[kelvinb]

Pls Help

this is driving a team of us round the twist.......

For no apparent reason at switch this morning on all my personal settings are gone.

Desktop seems to have reverted to original Guest settings all mine missing.

KB not running normal European mode

Can't open MSCONFIG or REGEDIT

Can't create new user account

Can't download new antivirus - all downloads blocked

Can't access OE or local server databases

Can't open XP in SafeMode

Even when logged in as an Administrator - pc says administrator rights required.

I have tried several times to do a restore point without success.

Concensus is possible Trojan ????

Any advice gratefully received

H E L P !!!!!!!!!!


Just tried downloading OTL - download blocked
Downloaded it on another machine and copied to desktop - cant open it

'' Windows cannot access the specified device, path or file - you may not have the appropriate permissions to access the item ''

thanks again

Edited by kelvinb, 25 February 2014 - 05:51 AM.

[Advertisements]

Welcome to GeeksToGo, kelvinb

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.





!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

 

• Download here to your Desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to the CD

Next,

• connect the USB Flash Drive
• Download FRST and save it to the root of the USB Flash Drive.

Next,

• Reboot the "bad computer" using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• When you see a message with Starting REATOGO-X-PE connect the USB Flash Drive
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
• After fully load your system should now display a REATOGO-X-PE desktop.
• Double click the My Computer Icon, next open the drive corresponding to your flash drive
• Execute FRST by double clicking on the icon
  (When the Tool opens for the first time you must click Yes on the disclaimer.)

• Press Scan button.
• It will produce a log called (FRST.txt) in the same directory the Tool is run from.
• Open the Start Menu and click Shutdown to close the REATOGO-X-PE
• Insert the Flash Drive on the working computer, then locate and open the FRST.txt log
• Please copy and paste the log contents to your post.

[Machiavelli]

Welcome to GeeksToGo, kelvinb

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.





!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

 

• Download here to your Desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to the CD

Next,

• connect the USB Flash Drive
• Download FRST and save it to the root of the USB Flash Drive.

Next,

• Reboot the "bad computer" using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• When you see a message with Starting REATOGO-X-PE connect the USB Flash Drive
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
• After fully load your system should now display a REATOGO-X-PE desktop.
• Double click the My Computer Icon, next open the drive corresponding to your flash drive
• Execute FRST by double clicking on the icon
  (When the Tool opens for the first time you must click Yes on the disclaimer.)

• Press Scan button.
• It will produce a log called (FRST.txt) in the same directory the Tool is run from.
• Open the Start Menu and click Shutdown to close the REATOGO-X-PE
• Insert the Flash Drive on the working computer, then locate and open the FRST.txt log
• Please copy and paste the log contents to your post.

[kelvinb]

Hello M

thanks for your assistance

copy as requested



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2014 01
Ran by SYSTEM on REATOGO on 25-02-2014 16:44:30
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2013-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AML Registry Cleaner] - C:\Program Files\AML Products\Registry Cleaner\regclean.exe /min
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\RunOnce: [*Restore] - C:\WINDOWS\system32\restore\rstrui.exe -i [380416 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxsrvc.dll (Intel Corporation)
HKU\Administrator\...\Run: [H/PC Connection Agent] - C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKU\Administrator\...\Run: [Google Update] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-07-14] (Google Inc.)

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-19] (AVG Technologies CZ, s.r.o.)
S2 Sage SData Service; C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe [49152 2009-12-16] (Sage (UK) Limited)
S2 WebCake Desktop Updater; No ImagePath

==================== Drivers (Whitelisted) ====================

S3 ADM8511; C:\Windows\System32\DRIVERS\ADM8511.SYS [20160 2001-08-17] (ADMtek Incorporated)
S3 bkrwbk; C:\Windows\System32\DRIVERS\bkrwbk.sys [83400 2012-11-28] (MCCI Corporation)
S3 bkrwbus; C:\Windows\System32\DRIVERS\bkrwbus.sys [136520 2012-11-28] (MCCI Corporation)
S3 E1000; C:\Windows\System32\DRIVERS\e1000325.sys [121856 2003-07-11] (Intel Corporation)
S1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-12-13] ()
S3 RapportIaso; c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [63320 2014-02-03] (Trusteer Ltd.)
S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S3 aeaudio; system32\drivers\aeaudio.sys [X]
S0 cerc6; No ImagePath
S3 smwdm; system32\drivers\smwdm.sys [X]
S1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-25 16:44 - 2014-02-25 16:44 - 00000000 ___DC () C:\FRST
2014-02-25 08:48 - 2014-02-25 09:28 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
2014-02-25 08:00 - 2014-02-25 08:03 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-25 07:32 - 2001-08-17 08:48 - 00012160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys
2014-02-25 06:46 - 2014-02-25 06:45 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\TEMP\Desktop\OTL.exe
2014-02-25 05:57 - 2014-02-25 06:09 - 00000000 ____D () C:\Documents and Settings\TEMP\Desktop\AVAST
2014-02-25 05:38 - 2014-02-25 05:38 - 00004166 _____ () C:\Windows\WgaNotify.log
2014-02-25 05:10 - 2014-02-24 11:36 - 06590464 _____ () C:\Documents and Settings\TEMP\Desktop\SERVICE RECORD 2.mdb
2014-02-25 05:02 - 2014-02-25 05:02 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Application Data\Sage
2014-02-25 04:58 - 2014-02-25 04:58 - 00000000 ____D () C:\Windows\System32\Trusteer
2014-02-25 04:55 - 2014-02-25 04:55 - 00031592 _____ () C:\Documents and Settings\TEMP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-02-25 04:55 - 2014-02-25 04:55 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Application Data\Google
2014-02-25 04:54 - 2014-02-25 05:12 - 00002457 _____ () C:\Documents and Settings\TEMP\Desktop\Microsoft Access.lnk
2014-02-25 04:54 - 2014-02-25 04:54 - 00000000 ____D () C:\Documents and Settings\TEMP\Desktop\Trade Prices
2014-02-25 04:54 - 2014-02-25 04:54 - 00000000 ____D () C:\Documents and Settings\TEMP\Desktop\STUFF
2014-02-25 04:54 - 2014-02-25 04:54 - 00000000 ____D () C:\Documents and Settings\TEMP\Desktop\OLD HDD
2014-02-25 04:54 - 2014-01-10 06:00 - 00251598 _____ () C:\Documents and Settings\TEMP\Desktop\E - Template.eml
2014-02-25 04:54 - 2013-12-06 10:03 - 00000180 _____ () C:\Documents and Settings\TEMP\Desktop\New Internet Shortcut.url
2014-02-25 04:54 - 2013-11-25 04:50 - 00252565 _____ () C:\Documents and Settings\TEMP\Desktop\PO Template.eml
2014-02-25 04:54 - 2013-10-11 09:42 - 00000190 _____ () C:\Documents and Settings\TEMP\Desktop\jobcards.url
2014-02-25 04:54 - 2013-10-07 03:22 - 00000828 _____ () C:\Documents and Settings\TEMP\Desktop\Entel Srl Nr Mismatch.lnk
2014-02-25 04:54 - 2013-10-07 03:18 - 00000608 _____ () C:\Documents and Settings\TEMP\Desktop\E - Quotes.lnk
2014-02-25 04:54 - 2013-09-30 07:01 - 00000390 _____ () C:\Documents and Settings\TEMP\Desktop\Spoton™ Activation.appref-ms
2014-02-25 04:54 - 2013-07-24 03:35 - 00000605 _____ () C:\Documents and Settings\TEMP\Desktop\Brochures.lnk
2014-02-25 04:54 - 2013-07-24 03:30 - 00000623 _____ () C:\Documents and Settings\TEMP\Desktop\L I C E N C E S.lnk
2014-02-25 04:54 - 2013-07-24 03:27 - 00000617 _____ () C:\Documents and Settings\TEMP\Desktop\Method + Risk.lnk
2014-02-25 04:54 - 2013-07-24 03:26 - 00000635 _____ () C:\Documents and Settings\TEMP\Desktop\User + Svc Manuals.lnk
2014-02-25 04:54 - 2013-07-19 08:20 - 00000692 _____ () C:\Documents and Settings\TEMP\Desktop\WinRAR.lnk
2014-02-25 04:54 - 2013-07-11 09:10 - 00000636 _____ () C:\Documents and Settings\TEMP\Desktop\Shortcut to TTL prices.lnk
2014-02-25 04:54 - 2013-07-04 06:51 - 00000599 _____ () C:\Documents and Settings\TEMP\Desktop\TTL Pix.lnk
2014-02-25 04:54 - 2013-05-15 10:25 - 00000597 _____ () C:\Documents and Settings\TEMP\Desktop\S E R V E R.lnk
2014-02-25 04:54 - 2013-03-08 04:21 - 00000784 _____ () C:\Documents and Settings\TEMP\Desktop\Phone Calls.lnk
2014-02-25 04:54 - 2013-03-06 11:34 - 00000766 _____ () C:\Documents and Settings\TEMP\Desktop\Rental DB.lnk
2014-02-25 04:54 - 2013-03-06 06:35 - 00000784 _____ () C:\Documents and Settings\TEMP\Desktop\Service Records.lnk
2014-02-25 04:54 - 2012-08-09 05:39 - 00000330 _____ () C:\Documents and Settings\TEMP\Desktop\Spoton™ v6.appref-ms
2014-02-25 04:54 - 2012-07-13 10:02 - 00000104 _____ () C:\Documents and Settings\TEMP\Desktop\Shortcut to Internet.lnk
2014-02-25 04:54 - 2012-07-13 09:44 - 00000104 _____ () C:\Documents and Settings\TEMP\Desktop\Shortcut to E-mail.lnk
2014-02-25 04:54 - 2011-12-19 11:04 - 00000665 _____ () C:\Documents and Settings\TEMP\Desktop\Shortcut to Sage.lnk
2014-02-25 04:54 - 2006-04-28 05:39 - 00045568 _____ (Atribune.org) C:\Documents and Settings\TEMP\Desktop\ATF-Cleaner.exe
2014-02-25 04:52 - 2014-02-25 04:52 - 00002528 _____ () C:\Documents and Settings\TEMP\Application Data\$_hpcst$.hpc
2014-02-25 04:35 - 2014-02-25 04:35 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\TuneUp Software
2014-02-25 04:30 - 2014-02-25 04:30 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Application Data\MFAData
2014-02-25 04:30 - 2014-02-25 04:30 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Application Data\Avg2013
2014-02-25 04:30 - 2014-02-25 04:30 - 00000000 ____D () C:\Documents and Settings\TEMP\Desktop\Trusteer
2014-02-25 03:53 - 2014-02-25 03:53 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Application Data\Trusteer
2014-02-25 03:47 - 2014-02-25 03:47 - 00000020 ___SH () C:\Documents and Settings\TEMP\ntuser.ini
2014-02-14 13:05 - 2014-02-14 13:05 - 00000000 __HDC () C:\Windows\$NtUninstallKB2916036$
2014-02-14 12:22 - 2014-02-14 12:23 - 00011944 _____ () C:\Windows\KB2909921-IE8.log
2014-02-14 12:20 - 2014-02-14 12:22 - 00005174 _____ () C:\Windows\KB2909210-IE8.log
2014-02-14 04:08 - 2014-02-14 13:05 - 00014437 _____ () C:\Windows\KB2916036.log
2014-02-10 06:35 - 2014-02-10 06:35 - 00107256 _____ (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys

==================== One Month Modified Files and Folders =======

2014-02-25 16:44 - 2014-02-25 16:44 - 00000000 ___DC () C:\FRST
2014-02-25 11:29 - 2011-12-15 11:06 - 00032634 _____ () C:\Windows\SchedLgU.Txt
2014-02-25 11:29 - 2011-12-15 10:58 - 01130535 _____ () C:\Windows\WindowsUpdate.log
2014-02-25 11:29 - 2011-12-15 10:35 - 00000293 _____ () C:\Windows\wiadebug.log
2014-02-25 11:29 - 2011-12-15 10:35 - 00000050 _____ () C:\Windows\wiaservc.log
2014-02-25 11:28 - 2011-12-15 10:30 - 00080237 _____ () C:\Windows\setupapi.log
2014-02-25 11:28 - 2008-04-14 07:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
2014-02-25 09:28 - 2014-02-25 08:48 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
2014-02-25 08:03 - 2014-02-25 08:00 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-25 07:56 - 2011-12-15 10:30 - 00173965 _____ () C:\Windows\setupact.log
2014-02-25 06:45 - 2014-02-25 06:46 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\TEMP\Desktop\OTL.exe
2014-02-25 06:09 - 2014-02-25 05:57 - 00000000 ____D () C:\Documents and Settings\TEMP\Desktop\AVAST
2014-02-25 05:38 - 2014-02-25 05:38 - 00004166 _____ () C:\Windows\WgaNotify.log
2014-02-25 05:38 - 2011-12-16 06:13 - 00013367 _____ () C:\Windows\spupdsvc.log
2014-02-25 05:35 - 2011-12-15 10:30 - 01054783 _____ () C:\Windows\setupapi.log.0.old
2014-02-25 05:17 - 2011-12-15 10:31 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-25 05:12 - 2014-02-25 04:54 - 00002457 _____ () C:\Documents and Settings\TEMP\Desktop\Microsoft Access.lnk
2014-02-25 05:03 - 2011-12-16 06:42 - 00000679 _____ () C:\Windows\ODBC.INI
2014-02-25 05:02 - 2014-02-25 05:02 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Application Data\Sage
2014-02-25 05:02 - 2008-04-14 07:00 - 00001561 _____ () C:\Windows\win.ini
2014-02-25 04:58 - 2014-02-25 04:58 - 00000000 ____D () C:\Windows\System32\Trusteer
2014-02-25 04:55 - 2014-02-25 04:55 - 00031592 _____ () C:\Documents and Settings\TEMP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-02-25 04:55 - 2014-02-25 04:55 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Application Data\Google
2014-02-25 04:54 - 2014-02-25 04:54 - 00000000 ____D () C:\Documents and Settings\TEMP\Desktop\Trade Prices
2014-02-25 04:54 - 2014-02-25 04:54 - 00000000 ____D () C:\Documents and Settings\TEMP\Desktop\STUFF
2014-02-25 04:54 - 2014-02-25 04:54 - 00000000 ____D () C:\Documents and Settings\TEMP\Desktop\OLD HDD
2014-02-25 04:52 - 2014-02-25 04:52 - 00002528 _____ () C:\Documents and Settings\TEMP\Application Data\$_hpcst$.hpc
2014-02-25 04:41 - 2011-12-15 10:30 - 00161936 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-02-25 04:39 - 2012-11-21 05:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-02-25 04:35 - 2014-02-25 04:35 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\TuneUp Software
2014-02-25 04:30 - 2014-02-25 04:30 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Application Data\MFAData
2014-02-25 04:30 - 2014-02-25 04:30 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Application Data\Avg2013
2014-02-25 04:30 - 2014-02-25 04:30 - 00000000 ____D () C:\Documents and Settings\TEMP\Desktop\Trusteer
2014-02-25 03:53 - 2014-02-25 03:53 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Application Data\Trusteer
2014-02-25 03:47 - 2014-02-25 03:47 - 00000020 ___SH () C:\Documents and Settings\TEMP\ntuser.ini
2014-02-25 03:47 - 2011-12-15 10:31 - 00002048 ____C () C:\Windows\regopt.log
2014-02-25 03:47 - 2011-12-15 10:29 - 00001024 ____H () C:\Windows\System32\config\userdiff.LOG
2014-02-24 11:46 - 2011-12-15 11:07 - 00000278 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-24 11:36 - 2014-02-25 05:10 - 06590464 _____ () C:\Documents and Settings\TEMP\Desktop\SERVICE RECORD 2.mdb
2014-02-24 06:38 - 2011-12-19 11:02 - 00000640 _____ () C:\Windows\System32\SGLCH32.USR
2014-02-19 07:13 - 2012-07-13 09:32 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Trade Prices
2014-02-18 05:38 - 2013-12-11 07:33 - 00000000 ____D () C:\Program Files\GUMF48.tmp
2014-02-18 05:38 - 2013-12-09 08:34 - 00000000 ____D () C:\Program Files\GUMF62.tmp
2014-02-17 04:31 - 2011-12-19 10:45 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-17 03:41 - 2012-07-14 04:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
2014-02-14 13:05 - 2014-02-14 13:05 - 00000000 __HDC () C:\Windows\$NtUninstallKB2916036$
2014-02-14 13:05 - 2014-02-14 04:08 - 00014437 _____ () C:\Windows\KB2916036.log
2014-02-14 13:05 - 2011-12-16 06:13 - 00092828 _____ () C:\Windows\updspapi.log
2014-02-14 13:05 - 2011-12-15 10:31 - 01430718 _____ () C:\Windows\iis6.log
2014-02-14 13:05 - 2011-12-15 10:31 - 01214963 _____ () C:\Windows\FaxSetup.log
2014-02-14 13:05 - 2011-12-15 10:31 - 00625276 _____ () C:\Windows\ocgen.log
2014-02-14 13:05 - 2011-12-15 10:31 - 00573704 _____ () C:\Windows\tsoc.log
2014-02-14 13:05 - 2011-12-15 10:31 - 00416843 _____ () C:\Windows\comsetup.log
2014-02-14 13:05 - 2011-12-15 10:31 - 00390644 _____ () C:\Windows\msmqinst.log
2014-02-14 13:05 - 2011-12-15 10:31 - 00255305 _____ () C:\Windows\ntdtcsetup.log
2014-02-14 13:05 - 2011-12-15 10:31 - 00215487 _____ () C:\Windows\netfxocm.log
2014-02-14 13:05 - 2011-12-15 10:31 - 00086326 _____ () C:\Windows\MedCtrOC.log
2014-02-14 13:05 - 2011-12-15 10:31 - 00069393 _____ () C:\Windows\ocmsn.log
2014-02-14 13:05 - 2011-12-15 10:31 - 00062266 _____ () C:\Windows\msgsocm.log
2014-02-14 13:05 - 2011-12-15 10:31 - 00061006 _____ () C:\Windows\tabletoc.log
2014-02-14 13:05 - 2011-12-15 10:31 - 00001374 _____ () C:\Windows\imsins.log
2014-02-14 13:04 - 2011-12-15 10:31 - 00629148 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-14 12:23 - 2014-02-14 12:22 - 00011944 _____ () C:\Windows\KB2909921-IE8.log
2014-02-14 12:23 - 2011-12-15 10:31 - 00001374 _____ () C:\Windows\imsins.BAK
2014-02-14 12:22 - 2014-02-14 12:20 - 00005174 _____ () C:\Windows\KB2909210-IE8.log
2014-02-14 12:22 - 2011-12-16 06:13 - 00000000 ____D () C:\Windows\ie8updates
2014-02-10 06:35 - 2014-02-10 06:35 - 00107256 _____ (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
2014-02-05 22:54 - 2008-04-14 07:00 - 00174592 ____N (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-05 22:54 - 2008-04-14 07:00 - 00174592 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe
2014-02-05 22:54 - 2008-04-14 07:00 - 00174592 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe
2014-02-05 18:26 - 2013-03-01 05:44 - 00522240 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2013-03-01 05:44 - 00522240 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2011-12-16 06:08 - 11113472 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2014-02-05 18:26 - 2011-12-16 06:08 - 11113472 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2014-02-05 18:26 - 2011-12-16 06:08 - 02006016 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2014-02-05 18:26 - 2011-12-16 06:08 - 02006016 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2014-02-05 18:26 - 2011-12-16 06:08 - 00743424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2011-12-16 06:08 - 00743424 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2011-12-16 06:08 - 00630272 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2011-12-16 06:08 - 00630272 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2011-12-16 06:08 - 00247808 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2011-12-16 06:08 - 00247808 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2011-12-16 06:08 - 00055296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2011-12-16 06:08 - 00055296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2011-12-16 06:08 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2014-02-05 18:26 - 2011-12-16 06:08 - 00012800 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2014-02-05 18:26 - 2011-12-15 10:57 - 00759296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\vgx.dll
2014-02-05 18:26 - 2011-12-15 10:57 - 00759296 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\vgx.dll
2014-02-05 18:26 - 2009-03-07 23:39 - 11113472 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-05 18:26 - 2009-03-07 23:32 - 02006016 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-05 18:26 - 2009-03-07 23:32 - 00630272 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-05 18:26 - 2009-03-07 23:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 06021120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 06021120 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 06021120 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 01469440 ____N (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-05 18:26 - 2008-04-14 07:00 - 01469440 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2008-04-14 07:00 - 01469440 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2008-04-14 07:00 - 01216000 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 01216000 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 01216000 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00920064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00920064 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00920064 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00611840 ____N (Microsoft Corporation) C:\Windows\System32\mstime.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00611840 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00611840 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00387584 ____N (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00387584 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00387584 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00206848 ____N (Microsoft Corporation) C:\Windows\System32\occache.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00206848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00206848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00184320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00184320 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00105984 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00105984 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00067072 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00067072 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00043520 ____N (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00043520 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00043520 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00025600 ____N (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00025600 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00025600 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00018944 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\corpol.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00018944 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\corpol.dll
2014-02-05 18:26 - 2008-04-14 07:00 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\corpol.dll
2014-02-05 17:24 - 2008-04-14 07:00 - 00385024 ____N (Microsoft Corporation) C:\Windows\System32\html.iec
2014-02-04 14:09 - 2011-12-16 06:09 - 85946576 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 1014.99 MB
Available physical RAM: 818.24 MB
Total Pagefile: 902.67 MB
Available Pagefile: 837.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.44 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:18.61 GB) (Free:1.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:0.47 GB) (Free:0.35 GB) FAT
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 19 GB) (Disk ID: 19561955)
Partition 1: (Active) - (Size=19 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 481 MB) (Disk ID: 73696420)
No partition Table on disk 1.

==================== End Of Log ============================



fingers crossed

hope this helps

regards

K

[Machiavelli]

The Logs look pretty good. Weird.

===== > Step 1: FRST Fix < =====

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

S2 WebCake Desktop Updater; No ImagePath
S0 cerc6; No ImagePath

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


On Windows XP: Now please boot into the PE (Preinstallation Environment) disk. (like you did before)

Run FRST and press the Fix button just once and wait.
The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.

=====> Step 2: < =====

Then try to run instead of OTL FRST in normal Mode . Follow the instructions below.

Please move FRST.exe from your USB Stick to your Desktop.

• Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
• Double-click FRST.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
• When the disclaimer appears, click Yes.
• Click Scan to start FRST.
• When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
• Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

===== > Step 3: Question time < =====

Can't open MSCONFIG or REGEDIT

Any error message?

Can't download new antivirus - all downloads blocked

Any error message?

Can't open XP in SafeMode

Any error etc.?

[kelvinb]

Hello again

first fix done

copy log as follows:



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-02-2014 01
Ran by SYSTEM at 2014-02-26 09:14:40 Run:1
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
S2 WebCake Desktop Updater; No ImagePath
S0 cerc6; No ImagePath
*****************

WebCake Desktop Updater => Service deleted successfully.
cerc6 => Service deleted successfully.

==== End






I have put FRST on desktop in normal mode but get the message '' windows cant open etc etc ''

I will keep trying until your next post

thanks again

K

[kelvinb]

FYI

I have manged to get the PC running in SAFE MODE

FRST visibile on desk top but wont run - same message


'' Windows cannot access etc etc ''


thought I let you know

regds

K

[Machiavelli]

Try the step(s) below in normal mode. If it isn't working please try it to do in Safe Mode.

===== > Step 1: ComboFix < =====

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Please download Combofix from one of the following locations:

Download Mirror #1
Download Mirror #2
Download Mirror #3

Note: You must save this directly to your Desktop.

• Save any open documents, then close any open programs.
• Disable all anti-virus and anti-malware software to prevent them inhibiting Combofix in any way. If you are unsure how to do this, see THIS
  
• Double-click on combofix.exe then follow the on screen prompts
• When Combofix finishes, it will open the log. Please Copy (Ctrl + C) and Paste (Ctrl + V) all of this text into your next post.

If, for whatever reason, the log does not open, it can be found in this location: C:\combofix.txt

 

Things I need to see next post:

• C:\combofix.txt

[kelvinb]

Hello again


downloads direct to PC are coming up as


'' Failed - Blocked ''

from all Combofix mirrors

When downloaded on a good PC transferred to stick and placed on bad PC desktop I get
the same old story

'' Windows cannot access etc etc ''


back to you

cheers

K

[Machiavelli]

===== > Step 1: OTLPE < =====

• Download OTLPEStd.exe to your desktop
• Download OTLPENet.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Drag and drop this attached scan.txt into the Custom scans and fixes box
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[kelvinb]

Hello Again

a couple of things

1. unable to copy both OTPLstd and OTPLnet to same disk as second download asks to delete the first.

2. ran the OTPLstd but didnt get asked for Remote Memory Registry,

OTL txt from this scan attached below.

Q ? - should I repeat the above using the OTPLnet boot disk and paste results ?

pls advise


regards

K


OTL logfile created on: 2/27/2014 12:41:51 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 785.00 Mb Available Physical Memory | 77.00% Memory free
903.00 Mb Paging File | 814.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.61 Gb Total Space | 0.93 Gb Free Space | 4.98% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2014/02/10 06:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/11/19 20:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 09:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/03 09:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/12/16 15:09:34 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Auto] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (smwdm)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (aeaudio)
DRV - [2014/02/10 06:35:40 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/02/10 06:35:40 | 000,155,704 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/02/10 06:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/12/13 03:01:17 | 000,340,432 | ---- | M] () [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2012/11/28 10:42:28 | 000,136,520 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bkrwbus.sys -- (bkrwbus)
DRV - [2012/11/28 10:42:28 | 000,083,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bkrwbk.sys -- (bkrwbk)
DRV - [2012/06/11 08:17:44 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012/06/11 08:17:44 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/08/17 03:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/08/17 03:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2001/08/17 07:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=971255584&ir=


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-se...913_c1&tsp=5010
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - File not found
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
O4 - HKLM..\Run: [AML Registry Cleaner] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\TEMP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 0.0.0.0
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/19 09:00:07 | 000,000,040 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2014/02/25 16:44:12 | 000,000,000 | ---D | C] -- C:\FRST
[2014/02/25 08:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/02/25 05:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Sage
[2014/02/25 04:58:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Trusteer
[2014/02/25 04:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Google
[2014/02/25 04:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Avg2013
[2014/02/25 04:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\MFAData
[2014/02/25 03:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Trusteer
[2014/02/25 03:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft
[2014/02/10 06:35:40 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2010/02/09 06:32:16 | 000,184,320 | R--- | C] ( ) -- C:\WINDOWS\System32\SgE.interop.MSXML2.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/27 04:23:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/27 04:23:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\BitGuard.job
[2014/02/27 03:52:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/27 03:45:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1214440339-1644491937-500UA.job
[2014/02/26 08:45:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1214440339-1644491937-500Core.job
[2014/02/25 09:28:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/02/25 05:03:35 | 000,000,679 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2014/02/25 04:41:00 | 000,161,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/02/24 10:40:24 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2014/02/24 06:38:27 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2014/02/24 03:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
[2014/02/18 06:04:31 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2014/02/14 13:04:14 | 000,541,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/14 13:04:14 | 000,096,742 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/14 12:23:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/10 06:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/02/05 22:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/05 22:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/05 18:26:52 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/05 18:26:51 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/05 18:26:50 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/05 18:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/05 18:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/05 18:26:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/05 18:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/05 18:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/05 18:26:48 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/05 18:26:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/05 18:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/05 18:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/05 18:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/05 18:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/05 18:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/05 18:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/05 18:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/05 18:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/05 18:26:42 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/05 18:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/05 18:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/05 18:26:42 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/05 18:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/05 18:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/05 18:26:40 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/05 18:26:38 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/05 18:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/05 18:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/05 18:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/05 18:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 17:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/25 08:48:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/04 10:56:28 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2013/06/17 12:52:21 | 000,000,096 | ---- | C] () -- C:\WINDOWS\CPS.INI
[2013/03/12 04:39:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2013/03/07 04:23:37 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/01 05:42:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/02/21 10:08:15 | 000,000,062 | ---- | C] () -- C:\WINDOWS\Trick.INI
[2011/12/16 06:42:23 | 000,000,679 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/12/16 05:32:41 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2011/12/15 11:04:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/15 10:56:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/15 10:31:45 | 000,004,629 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/15 10:30:23 | 000,161,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/09 06:33:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SgELauncher.dll
[2010/02/09 06:33:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\SgEData.dll
[2009/12/24 07:11:10 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGList32.dll
[2009/12/24 07:11:04 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTool32.dll
[2009/12/24 07:11:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGIntl32.dll
[2009/12/24 07:10:58 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHelp32.dll
[2009/12/24 07:10:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDt32.dll
[2009/12/24 07:10:52 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2009/12/24 07:10:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2009/12/24 07:10:40 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2009/12/24 07:10:34 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2009/12/24 07:10:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCom32.dll
[2009/12/24 07:09:52 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2009/12/24 07:09:48 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2009/12/24 07:09:44 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2009/07/27 10:15:32 | 000,001,205 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[2008/12/22 05:28:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2008/12/01 10:37:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe
[2008/12/01 10:36:12 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2008/12/01 10:36:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2008/12/01 10:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2008/12/01 10:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2008/12/01 10:36:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2008/12/01 10:35:56 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2008/12/01 10:35:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2008/12/01 10:35:34 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,541,014 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,096,742 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/11/01 11:41:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2006/11/01 11:41:16 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2005/08/23 08:12:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll
[2005/08/22 03:32:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\REPDES32.EXE
[2005/04/15 11:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 11:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/06/09 05:57:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Install.exe
[2002/04/16 06:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[1999/10/25 04:53:58 | 000,015,917 | ---- | C] () -- C:\WINDOWS\Sage.ini
[1998/03/25 19:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll

========== LOP Check ==========

[2013/05/09 10:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Babylon
[2012/11/14 10:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2012/11/21 05:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2013/11/13 05:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGM
[2013/01/23 04:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2012/11/21 05:13:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/17 06:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2014/02/25 04:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/10/19 03:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011/12/19 11:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
[2013/07/24 07:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/09/19 07:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/01/16 09:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2014/02/27 04:23:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\BitGuard.job
[2013/01/23 04:09:57 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\ROC_REG_JAN_DELETE.job

========== Purity Check ==========



========== Custom Scans ==========


< +OTL logfile created on: 2/27/2014 10:22:39 AM - Run >
Invalid Switch: 2014 10:22:39 AM - Run

< OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE >

< Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM >

< Internet Explorer (Version = 8.0.6001.18702) >

< Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy >
Invalid Switch: yyyy



< 1,015.00 Mb Total Physical Memory | 827.00 Mb Available Physical Memory | 81.00% Memory free >

< 903.00 Mb Paging File | 848.00 Mb Available in Paging File | 94.00% Paging File free >

< Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] >


< %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files >

< Drive C: | 18.61 Gb Total Space | 0.93 Gb Free Space | 4.98% Space Free | Partition Type: NTFS >

< Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS >


< Computer Name: REATOGO | User Name: SYSTEM >

< Boot Mode: Normal | Scan Mode: All users >

< Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >

< Using ControlSet: ControlSet001 >


< ========== Win32 Services (SafeList) ========== >
Invalid Switch: color]



< SRV - [2014/02/10 06:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) >
Invalid Switch: 10 06:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)


< SRV - [2013/11/19 20:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd) >
Invalid Switch: 19 20:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)


< SRV - [2013/07/04 09:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) >
Invalid Switch: 04 09:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)


< SRV - [2012/10/03 09:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) >
Invalid Switch: 03 09:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


< SRV - [2009/12/16 15:09:34 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Auto] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service) >
Invalid Switch: 16 15:09:34 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Auto] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)




< ========== Driver Services (SafeList) ========== >
Invalid Switch: color]



< DRV - File not found [Kernel | On_Demand] -- -- (WDICA) >

< DRV - File not found [Kernel | On_Demand] -- -- (smwdm) >

< DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) >

< DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) >

< DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) >

< DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) >

< DRV - File not found [Kernel | System] -- -- (PCIDump) >

< DRV - File not found [Kernel | System] -- -- (lbrtfdc) >

< DRV - File not found [Kernel | System] -- -- (i2omgmt) >

< DRV - File not found [Kernel | System] -- -- (Changer) >

< DRV - File not found [Kernel | On_Demand] -- -- (aeaudio) >

< DRV - [2014/02/10 06:35:40 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) >
Invalid Switch: 10 06:35:40 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)


< DRV - [2014/02/10 06:35:40 | 000,155,704 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI) >
Invalid Switch: 10 06:35:40 | 000,155,704 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)


< DRV - [2014/02/10 06:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL) >
Invalid Switch: 10 06:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)


< DRV - [2013/12/13 03:01:17 | 000,340,432 | ---- | M] () [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849) >
Invalid Switch: 13 03:01:17 | 000,340,432 | ---- | M] () [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)


< DRV - [2012/11/28 10:42:28 | 000,136,520 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bkrwbus.sys -- (bkrwbus) >
Invalid Switch: 28 10:42:28 | 000,136,520 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bkrwbus.sys -- (bkrwbus)


< DRV - [2012/11/28 10:42:28 | 000,083,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bkrwbk.sys -- (bkrwbk) >
Invalid Switch: 28 10:42:28 | 000,083,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bkrwbk.sys -- (bkrwbk)


< DRV - [2012/06/11 08:17:44 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) >
Invalid Switch: 11 08:17:44 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)


< DRV - [2012/06/11 08:17:44 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) >
Invalid Switch: 11 08:17:44 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)


< DRV - [2011/08/17 03:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) >
Invalid Switch: 17 03:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)


< DRV - [2011/08/17 03:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) >
Invalid Switch: 17 03:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)


< DRV - [2001/08/17 07:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511) >
Invalid Switch: 17 07:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)




< ========== Standard Registry (SafeList) ========== >
Invalid Switch: color]




< ========== Internet Explorer ========== >
Invalid Switch: color]



< IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=971255584&ir= >
Invalid Switch: ?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtDzzyByEtCtA0AtCyBzytDtA0E0CtN0D0Tzu0CyDyBtDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=971255584&ir=




< IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >


< IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-se...913_c1&tsp=5010 >
Invalid Switch: ?babsrc=HP_ss&mntrId=286800087413A179&affID=120107&tt=160913_c1&tsp=5010


< IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >




< IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >



< FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) >
Invalid Switch: pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)


< FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) >
Invalid Switch: NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)


< FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) >
Invalid Switch: WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


< FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) >
Invalid Switch: pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)


< FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) >
Invalid Switch: pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)


< FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)


< FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)





< O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts >
Invalid Switch: 14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts


< O1 - Hosts: 127.0.0.1 localhost >

< O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - File not found >

< O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found >

< O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >

< O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found >

< O4 - HKLM..\Run: [AML Registry Cleaner] File not found >

< O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) >

< O4 - HKLM..\Run: [KernelFaultCheck] File not found >

< O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation) >

< O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

< O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

< O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

< O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

< O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 >

< O7 - HKU\TEMP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 >

< O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 0.0.0.0 >

< O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) >

< O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) >

< O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp >

< O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp >

< O32 - HKLM CDRom: AutoRun - 1 >

< O32 - AutoRun File - [2011/12/19 09:00:07 | 000,000,040 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] >
Invalid Switch: 19 09:00:07 | 000,000,040 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]


< O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] >
Invalid Switch: 24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]


< O34 - HKLM BootExecute: (autocheck autochk *) - File not found >

< O35 - HKLM\..comfile [open] -- "%1" %* >

< O35 - HKLM\..exefile [open] -- "%1" %* >

< O37 - HKLM\...com [@ = comfile] -- "%1" %* >

< O37 - HKLM\...exe [@ = exefile] -- "%1" %* >


< ========== Files/Folders - Created Within 30 Days ========== >
Invalid Switch: color]



< [2014/02/25 16:44:12 | 000,000,000 | ---D | C] -- C:\FRST >
Invalid Switch: 25 16:44:12 | 000,000,000 | ---D | C] -- C:\FRST


< [2014/02/25 08:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT >
Invalid Switch: 25 08:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT


< [2014/02/25 05:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Sage >
Invalid Switch: 25 05:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Sage


< [2014/02/25 04:58:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Trusteer >
Invalid Switch: 25 04:58:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Trusteer


< [2014/02/25 04:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Google >
Invalid Switch: 25 04:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Google


< [2014/02/25 04:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Avg2013 >
Invalid Switch: 25 04:30:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Avg2013


< [2014/02/25 04:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\MFAData >
Invalid Switch: 25 04:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\MFAData


< [2014/02/25 03:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Trusteer >
Invalid Switch: 25 03:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Trusteer


< [2014/02/25 03:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft >
Invalid Switch: 25 03:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft


< [2014/02/10 06:35:40 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys >
Invalid Switch: 10 06:35:40 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys


< [2010/02/09 06:32:16 | 000,184,320 | R--- | C] ( ) -- C:\WINDOWS\System32\SgE.interop.MSXML2.dll >
Invalid Switch: 09 06:32:16 | 000,184,320 | R--- | C] ( ) -- C:\WINDOWS\System32\SgE.interop.MSXML2.dll


< [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >

< [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] >

< [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >


< ========== Files - Modified Within 30 Days ========== >
Invalid Switch: color]



< [2014/02/27 04:23:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat >
Invalid Switch: 27 04:23:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat


< [2014/02/27 04:23:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\BitGuard.job >
Invalid Switch: 27 04:23:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\BitGuard.job


< [2014/02/27 03:52:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl >
Invalid Switch: 27 03:52:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl


< [2014/02/27 03:45:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1214440339-1644491937-500UA.job >
Invalid Switch: 27 03:45:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1214440339-1644491937-500UA.job


< [2014/02/26 08:45:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1214440339-1644491937-500Core.job >
Invalid Switch: 26 08:45:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1214440339-1644491937-500Core.job


< [2014/02/25 09:28:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat >
Invalid Switch: 25 09:28:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat


< [2014/02/25 05:03:35 | 000,000,679 | ---- | M] () -- C:\WINDOWS\ODBC.INI >
Invalid Switch: 25 05:03:35 | 000,000,679 | ---- | M] () -- C:\WINDOWS\ODBC.INI


< [2014/02/25 04:41:00 | 000,161,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT >
Invalid Switch: 25 04:41:00 | 000,161,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT


< [2014/02/24 10:40:24 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk >
Invalid Switch: 24 10:40:24 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk


< [2014/02/24 06:38:27 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR >
Invalid Switch: 24 06:38:27 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR


< [2014/02/24 03:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection >
Invalid Switch: 24 03:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection


< [2014/02/18 06:04:31 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk >
Invalid Switch: 18 06:04:31 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk


< [2014/02/14 13:04:14 | 000,541,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat >
Invalid Switch: 14 13:04:14 | 000,541,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat


< [2014/02/14 13:04:14 | 000,096,742 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat >
Invalid Switch: 14 13:04:14 | 000,096,742 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat


< [2014/02/14 12:23:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK >
Invalid Switch: 14 12:23:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK


< [2014/02/10 06:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys >
Invalid Switch: 10 06:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys


< [2014/02/05 22:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe >
Invalid Switch: 05 22:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe


< [2014/02/05 22:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe >
Invalid Switch: 05 22:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe


< [2014/02/05 18:26:52 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll >
Invalid Switch: 05 18:26:52 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll


< [2014/02/05 18:26:51 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll >
Invalid Switch: 05 18:26:51 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll


< [2014/02/05 18:26:50 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll >
Invalid Switch: 05 18:26:50 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll


< [2014/02/05 18:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll >
Invalid Switch: 05 18:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll


< [2014/02/05 18:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll >
Invalid Switch: 05 18:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll


< [2014/02/05 18:26:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll >
Invalid Switch: 05 18:26:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll


< [2014/02/05 18:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll >
Invalid Switch: 05 18:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll


< [2014/02/05 18:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll >
Invalid Switch: 05 18:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll


< [2014/02/05 18:26:48 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll >
Invalid Switch: 05 18:26:48 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll


< [2014/02/05 18:26:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll >
Invalid Switch: 05 18:26:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll


< [2014/02/05 18:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll >
Invalid Switch: 05 18:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll


< [2014/02/05 18:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll >
Invalid Switch: 05 18:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll


< [2014/02/05 18:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll >
Invalid Switch: 05 18:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll


< [2014/02/05 18:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll >
Invalid Switch: 05 18:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll


< [2014/02/05 18:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll >
Invalid Switch: 05 18:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll


< [2014/02/05 18:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll >
Invalid Switch: 05 18:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll


< [2014/02/05 18:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll >
Invalid Switch: 05 18:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll


< [2014/02/05 18:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll >
Invalid Switch: 05 18:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll


< [2014/02/05 18:26:42 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll >
Invalid Switch: 05 18:26:42 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll


< [2014/02/05 18:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl >
Invalid Switch: 05 18:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl


< [2014/02/05 18:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl >
Invalid Switch: 05 18:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl


< [2014/02/05 18:26:42 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll >
Invalid Switch: 05 18:26:42 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll


< [2014/02/05 18:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll >
Invalid Switch: 05 18:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll


< [2014/02/05 18:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll >
Invalid Switch: 05 18:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll


< [2014/02/05 18:26:40 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll >
Invalid Switch: 05 18:26:40 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll


< [2014/02/05 18:26:38 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll >
Invalid Switch: 05 18:26:38 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll


< [2014/02/05 18:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll >
Invalid Switch: 05 18:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll


< [2014/02/05 18:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll >
Invalid Switch: 05 18:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll


< [2014/02/05 18:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll >
Invalid Switch: 05 18:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll


< [2014/02/05 18:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll >
Invalid Switch: 05 18:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll


< [2014/02/05 17:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec >
Invalid Switch: 05 17:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec


< [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] >

< [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] >

< [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] >


< ========== Files Created - No Company Name ========== >
Invalid Switch: color]



< [2014/02/25 08:48:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat >
Invalid Switch: 25 08:48:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat


< [2013/07/04 10:56:28 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys >
Invalid Switch: 04 10:56:28 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys


< [2013/06/17 12:52:21 | 000,000,096 | ---- | C] () -- C:\WINDOWS\CPS.INI >
Invalid Switch: 17 12:52:21 | 000,000,096 | ---- | C] () -- C:\WINDOWS\CPS.INI


< [2013/03/12 04:39:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc >
Invalid Switch: 12 04:39:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc


< [2013/03/07 04:23:37 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
Invalid Switch: 07 04:23:37 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini


< [2013/03/01 05:42:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll >
Invalid Switch: 01 05:42:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll


< [2013/02/21 10:08:15 | 000,000,062 | ---- | C] () -- C:\WINDOWS\Trick.INI >
Invalid Switch: 21 10:08:15 | 000,000,062 | ---- | C] () -- C:\WINDOWS\Trick.INI


< [2011/12/16 06:42:23 | 000,000,679 | ---- | C] () -- C:\WINDOWS\ODBC.INI >
Invalid Switch: 16 06:42:23 | 000,000,679 | ---- | C] () -- C:\WINDOWS\ODBC.INI


< [2011/12/16 05:32:41 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll >
Invalid Switch: 16 05:32:41 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll


< [2011/12/15 11:04:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat >
Invalid Switch: 15 11:04:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat


< [2011/12/15 10:56:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat >
Invalid Switch: 15 10:56:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat


< [2011/12/15 10:31:45 | 000,004,629 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI >
Invalid Switch: 15 10:31:45 | 000,004,629 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI


< [2011/12/15 10:30:23 | 000,161,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT >
Invalid Switch: 15 10:30:23 | 000,161,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT


< [2010/02/09 06:33:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SgELauncher.dll >
Invalid Switch: 09 06:33:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SgELauncher.dll


< [2010/02/09 06:33:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\SgEData.dll >
Invalid Switch: 09 06:33:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\SgEData.dll


< [2009/12/24 07:11:10 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGList32.dll >
Invalid Switch: 24 07:11:10 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGList32.dll


< [2009/12/24 07:11:04 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTool32.dll >
Invalid Switch: 24 07:11:04 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTool32.dll


< [2009/12/24 07:11:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGIntl32.dll >
Invalid Switch: 24 07:11:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGIntl32.dll


< [2009/12/24 07:10:58 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHelp32.dll >
Invalid Switch: 24 07:10:58 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHelp32.dll


< [2009/12/24 07:10:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDt32.dll >
Invalid Switch: 24 07:10:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDt32.dll


< [2009/12/24 07:10:52 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll >
Invalid Switch: 24 07:10:52 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll


< [2009/12/24 07:10:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll >
Invalid Switch: 24 07:10:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll


< [2009/12/24 07:10:40 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll >
Invalid Switch: 24 07:10:40 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll


< [2009/12/24 07:10:34 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll >
Invalid Switch: 24 07:10:34 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll


< [2009/12/24 07:10:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCom32.dll >
Invalid Switch: 24 07:10:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCom32.dll


< [2009/12/24 07:09:52 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll >
Invalid Switch: 24 07:09:52 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll


< [2009/12/24 07:09:48 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll >
Invalid Switch: 24 07:09:48 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll


< [2009/12/24 07:09:44 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll >
Invalid Switch: 24 07:09:44 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll


< [2009/07/27 10:15:32 | 000,001,205 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI >
Invalid Switch: 27 10:15:32 | 000,001,205 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI


< [2008/12/22 05:28:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll >
Invalid Switch: 22 05:28:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll


< [2008/12/01 10:37:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe >
Invalid Switch: 01 10:37:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe


< [2008/12/01 10:36:12 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll >
Invalid Switch: 01 10:36:12 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll


< [2008/12/01 10:36:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL >
Invalid Switch: 01 10:36:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL


< [2008/12/01 10:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL >
Invalid Switch: 01 10:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL


< [2008/12/01 10:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL >
Invalid Switch: 01 10:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL


< [2008/12/01 10:36:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll >
Invalid Switch: 01 10:36:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll


< [2008/12/01 10:35:56 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL >
Invalid Switch: 01 10:35:56 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL


< [2008/12/01 10:35:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL >
Invalid Switch: 01 10:35:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL


< [2008/12/01 10:35:34 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL >
Invalid Switch: 01 10:35:34 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL


< [2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat >
Invalid Switch: 14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat


< [2008/04/14 07:00:00 | 000,541,014 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat >
Invalid Switch: 14 07:00:00 | 000,541,014 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat


< [2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat >
Invalid Switch: 14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat


< [2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat >
Invalid Switch: 14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat


< [2008/04/14 07:00:00 | 000,096,742 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat >
Invalid Switch: 14 07:00:00 | 000,096,742 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat


< [2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin >
Invalid Switch: 14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin


< [2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat >
Invalid Switch: 14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat


< [2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat >
Invalid Switch: 14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat


< [2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin >
Invalid Switch: 14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin


< [2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat >
Invalid Switch: 14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat


< [2006/11/01 11:41:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL >
Invalid Switch: 01 11:41:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL


< [2006/11/01 11:41:16 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll >
Invalid Switch: 01 11:41:16 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll


< [2005/08/23 08:12:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll >
Invalid Switch: 23 08:12:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll


< [2005/08/22 03:32:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\REPDES32.EXE >
Invalid Switch: 22 03:32:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\REPDES32.EXE


< [2005/04/15 11:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin >
Invalid Switch: 15 11:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin


< [2005/04/15 11:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat >
Invalid Switch: 15 11:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat


< [2004/06/09 05:57:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Install.exe >
Invalid Switch: 09 05:57:12 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Install.exe


< [2002/04/16 06:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv >
Invalid Switch: 16 06:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv


< [1999/10/25 04:53:58 | 000,015,917 | ---- | C] () -- C:\WINDOWS\Sage.ini >
Invalid Switch: 25 04:53:58 | 000,015,917 | ---- | C] () -- C:\WINDOWS\Sage.ini


< [1998/03/25 19:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll >
Invalid Switch: 25 19:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll



< ========== LOP Check ========== >
Invalid Switch: color]



< [2013/05/09 10:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Babylon >
Invalid Switch: 09 10:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Babylon


< [2012/11/14 10:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer >
Invalid Switch: 14 10:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer


< [2012/11/21 05:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software >
Invalid Switch: 21 05:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software


< [2013/11/13 05:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGM >
Invalid Switch: 13 05:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGM


< [2013/01/23 04:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign >
Invalid Switch: 23 04:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign


< [2012/11/21 05:13:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files >
Invalid Switch: 21 05:13:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files


< [2012/07/17 06:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage >
Invalid Switch: 17 06:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage


< [2014/02/25 04:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData >
Invalid Switch: 25 04:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData


< [2012/10/19 03:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache >
Invalid Switch: 19 03:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache


< [2011/12/19 11:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage >
Invalid Switch: 19 11:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage


< [2013/07/24 07:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer >
Invalid Switch: 24 07:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer


< [2013/09/19 07:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP >
Invalid Switch: 19 07:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP


< [2013/01/16 09:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer >
Invalid Switch: 16 09:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer


< [2014/02/27 04:23:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\BitGuard.job >
Invalid Switch: 27 04:23:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\BitGuard.job


< [2013/01/23 04:09:57 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\ROC_REG_JAN_DELETE.job >
Invalid Switch: 23 04:09:57 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\ROC_REG_JAN_DELETE.job



< ========== Purity Check ========== >
Invalid Switch: color]




< < End of report > >

< End of report >



I hope this helps

regds

K

[Machiavelli]

===== > Step 1: OTLPE Fix < =====

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

• Insert your USB drive with fix.txt on it
• Start OTLPE
• Drag and drop fix.txt into the Custom scans and fixes box
• If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done to normal mode if possible
• Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

===== > Step 2: OTL Quickscan < ======

Please start again in normal mode.

• Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
• Click Quick Scan to start OTL.
• When OTL finishes scanning, a logs, OTL.txt will open.
• Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

 

How is the PC running?

Attached Files

•  fix.txt   2.36KB   127 downloads

[Machiavelli]

Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Please forget this point. Sorry for the confusion.

[kelvinb]

Hello again



unable to run OTL in normal windows XP

rescanned via OTLP boot disk.

Unchecked boxes as described but when scan commences ticks re appear ??? thought I would let you know







OTL logfile created on: 2/27/2014 3:10:24 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 790.00 Mb Available Physical Memory | 78.00% Memory free
903.00 Mb Paging File | 818.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.61 Gb Total Space | 1.64 Gb Free Space | 8.80% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2014/02/10 06:35:22 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/10/03 09:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/12/16 15:09:34 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Auto] -- C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (smwdm)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (aeaudio)
DRV - [2014/02/10 06:35:40 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/02/10 06:35:40 | 000,155,704 | ---- | M] (Trusteer Ltd.) [Kernel | System] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/02/10 06:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/12/13 03:01:17 | 000,340,432 | ---- | M] () [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2012/11/28 10:42:28 | 000,136,520 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bkrwbus.sys -- (bkrwbus)
DRV - [2012/11/28 10:42:28 | 000,083,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bkrwbk.sys -- (bkrwbk)
DRV - [2012/06/11 08:17:44 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012/06/11 08:17:44 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/08/17 03:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/08/17 03:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2001/08/17 07:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\TEMP_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 0.0.0.0
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2014/02/27 14:11:53 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2014/02/27 14:11:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/25 16:44:12 | 000,000,000 | ---D | C] -- C:\FRST
[2014/02/25 08:00:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2014/02/25 05:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Sage
[2014/02/25 04:58:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Trusteer
[2014/02/25 04:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Google
[2014/02/25 04:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\MFAData
[2014/02/25 03:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Trusteer
[2014/02/25 03:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TEMP\Local Settings\Application Data\Microsoft
[2014/02/10 06:35:40 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2010/02/09 06:32:16 | 000,184,320 | R--- | C] ( ) -- C:\WINDOWS\System32\SgE.interop.MSXML2.dll
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/27 09:34:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/27 09:34:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\BitGuard.job
[2014/02/27 09:32:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/27 03:45:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1214440339-1644491937-500UA.job
[2014/02/26 08:45:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1214440339-1644491937-500Core.job
[2014/02/25 09:28:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/02/25 05:03:35 | 000,000,679 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2014/02/25 04:41:00 | 000,161,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/02/24 10:40:24 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2014/02/24 06:38:27 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2014/02/24 03:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
[2014/02/18 06:04:31 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2014/02/14 13:04:14 | 000,541,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/14 13:04:14 | 000,096,742 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/14 12:23:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/10 06:35:40 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/25 08:48:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/04 10:56:28 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2013/06/17 12:52:21 | 000,000,096 | ---- | C] () -- C:\WINDOWS\CPS.INI
[2013/03/12 04:39:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2013/03/07 04:23:37 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/01 05:42:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/02/21 10:08:15 | 000,000,062 | ---- | C] () -- C:\WINDOWS\Trick.INI
[2011/12/16 06:42:23 | 000,000,679 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/12/16 05:32:41 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2011/12/15 11:04:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/15 10:56:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/15 10:31:45 | 000,004,629 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/15 10:30:23 | 000,161,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/09 06:33:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SgELauncher.dll
[2010/02/09 06:33:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\SgEData.dll
[2009/12/24 07:11:10 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\SGList32.dll
[2009/12/24 07:11:04 | 000,278,528 | ---- | C] () -- C:\WINDOWS\System32\SGTool32.dll
[2009/12/24 07:11:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGIntl32.dll
[2009/12/24 07:10:58 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHelp32.dll
[2009/12/24 07:10:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDt32.dll
[2009/12/24 07:10:52 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXml.dll
[2009/12/24 07:10:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeXP.dll
[2009/12/24 07:10:40 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeDefault.dll
[2009/12/24 07:10:34 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\SGSchemeManager.dll
[2009/12/24 07:10:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\SGCom32.dll
[2009/12/24 07:09:52 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGSTDREG.dll
[2009/12/24 07:09:48 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\SGRegister.dll
[2009/12/24 07:09:44 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2009/07/27 10:15:32 | 000,001,205 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[2008/12/22 05:28:06 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2008/12/01 10:37:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SageEventHandler.exe
[2008/12/01 10:36:12 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2008/12/01 10:36:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2008/12/01 10:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2008/12/01 10:36:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2008/12/01 10:36:00 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2008/12/01 10:35:56 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2008/12/01 10:35:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2008/12/01 10:35:34 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,541,014 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,096,742 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/11/01 11:41:24 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2006/11/01 11:41:16 | 001,712,128 | ---- | C] () -- C:\WINDOWS\System32\SGRep32.dll
[2005/08/23 08:12:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\SDOApp.dll
[2005/08/22 03:32:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\REPDES32.EXE
[2005/04/15 11:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 11:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/04/16 06:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv

========== LOP Check ==========

[2012/11/14 10:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2012/11/21 05:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2013/11/13 05:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGM
[2012/11/21 05:13:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/17 06:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2014/02/25 04:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/10/19 03:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011/12/19 11:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
[2013/01/16 09:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2014/02/27 09:34:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\BitGuard.job

========== Purity Check ==========


< End of report >


thanks again

M

[Machiavelli]

Please go into the BIOS (by tapping F2 at the beginning of booting the PC up) and tell me whether your hard drive is set to sata or ide.

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

• Click on the Start button , click on search and in the text box, type Command Prompt
• When you see Command Prompt on the list, Run it.
• When command prompt opens, copy and paste the following commands into it, press enter after each
  
  chkdsk C: /r
  
  

Tell me how the computer is now behaving. Do you have a Windows XP Disc. Me maybe have to do a complete reinstall of the system.

[kelvinb]

Hello Again

bios shows IDE setting



when I open search window as described and enter 'Command Prompt' I get the 'Send an Error Report' message flash up on screen I hit cancel then whole page disappears. So I cant do chkdsk from there

However I do have a Dell XP reinstallation CD SP3 and can get into repair ( ??? ) section when booted up using this CD and I can enter CHKDSK in DOS(????) mode from there but what I read means nothing sorry.......

If I attempt to ' reinstall' Windows from this disk I am fearful I will loose everything saved on this machine.


Thanks for your help so far

back to you

regards

K