes
->Flash cache emptied: 582 bytes

User: All Users

User: Compaq_Owner
->Temp folder emptied: 23194416 bytes
->Temporary Internet Files folder emptied: 244831135 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9827926 bytes
->Flash cache emptied: 1585903 bytes

User: Compaq_Owner.AND2011SYS
->Temp folder emptied: 6393492 bytes
->Temporary Internet Files folder emptied: 526326 bytes

User: Compaq_Owner.AND2011SYS.000

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 57616 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 4167888 bytes
->Flash cache emptied: 562 bytes

User: NetworkService
->Temp folder emptied: 392493 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: pricing to tony

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2682897 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 311744 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 283.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04022013_101255

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Compaq_Owner [Admin rights]
Mode : Scan -- Date : 04/02/2013 10:47:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : SiSPower (Rundll32.exe SiSPower.dll,ModeAgent) -> FOUND
[STARTUP][SUSP PATH] Pelbegal.lnk @All Users : C:\Documents and Settings\All Users\Application Data\HP Wireless Keyboard Config\Pelbegal.exe -> FOUND
[STARTUP][SUSP PATH] Pelbegal.lnk @Common : C:\Documents and Settings\All Users\Application Data\HP Wireless Keyboard Config\Pelbegal.exe -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3200822AS +++++
--- User ---
[MBR] baa7b09d554f1e25f54d8d91cde25d2b
[BSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 6142 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12579840 | Size: 184636 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04022013_02d1047.txt >>
RKreport[1]_S_04022013_02d1047.txt



aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-02 10:26:58
-----------------------------
10:26:58.000 OS Version: Windows 5.1.2600 Service Pack 2
10:26:58.000 Number of processors: 1 586 0xC00
10:26:58.000 ComputerName: HOME UserName:
10:26:59.140 Initialize success
10:31:12.453 AVAST engine defs: 13040200
10:31:41.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
10:31:41.062 Disk 0 Vendor: ST3200822AS 3.02 Size: 190782MB BusType: 3
10:31:42.031 Disk 0 MBR read successfully
10:31:42.031 Disk 0 MBR scan
10:31:49.093 Disk 0 unknown MBR code
10:31:49.109 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 6142 MB offset 63
10:31:50.890 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 184636 MB offset 12579840
10:31:52.562 Disk 0 scanning sectors +390715920
10:31:53.593 Disk 0 scanning C:\WINDOWS\system32\drivers
10:32:38.265 Service scanning
10:33:33.484 Modules scanning
10:33:47.515 Disk 0 trace - called modules:
10:33:47.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:33:47.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b3a820]
10:33:47.937 3 CLASSPNP.SYS[f762605b] -> nt!IofCallDriver -> \Device\00000053[0x82b3cf18]
10:33:47.937 5 ACPI.sys[f749c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x82b3f368]
10:33:50.093 AVAST engine scan C:\WINDOWS
10:34:13.296 AVAST engine scan C:\WINDOWS\system32
10:36:31.531 AVAST engine scan C:\WINDOWS\system32\drivers
10:36:42.609 AVAST engine scan C:\Documents and Settings\Compaq_Owner
10:39:40.046 AVAST engine scan C:\Documents and Settings\All Users
10:43:02.750 Scan finished successfully
10:43:51.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat"
10:43:51.265 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt"
  • 0

#9
sidhedraoi
Posted 02 April 2013 - 09:03 AM

sidhedraoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
and last scan;

# AdwCleaner v2.115 - Logfile created 04/02/2013 at 11:02:25
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Compaq_Owner - HOME
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\Compaq_Owner\Application Data\iWin
Folder Found : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Wajam
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Trymedia

***** [Registry] *****

Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\dg0zwnwx.default-1358349031671\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\y46pg8o4.default-1353184508953\prefs.js

Found : user_pref("extensions.wajam.affiliate_id", "5921");
Found : user_pref("extensions.wajam.firstrun", "false");
Found : user_pref("extensions.wajam.log_send_info", "false");
Found : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21084\",\"supported_sites\":{\[...]
Found : user_pref("extensions.wajam.no_trace", "false");
Found : user_pref("extensions.wajam.server_current_mapping_version", "0.21084");
Found : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME[...]
Found : user_pref("extensions.wajam.trace_log", "1360443581661 - onFlagInfoReceived - No user current mappin[...]
Found : user_pref("extensions.wajam.unique_id", "DB1BC3CFA4E0A20051DEE306E79FD770");
Found : user_pref("extensions.wajam.user_current_mapping_version", "0");
Found : user_pref("extensions.wajam.version", "1.26");

*************************

AdwCleaner[R1].txt - [2616 octets] - [02/04/2013 11:02:25]

########## EOF - C:\AdwCleaner[R1].txt - [2676 octets] ##########
  • 0

#10
sidhedraoi
Posted 02 April 2013 - 09:04 AM

sidhedraoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
forgot to tell you...uninstalled uTorrent and firewall is running
  • 0

Advertisements

#11
godawgs
Posted 02 April 2013 - 10:44 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let me know what issues remain after this run.


Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Double click the adwcleaner.exe file to run AdwCleaner.
  • Click the Delete button and wait for the scan.

    Posted Image
  • Everything that was found will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner[S1].txt

Step-2.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it.
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-3.

Posted Image OTL Scan

Please re-open Posted Image on the desktop. To do that:
  • XP users: Double click the OTL icon.
Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • At the top of the console, click the box beside Scan All Users.
  • Do Not click the box deside Include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output.
  • Click the box beside LOP Check and Purity Check
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is saved in the same location as OTL.
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The AdwCleaner[S1].txt log
2. The FSS.txt log
3. The new OTL.txt log
4. Tell me what issues remain.
  • 0

#12
sidhedraoi
Posted 02 April 2013 - 02:15 PM

sidhedraoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Adwcleaner:

# AdwCleaner v2.115 - Logfile created 04/02/2013 at 16:08:08
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Compaq_Owner - HOME
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Application Data\iWin
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Wajam
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Trymedia

***** [Registry] *****

Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\dg0zwnwx.default-1358349031671\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\y46pg8o4.default-1353184508953\prefs.js

C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\y46pg8o4.default-1353184508953\user.js ... Deleted !

Deleted : user_pref("extensions.wajam.affiliate_id", "5921");
Deleted : user_pref("extensions.wajam.firstrun", "false");
Deleted : user_pref("extensions.wajam.log_send_info", "false");
Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21084\",\"supported_sites\":{\[...]
Deleted : user_pref("extensions.wajam.no_trace", "false");
Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21084");
Deleted : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME[...]
Deleted : user_pref("extensions.wajam.trace_log", "1360443581661 - onFlagInfoReceived - No user current mappin[...]
Deleted : user_pref("extensions.wajam.unique_id", "DB1BC3CFA4E0A20051DEE306E79FD770");
Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Deleted : user_pref("extensions.wajam.version", "1.26");

*************************

AdwCleaner[R1].txt - [2745 octets] - [02/04/2013 11:02:25]
AdwCleaner[S1].txt - [2861 octets] - [02/04/2013 16:08:08]

########## EOF - C:\AdwCleaner[S1].txt - [2921 octets] ##########
  • 0

#13
sidhedraoi
Posted 02 April 2013 - 02:18 PM

sidhedraoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
FSS scan;

Farbar Service Scanner Version: 03-03-2013
Ran by Compaq_Owner (administrator) on 02-04-2013 at 16:16:51
Running from "C:\Documents and Settings\Compaq_Owner\Desktop"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 07:00] - [2004-08-04 07:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 07:00] - [2004-08-04 07:00] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 07:00] - [2004-08-04 07:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2004-08-04 07:00] - [2004-08-04 07:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-04 07:00] - [2004-08-04 07:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 07:00] - [2004-08-04 07:00] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

C:\WINDOWS\system32\services.exe
[2004-08-04 07:00] - [2004-08-04 07:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#14
sidhedraoi
Posted 02 April 2013 - 02:28 PM

sidhedraoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
and the OTL scan;

OTL logfile created on: 02/04/2013 4:19:41 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

383.48 Mb Total Physical Memory | 235.93 Mb Available Physical Memory | 61.52% Memory free
920.54 Mb Paging File | 749.16 Mb Available in Paging File | 81.38% Paging File free
Paging file location(s): C:\pagefile.sys 576 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.31 Gb Total Space | 93.09 Gb Free Space | 51.63% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 0.83 Gb Free Space | 13.80% Space Free | Partition Type: FAT32

Computer Name: HOME | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/20 09:54:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2013/03/07 10:03:10 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2004/10/14 15:54:32 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
PRC - [2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2005/03/17 10:17:34 | 000,192,512 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSPrtEn.dll
MOD - [2005/03/17 10:17:34 | 000,126,976 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSCAPI.dll
MOD - [2005/03/17 10:17:34 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSDrComm.dll
MOD - [2005/03/17 10:17:34 | 000,034,304 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSProxy.dll
MOD - [2005/03/17 10:17:34 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSLog.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/12 21:04:25 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 21:19:03 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/07 10:03:10 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\intelppm.sys -- (intelppm)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys -- (DisplayLinkUsbPort)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\DisplayLinkmirrorport.sys -- (DisplayLinkmirror)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\DisplayLinkGAport.sys -- (DisplayLinkGA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\DisplayLinkFilter.sys -- (DisplayLinkFilter)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/04 19:46:14 | 000,013,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/01/04 19:01:48 | 000,239,104 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/10/01 12:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/06/29 12:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/11 17:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/29 16:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3923169914-3464587186-2825511443-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3923169914-3464587186-2825511443-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3923169914-3464587186-2825511443-1009\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3923169914-3464587186-2825511443-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3923169914-3464587186-2825511443-1009\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3923169914-3464587186-2825511443-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/02 10:08:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/01 18:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2013/03/19 12:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\y46pg8o4.default-1353184508953\extensions
[2013/04/02 10:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/07 09:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/07 09:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/07 09:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Keyboard Monitor.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pelbegal.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3923169914-3464587186-2825511443-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3923169914-3464587186-2825511443-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-3923169914-3464587186-2825511443-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-3923169914-3464587186-2825511443-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-3923169914-3464587186-2825511443-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-3923169914-3464587186-2825511443-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-3923169914-3464587186-2825511443-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-3923169914-3464587186-2825511443-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-3923169914-3464587186-2825511443-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1364905318871 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{247AA097-D830-4C72-B7BB-FD9E7C5AEC15}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/26 23:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/02 16:16:09 | 000,354,265 | ---- | C] (Farbar) -- C:\Documents and Settings\Compaq_Owner\Desktop\FSS.exe
[2013/04/02 10:46:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\RK_Quarantine
[2013/04/02 10:25:07 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
[2013/04/02 10:12:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/02 10:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/20 09:54:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2013/03/19 12:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/03/19 12:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2013/03/09 08:41:57 | 000,023,360 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2013/03/09 08:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/03/09 08:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/03/09 08:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\IObit
[2013/03/09 08:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2013/03/08 20:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logs
[2013/03/08 18:56:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2013/03/07 10:04:02 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/07 10:03:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/07 10:03:42 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/07 10:03:41 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2005/12/30 10:35:51 | 053,955,480 | ---- | C] (Avery Dennison Corporation ) -- C:\Program Files\DesignPro5_2_Limited.exe
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[12 C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/02 16:18:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3A961CB5-A804-44DB-BC72-E3D13FFE294D}.job
[2013/04/02 16:16:10 | 000,354,265 | ---- | M] (Farbar) -- C:\Documents and Settings\Compaq_Owner\Desktop\FSS.exe
[2013/04/02 16:10:21 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2013/04/02 16:09:34 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2631901462-4197184921-2057584378-1009.job
[2013/04/02 16:09:33 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3923169914-3464587186-2825511443-1009.job
[2013/04/02 16:09:27 | 402,182,144 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/02 16:09:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/02 16:03:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/02 15:01:00 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_DEFAULT.job
[2013/04/02 11:01:40 | 000,609,993 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner.exe
[2013/04/02 10:45:41 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\RogueKiller.exe
[2013/04/02 10:43:51 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
[2013/04/02 10:26:31 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
[2013/04/02 10:08:09 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/04/02 10:08:09 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/04/02 09:38:57 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/01 18:49:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2631901462-4197184921-2057584378-1009.job
[2013/04/01 13:27:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/25 07:51:15 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/03/22 09:06:01 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3923169914-3464587186-2825511443-1009.job
[2013/03/20 19:19:00 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Registry Optimizer_UPDATES.job
[2013/03/20 09:54:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2013/03/16 18:08:49 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013/03/12 21:04:21 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/12 21:04:21 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/11 13:32:33 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2013/03/08 20:21:20 | 000,645,632 | ---- | M] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/03/07 10:03:15 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/07 10:03:07 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/07 10:03:07 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/07 10:03:07 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/07 10:03:07 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/07 10:03:05 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/03/07 10:03:05 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/03/06 18:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[12 C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Owner\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/02 11:01:39 | 000,609,993 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner.exe
[2013/04/02 10:45:40 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\RogueKiller.exe
[2013/04/02 10:43:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
[2013/04/02 10:08:09 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/04/02 10:08:09 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/02 10:08:09 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/03/11 13:32:33 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2013/03/08 20:21:09 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/07/17 19:03:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2011/09/04 08:40:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\POTATO.INI
[2011/08/25 12:45:01 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/06/23 22:58:32 | 000,242,259 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/02/24 13:28:02 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2006/12/19 12:40:15 | 000,137,728 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/12 09:48:36 | 000,042,850 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2005/07/11 21:40:54 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\PFP120JPR.{PB
[2005/07/11 21:40:54 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\PFP120JCM.{PB
[2005/07/08 12:31:19 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/05/05 12:30:37 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2005/01/27 19:13:17 | 001,483,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004/08/04 07:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004/08/04 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2005/05/05 13:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterMute
[2005/05/05 13:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2007/04/10 14:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-68-q9-66-33-ns
[2011/07/14 19:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5600-6600 Series
[2007/08/19 11:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2008/06/08 11:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOPSettings
[2013/03/25 07:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2005/11/21 17:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2007/06/27 17:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CaveDays
[2007/11/14 03:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2007/05/07 20:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2007/08/28 18:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2007/06/09 11:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friends Games
[2007/06/18 16:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gamelab
[2007/04/07 20:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genimo
[2013/03/09 08:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2007/04/25 13:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2006/10/09 19:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leenie Games
[2011/10/23 14:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 5600-6600 Series
[2013/03/08 20:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logs
[2007/11/07 12:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2005/08/09 18:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2007/08/19 10:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/06/19 15:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playtonium Games
[2005/07/12 12:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2006/12/21 17:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2005/09/01 16:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/06/23 11:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenSeven
[2006/11/27 13:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2005/10/11 08:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2005/07/12 18:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2007/10/04 10:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Super X Studios
[2008/09/11 15:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/19 12:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2013/03/09 08:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2006/08/08 19:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\7Wonders
[2007/01/27 15:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Angkor
[2007/08/19 11:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Big Fish Games
[2007/05/07 20:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Bitbliss Studios
[2007/10/10 08:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Canon
[2006/10/23 15:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\EA
[2008/04/02 18:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\eBay
[2012/10/06 14:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\encryptX
[2007/05/07 20:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\FloodLightGames
[2007/06/18 16:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\gamelab
[2007/04/07 20:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Genimo
[2006/10/20 08:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Hulabee
[2005/05/05 13:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute
[2005/07/12 18:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterTrust
[2012/05/03 19:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterVideo
[2013/03/18 09:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\IObit
[2005/07/11 19:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2007/05/11 10:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Magic Academy
[2005/11/15 20:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Magic Match
[2007/06/11 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MonkeyMadness
[2007/10/09 13:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mysteryville2
[2012/09/10 18:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Nico Mak Computing
[2007/08/30 15:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\OfficeUpdate12
[2007/10/04 08:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PlayFirst
[2005/05/05 13:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2005/07/12 18:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ScanSoft
[2007/10/04 07:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TrueSwitch
[2006/12/10 09:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WholeSecurity
[2005/05/05 13:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.AND2011SYS\Application Data\InterMute
[2005/05/05 13:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.AND2011SYS\Application Data\SampleView
[2005/05/05 13:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterMute
[2005/05/05 13:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView

========== Purity Check ==========



< End of report >
  • 0

#15
sidhedraoi
Posted 02 April 2013 - 02:29 PM

sidhedraoi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
so far so good as I have removed a shite load of things as I am getting ready to give this tower back to my mother...thank you for your help...next time you see me it will be on Window 8...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP