Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Had various viruses, am I now clean? [Solved]


  • This topic is locked This topic is locked

#31
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks. Let's see if we can the i386 folder from your XP MCE disk to the hard drive. Then we will tell SFC to look there when running the scan.


Step-1.

  • Insert the Windows disc into your CD\DVD drive.
  • If you get a "Welcome Screen", press Cancel.
  • Click Start, then click My Computer.
  • Right-click your CD\DVD drive icon and select Explore. This opens the root of the Windows setup disc.
  • Right-click the i386 folder and select Copy.
  • Close the CD drive window.
  • Click Start, then My Computer
  • Right click the C:\ drive and click Explore. This opens the root folder on the C:\ drive.
  • Right click an empty space in the right pane and click Paste. This will put a cpoy of the i386 folder in the root folder (C:\) of the hard drive.
  • Right click the i386 folder and click Properties.
  • In the properties window look for the Size: entry and tell me how big the folder is in MB.
  • Look for the Contains: entry and tell me how many files/folders it contains.

Step-2

I want a quick OTL scan to look at the Registry keys we are gonna need to manipulate. This will be an abbreviated scan like the last one.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
set /c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion


2. Re-open Posted Imageon the desktop. To do that:
  • XP users: Double click on the OTL icon.
Make sure all other windows are closed.
  • Click greyed out None button at the top of the console<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know if you were able to successfully copy the i386 folder from the CD to the hard drive. How big it is and how many files and folders it contains.
2. The new OTL.txt log
  • 0

Advertisements


#32
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts
Okay.... I am back home and have followed your instructions.

1) I copied the i386 folder successfully. The size is 534 MB (size on disk 549 MB) and it contains 6879 Files,
153 Folders.

2)
OTL SCAN

OTL logfile created on: 17/03/2014 20:32:12 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 78.41% Memory free
5.34 Gb Paging File | 4.72 Gb Available in Paging File | 88.51% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 328.46 Gb Free Space | 70.52% Space Free | Partition Type: NTFS
Drive D: | 148.99 Gb Total Space | 48.02 Gb Free Space | 32.23% Space Free | Partition Type: NTFS
Drive I: | 2.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-0868A33E33 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Custom Scans ==========

< set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
asl.log=Destination=file
CLASSPATH=.;C:\Program Files\Java\jre7\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-0868A33E33
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\USER-0868A33E33
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
QTJAVA=C:\Program Files\Java\jre7\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERDOMAIN=USER-0868A33E33
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
windir=C:\WINDOWS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup >
"DriverCachePath" = %SystemRoot%\Driver Cache -- [2013/06/01 09:46:35 | 000,000,000 | ---D | M]
"BootDir" = C:\ -- [2014/03/17 20:32:50 | 000,000,000 | ---D | M]
"PrivateHash" = 7A 8A E4 ED DD F1 79 DC 8A B3 B1 46 38 4E 1C 52 [binary data]
"Installation Sources" = I:\ [binary data]
"SourcePath" = I:\ -- File not found
"ServicePackSourcePath" = c:\windows\ServicePackFiles -- [2013/06/01 11:15:21 | 000,000,000 | ---D | M]
"CDInstall" = 1
"LogLevel" = 0
"ServicePackCachePath" = c:\windows\ServicePackFiles\ServicePackCache -- [2013/06/01 11:17:32 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\BaseWinOptions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures]

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion >
"SubVersionNumber" =
"CurrentBuild" = 1.511.1 () (Obsolete data - do not use)
"InstallDate" = 1370083837
"ProductName" = Microsoft Windows XP
"RegDone" =
"RegisteredOrganization" =
"RegisteredOwner" = User -- [2004/08/10 12:00:00 | 000,047,872 | ---- | M] (Microsoft Corporation)
"SoftwareType" = SYSTEM
"CurrentVersion" = 5.1
"CurrentBuildNumber" = 2600
"BuildLab" = 2600.xpsp_sp3_qfe.130704-0421
"CurrentType" = Multiprocessor Free
"CSDVersion" = Service Pack 3
"SystemRoot" = C:\WINDOWS -- [2014/03/17 10:35:50 | 000,000,000 | ---D | M]
"SourcePath" = I:\I386 -- [2006/07/06 18:20:57 | 000,000,000 | R--D | M]
"PathName" = C:\WINDOWS -- [2014/03/17 10:35:50 | 000,000,000 | ---D | M]
"ProductId" = 76487-OEM-0081937-11439
"DigitalProductId" = A4 00 00 00 03 00 00 00 37 36 34 38 37 2D 4F 45 4D 2D 30 30 38 31 39 33 37 2D 31 31 34 33 39 00 2D 00 00 00 41 32 32 2D 30 30 30 30 31 00 00 00 00 00 00 00 9E 66 AB E1 39 21 D6 59 2E 9A C4 53 10 4C 02 00 00 00 00 00 87 EB A9 51 DE DD 03 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 32 35 32 31 00 00 00 00 00 00 00 D1 0E 00 00 E7 CE E3 DC 00 08 00 00 AF 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3C 35 9E F7 [Binary data over 200 bytes]
"LicenseInfo" = E7 11 EA 26 F3 4F CD A5 D2 57 B7 5E 07 AB 61 4F E1 42 3C 0D 84 85 54 7E E3 0C AD 00 E3 4B 1C A8 61 A4 4B 11 99 F5 B4 00 31 95 B2 0E 67 6C C6 C1 81 94 24 E4 3A 63 8C AF [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ELK]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Embedding]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Event Viewer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\File Manager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontDPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IMM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\KnownFunctionTableDlls]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\KnownManagedDebuggingDlls]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LastFontSweep]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI Extensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Midimap]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ModuleCompatibility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\related.desc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Type 1 Installer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WOW]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WUDF]

< End of report >

I hope this is what you wanted.

Chris.
  • 0

#33
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I hope your trip was a good one.
That was it, thanks. I see the registry values that we need to change, but first we will back up these Registry keys.
If you don't understand anything, stop and ask.

  • Click the Start button and then click Run.
  • In the Open box, type regedit and click the OK button. The Registry editor will open.
  • Click the + beside HKEY_LOCAL_MACHINE
  • Click the + beside SOFTWARE
  • Click the + beside Microsoft
  • Click the + beside Windows
  • Click the + beside CurrentVersion
  • Look for the Setup key.
  • Right click the key and click Export on the context menu. The Export Registry File window will open.
  • In the left column, click Desktop. This will put the Desktop in the Save in: box
  • In the File name: box type setupbak
  • Make sure the Save as type: shows Registration Files (*.reg) and click the Save button. This will put a new registry file on the desktop named setupbak.reg
  • Click the + beside Windows to collapse that branch.
  • Click the + beside CurrentVersion to collapse that branch.

    NEXT:
  • Find the WindowsNT key and click the + beside it.
  • Right click the CurrentVersion key and click Export from the context menu. The Export Registry File window will open.
  • Click the Desktop in the left column.
  • In the File name: box type currentversionbak
  • Make sure the Save as type: shows Registration Files (*.reg) and click the Save button. This will put a new registry file on the desktop named currentversionbak.reg

    NEXT:
    Look on the desktop and make sure the .reg files are there.

    NEXT:
  • Click the CurrentVersion key. You will see a bunch of values fill the right pane.
  • Find the SourcePath value and double click it. The Edit String window will open.
  • Under Value data: change the I:\I386 data to C:\ and click the OK button.
  • Click the + next to Windows NT to collapse that branch.

    NEXT:
  • Scroll back up to the Windows key and click the + next to it to expand the branch.
  • Click the + next to CurrentVersion
  • Scroll down to the Setup key and click it. The right pane will fill with values again.
  • Find the SourcePath value and double click it. The Edit String window will open.
  • In the Value data: box, change the I:\ data to C:\ and click the OK button.
  • Find the CDInstall value and double click it. The Edit String window will open.
  • In the Value data: box, change the 1 data to 0 (that's the number 0, not the letter O) and click the OK button.
  • Close the Registry Editor and reboot the computer

Run SFC

  • Click on Start , then click Run...
  • Type in SFC /Scannow <--- Make sure to leave a space between SFC and the forward slash.
  • Click on OK
  • System File Checker will now scan all protected files to verify their versions.

    Note: This will take some time. You shouldn't get the message to install the setup CD now, if you do just click retry (may have to several times) and see if it can finish.
  • When the scan has finished you should get one of the following messages in the Command window:
    • Windows Resource Protection did not find any integrity violations.
    • Windows Resource Protection could not perform the requested operation.
    • Windows Resource Protection found corrupt files and successfully repaired them.
    • Windows Resource Protection found corrupt files but was unable to fix some of them.
  • Write down the results of the scan so you can post in your next reply.
  • Type exit and press the ENTER key to close the command window.

  • 0

#34
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts
Hello again!

Bad news, I am afraid..... I followed your instructions as carefully as possible - and the two files setupbak.reg and currentversionbak.reg are on the desktop. However, when I tried to run SFC I got the message: 'Files that are required for Windows to run properly must be copied to the DLL.Cache. Insert your Windows XP Professional Service Pack 3 CD now.' I clicked retry - many times - but got the message: 'The CD you provided is the wrong CD. Please insert the Windows XP Professional Service Pack 3 CD into your CD-Rom drive.' (There was, of course, no CD in the drive.)

I have no idea what I did wrong!!!!!

Chris.

Edited by Channeal, 20 March 2014 - 04:48 AM.

  • 0

#35
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let's get a look at the registry keys. This will be an abbreviated scan like the last one.

Step-2

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion


2. Re-open Posted Imageon the desktop. To do that:
  • XP users: Double click on the OTL icon.
Make sure all other windows are closed.
  • Click greyed out None button at the top of the console<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know how the computer is running.
2. The OTL.txt log
  • 0

#36
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts
Thanks for your last message. I am sorry that both me and my computer seem to be - albeit inadvertently - causing you a lot of trouble!

1) The computer has actually been behaving very well.... although it threw a bit of a wobbly yesterday! I did the registry editing bit and restarted and all seemed fine. I then had to go out for a while, so I turned the computer off. When I came back, I turned it on and left the room for about 5 mins while it was starting up. When I came back, all I had was a dark screen.... although I could see that the light was on on the tower. I eventually turned off at the switch and restarted - and it hung up on just the wallpaper again.... although the icons did eventually appear by themselves. I am a bit confused about what the cause of all this was, as after that it seemed to go onto the black screen again every time the computer was idle (moving the mouse had no effect). In the end, I surmised that maybe it was to do with the monitor as tuning this on and off seemed to bring everything back again. I think the light was still on on the monitor though and I don't think the screen looked as if was completely turned off. Maybe it was just being very slow in responding to the mouse being moved.

So far today, everything seems back to normal again!

2)The OTL log.

OTL logfile created on: 20/03/2014 16:01:43 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 82.10% Memory free
5.34 Gb Paging File | 4.84 Gb Available in Paging File | 90.72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 326.97 Gb Free Space | 70.20% Space Free | Partition Type: NTFS
Drive D: | 148.99 Gb Total Space | 48.02 Gb Free Space | 32.23% Space Free | Partition Type: NTFS

Computer Name: USER-0868A33E33 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup >
"DriverCachePath" = %SystemRoot%\Driver Cache -- [2013/06/01 09:46:35 | 000,000,000 | ---D | M]
"BootDir" = C:\ -- [2014/03/20 11:06:04 | 000,000,000 | ---D | M]
"PrivateHash" = 7A 8A E4 ED DD F1 79 DC 8A B3 B1 46 38 4E 1C 52 [binary data]
"Installation Sources" = I:\ [binary data]
"SourcePath" = C:\ -- [2014/03/20 11:06:04 | 000,000,000 | ---D | M]
"ServicePackSourcePath" = c:\windows\ServicePackFiles -- [2013/06/01 11:15:21 | 000,000,000 | ---D | M]
"CDInstall" = 0
"LogLevel" = 0
"ServicePackCachePath" = c:\windows\ServicePackFiles\ServicePackCache -- [2013/06/01 11:17:32 | 000,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\BaseWinOptions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OOBE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures]

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion >
"SubVersionNumber" =
"CurrentBuild" = 1.511.1 () (Obsolete data - do not use)
"InstallDate" = 1370083837
"ProductName" = Microsoft Windows XP
"RegDone" =
"RegisteredOrganization" =
"RegisteredOwner" = User -- [2004/08/10 12:00:00 | 000,047,872 | ---- | M] (Microsoft Corporation)
"SoftwareType" = SYSTEM
"CurrentVersion" = 5.1
"CurrentBuildNumber" = 2600
"BuildLab" = 2600.xpsp_sp3_qfe.130704-0421
"CurrentType" = Multiprocessor Free
"CSDVersion" = Service Pack 3
"SystemRoot" = C:\WINDOWS -- [2014/03/20 15:42:23 | 000,000,000 | ---D | M]
"SourcePath" = C:\ -- [2014/03/20 11:06:04 | 000,000,000 | ---D | M]
"PathName" = C:\WINDOWS -- [2014/03/20 15:42:23 | 000,000,000 | ---D | M]
"ProductId" = 76487-OEM-0081937-11439
"DigitalProductId" = A4 00 00 00 03 00 00 00 37 36 34 38 37 2D 4F 45 4D 2D 30 30 38 31 39 33 37 2D 31 31 34 33 39 00 2D 00 00 00 41 32 32 2D 30 30 30 30 31 00 00 00 00 00 00 00 9E 66 AB E1 39 21 D6 59 2E 9A C4 53 10 4C 02 00 00 00 00 00 87 EB A9 51 DE DD 03 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 32 35 32 31 00 00 00 00 00 00 00 D1 0E 00 00 E7 CE E3 DC 00 08 00 00 AF 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3C 35 9E F7 [Binary data over 200 bytes]
"LicenseInfo" = E7 11 EA 26 F3 4F CD A5 D2 57 B7 5E 07 AB 61 4F E1 42 3C 0D 84 4A 72 C1 53 1F 32 EA 13 83 FC 86 8E 48 FA BE 01 4C B7 3E 5F 3B 66 43 A0 22 1D 2F 39 00 45 EA C2 AB 39 59 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Console]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ELK]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Embedding]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Event Viewer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\File Manager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontDPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IMM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\KnownFunctionTableDlls]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\KnownManagedDebuggingDlls]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LastFontSweep]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI Extensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MCI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Midimap]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ModuleCompatibility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\related.desc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Type 1 Installer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Wdf]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WOW]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WPAEvents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WUDF]

< End of report >

Thanks again,
Chris.

Edited by Channeal, 20 March 2014 - 10:30 AM.

  • 0

#37
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I am sorry that both me and my computer seem to be - albeit inadvertently - causing you a lot of trouble!

No need to apologize. I'm sorry that you are having this issue.

You are using the Imagic50_1.bmp file as your desktop background. Try changing the desktop wallpaper to another file and see if it still gets hung up.

Click this link: http://www.homeandle...C//bcs1p11.html for a tutorial on how to do that.

I am a bit confused about what the cause of all this was, as after that it seemed to go onto the black screen again every time the computer was idle (moving the mouse had no effect). In the end, I surmised that maybe it was to do with the monitor as tuning this on and off seemed to bring everything back again. I think the light was still on on the monitor though and I don't think the screen looked as if was completely turned off. Maybe it was just being very slow in responding to the mouse being moved.

This could be anything from a corrupted file to the monitor dying. This is one of the reasons I wanted to get SFC to run.
The registry keys show the info that I asked you to add. So I don't know why it isn't working. I'm gonna ask a colleague with more system knowledge to take a look. It might take them a couple of days to get back to me.
In the mean time let's check the Device manager and see if any devices are having problems.

Open the Device Manager

  • Click Start, then Run..., the Run dialoge box will open. In the Open box type the following and then press the Enter key or click the OK button:

    devmgmt.msc

    The Windows Device Manager should display immediately.

    Posted Image
  • If there are any Yellow question marks / exclamation points or Red X's let me know what device they are on or post a screen shot of the list.

I also want to get one final scan OTL to make sure the system is still clean.

Please open OTL on the desktop and click the Quick Scan button and let's
Post the resulting OTL.txt log


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know what the Device manager showed.
2. The OTL.txt log
  • 0

#38
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts
It's me again!

I certainly have got a well-scanned problems.... even if there are a few mischievous gremlins living in it! :-)

I changed the wallpaper to one of the Windows ones. I also checked in Device Manager for yellow exclamation marks and there were none.

Actually I was already aware about yellow exclamation marks and had previously checked for them to see if there was one by any of the sound controllers, because of the intermittant problem with loud background noise when playing music. This problem still occurs occasionally... but is usually resolved by restarting the computer.

The problem with the screen going blank when the computer is idle has been happening again this afternoon. When the computer is idle and the screen goes blank, moving the mouse does not have the usual effect of bringing everything back. The power light remains lit on the monitor. If I turn the monitor switch on and off, this usually brings everything back to normal though.

1) As mentioned above, there were no problems showing up in Device Manager.

2)OTL Scan

OTL logfile created on: 20/03/2014 20:12:58 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 79.10% Memory free
5.34 Gb Paging File | 4.75 Gb Available in Paging File | 89.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 327.10 Gb Free Space | 70.23% Space Free | Partition Type: NTFS
Drive D: | 148.99 Gb Total Space | 48.02 Gb Free Space | 32.23% Space Free | Partition Type: NTFS

Computer Name: USER-0868A33E33 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/15 15:52:00 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/03/15 15:52:00 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/02/24 23:35:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2014/02/22 14:43:03 | 000,253,952 | ---- | M] (Dell) -- C:\Documents and Settings\User\Local Settings\Apps\2.0\EP0VAQM6.NL6\RY7M30ZQ.GD2\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe
PRC - [2014/02/14 23:07:51 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
PRC - [2014/02/13 13:09:50 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/13 13:09:50 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/11 14:21:32 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013/10/31 11:35:30 | 000,449,760 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2009/10/20 09:35:52 | 000,144,672 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/12/12 09:46:54 | 000,020,480 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2006/12/12 09:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/12/12 09:43:58 | 000,842,240 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2005/07/22 19:45:16 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
PRC - [2005/06/27 17:05:06 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
PRC - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcdcoms.exe
PRC - [2005/03/22 16:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/19 14:18:43 | 002,189,312 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14031901\algo.dll
MOD - [2014/02/13 14:30:55 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7e310942e6e9a5d623e003130ec3d9bd\System.Transactions.ni.dll
MOD - [2014/02/13 14:30:10 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\78e7a4c3acd1a345c4ef1f73ff48a1dd\System.EnterpriseServices.ni.dll
MOD - [2014/02/13 14:29:58 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7e59f98afa4214b3bee9273cf50d2b0\System.Deployment.ni.dll
MOD - [2014/02/13 14:27:17 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/13 01:03:11 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/02/13 01:02:44 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/13 00:58:34 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/13 00:58:19 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/13 00:57:37 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/13 00:56:52 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\af8afdcab485e00a04b18ed487981f3d\System.Data.ni.dll
MOD - [2014/02/13 00:56:02 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5d060f9be1d1e717d64643941241a202\PresentationFramework.Royale.ni.dll
MOD - [2014/02/13 00:55:30 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dad6af4d4f3b92adf0497c5ec9565236\PresentationFramework.ni.dll
MOD - [2014/02/13 00:54:41 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
MOD - [2014/02/13 00:54:01 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
MOD - [2014/02/13 00:53:19 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/13 00:52:59 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014/02/06 00:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/06 00:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/03 10:29:53 | 001,125,592 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/12/10 19:11:27 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/09/13 10:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/07/05 09:47:28 | 000,607,232 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2013/05/20 11:58:08 | 000,620,718 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
MOD - [2013/01/02 06:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/04/30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/07/07 13:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/10/20 09:36:04 | 000,086,304 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\AddressBookCore.dll
MOD - [2009/10/20 09:35:52 | 000,144,672 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe
MOD - [2009/10/20 09:13:56 | 000,147,456 | ---- | M] () -- C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\en-US\ReminderApp.resources.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/11/08 19:30:00 | 000,003,072 | ---- | M] () -- C:\WINDOWS\CTXFIRES.DLL
MOD - [2005/06/27 17:05:06 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
MOD - [2005/06/22 06:35:12 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdHPEC.DLL
MOD - [2005/06/22 06:35:10 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdFLIB.DLL
MOD - [2005/06/21 20:27:02 | 001,183,744 | ---- | M] () -- C:\WINDOWS\system32\dlcdserv.dll
MOD - [2005/06/21 20:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcdlmpm.dll
MOD - [2005/06/21 20:19:48 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\dlcdpplc.dll
MOD - [2005/06/21 20:19:48 | 000,114,688 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdpplc.dll
MOD - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcdcoms.exe
MOD - [2005/06/21 20:18:58 | 000,704,512 | ---- | M] () -- C:\WINDOWS\system32\dlcdcomc.dll
MOD - [2005/06/21 20:18:58 | 000,704,512 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcomc.dll
MOD - [2005/06/21 20:18:24 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\dlcdprox.dll
MOD - [2005/06/21 20:12:48 | 001,134,592 | ---- | M] () -- C:\WINDOWS\system32\dlcdusb1.dll
MOD - [2005/06/06 15:59:00 | 000,065,536 | R--- | M] () -- C:\WINDOWS\system32\dlcdcfg.dll
MOD - [2005/06/06 15:59:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dlcdcfg.dll
MOD - [2005/06/06 15:59:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll
MOD - [2005/05/17 22:17:52 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcnv4.dll
MOD - [2005/04/28 13:43:08 | 000,122,880 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcddrec.dll


========== Services (SafeList) ==========

SRV - [2014/03/19 10:35:22 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/15 15:52:00 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/02/24 21:17:13 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/13 13:09:50 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/06/21 20:19:38 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\dlcdcoms.exe -- (dlcd_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/03/15 15:52:14 | 000,155,704 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/03/15 15:52:14 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2014/03/15 15:52:12 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/02/13 13:10:42 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmonflt.sys -- (aswMonFlt)
DRV - [2014/02/13 13:09:55 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/02/13 13:09:55 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/02/13 13:09:55 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/02/13 13:09:55 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2014/01/04 21:54:38 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/10 19:11:34 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/12/10 19:10:22 | 000,026,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/10/28 09:07:10 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2007/06/18 02:01:28 | 000,514,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2006/12/19 07:36:54 | 001,160,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/12/19 07:36:46 | 000,090,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/12/19 07:36:42 | 000,156,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/12/19 07:36:36 | 000,014,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/12/19 07:36:32 | 000,128,312 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/12/19 07:35:40 | 000,511,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/16 14:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/07/13 16:18:00 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}
IE - HKCU\..\SearchScopes\{3C257AE1-CE4F-C414-2C5F-4428CE0F9F17}: "URL" = http://www.google.co...1I7SAVV_enGB539
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2013.75
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/13 13:09:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/06/03 17:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2014/03/19 10:34:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/19 10:35:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/13 13:09:58 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/06/03 08:51:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://uk.my.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2014/02/17 18:24:08 | 000,450,613 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe 8.0\ReminderApp.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DellSystemDetect] C:\Documents and Settings\User\Local Settings\Apps\2.0\EP0VAQM6.NL6\RY7M30ZQ.GD2\dell..tion_0f612f649c4a10af_0005.0005_9914611622934cec\DellSystemDetect.exe (Dell)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1370086580859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1370086717752 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10191BB2-FF37-48CA-833D-6764C0A4FA75}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/06/01 10:48:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/01/03 01:01:23 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/19 10:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/03/17 20:19:09 | 000,000,000 | ---D | C] -- C:\I386
[2014/03/15 15:52:14 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/03/13 11:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\FRST-OlderVersion
[2014/03/07 17:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2014/03/07 17:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/03/07 17:40:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/03/07 17:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/03/06 21:05:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/03/06 21:04:22 | 001,037,734 | ---- | C] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2014/03/06 20:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\logs
[2014/03/06 14:54:34 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/06 14:49:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/06 13:35:57 | 001,145,856 | ---- | C] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2014/03/06 13:34:41 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\User\Desktop\mbam-clean-1.60.2.0003.exe
[2014/03/02 15:12:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2014/02/28 17:44:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/24 23:35:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/02/24 22:09:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2014/02/24 18:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Dell Diagnostic Scan Results
[2014/02/24 18:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\RK Logs
[2014/02/24 16:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\KasperskyScanResults_files
[2014/02/20 18:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\RK_Quarantine
[2014/02/20 18:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\tdsskiller
[2014/02/20 17:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Old Firefox Data
[2014/02/20 10:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\mbar
[2014/02/19 22:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/20 20:13:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/20 19:59:00 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2014/03/20 19:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/20 15:39:43 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/03/20 15:37:57 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/20 15:37:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/20 11:37:17 | 000,064,756 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/03/20 11:37:17 | 000,054,328 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/03/20 11:37:17 | 000,054,328 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
[2014/03/20 11:37:17 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2014/03/20 11:37:17 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2014/03/20 09:33:05 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/19 13:23:37 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2014/03/19 10:49:46 | 004,633,644 | ---- | M] () -- C:\Documents and Settings\User\Desktop\currentversionbak.reg
[2014/03/19 10:42:39 | 000,028,294 | ---- | M] () -- C:\Documents and Settings\User\Desktop\setupbak.reg
[2014/03/18 11:15:04 | 000,127,488 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/15 22:19:56 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/03/15 15:52:14 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/03/13 15:16:17 | 000,329,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/13 15:05:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/03/13 11:28:51 | 001,145,856 | ---- | M] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2014/03/09 13:38:44 | 000,987,442 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2014/03/07 17:40:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/06 21:04:25 | 001,037,734 | ---- | M] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2014/03/06 13:34:43 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\User\Desktop\mbam-clean-1.60.2.0003.exe
[2014/03/04 12:37:06 | 000,064,106 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Page.mht
[2014/03/03 20:42:51 | 001,244,192 | ---- | M] () -- C:\Documents and Settings\User\Desktop\AdwCleaner.exe
[2014/02/27 12:08:25 | 000,128,509 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HtmlReport.zip
[2014/02/27 12:03:29 | 374,838,127 | ---- | M] () -- C:\Documents and Settings\User\Desktop\BHACHS Newsletter and Chronicle nos.1-50.pdf
[2014/02/26 22:58:58 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Excel.lnk
[2014/02/25 14:04:14 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\User\Desktop\GeeksToGo.url
[2014/02/25 10:13:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/02/25 04:02:09 | 000,000,520 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2014/02/24 23:35:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/02/24 22:56:18 | 003,818,496 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2014/02/24 20:22:02 | 132,325,736 | ---- | M] () -- C:\Documents and Settings\User\Desktop\setup_11.0.1.1245.x01_2014_02_24_23_41.exe
[2014/02/24 18:55:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2014/02/20 18:29:27 | 004,102,163 | ---- | M] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2014/02/19 22:37:01 | 000,035,528 | ---- | M] () -- C:\Documents and Settings\User\Desktop\cc_20140219_223641.reg
[4 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/19 10:49:46 | 004,633,644 | ---- | C] () -- C:\Documents and Settings\User\Desktop\currentversionbak.reg
[2014/03/19 10:42:39 | 000,028,294 | ---- | C] () -- C:\Documents and Settings\User\Desktop\setupbak.reg
[2014/03/13 15:05:33 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2014/03/09 13:38:38 | 000,987,442 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2014/03/07 17:40:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/03 20:42:45 | 001,244,192 | ---- | C] () -- C:\Documents and Settings\User\Desktop\AdwCleaner.exe
[2014/02/27 12:08:25 | 000,128,509 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HtmlReport.zip
[2014/02/27 11:57:11 | 374,838,127 | ---- | C] () -- C:\Documents and Settings\User\Desktop\BHACHS Newsletter and Chronicle nos.1-50.pdf
[2014/02/25 14:02:47 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\User\Desktop\GeeksToGo.url
[2014/02/24 22:56:16 | 003,818,496 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2014/02/24 20:14:29 | 132,325,736 | ---- | C] () -- C:\Documents and Settings\User\Desktop\setup_11.0.1.1245.x01_2014_02_24_23_41.exe
[2014/02/24 18:55:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBR.dat
[2014/02/20 18:29:01 | 004,102,163 | ---- | C] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2014/02/19 22:36:53 | 000,035,528 | ---- | C] () -- C:\Documents and Settings\User\Desktop\cc_20140219_223641.reg
[2014/02/17 22:25:54 | 000,000,079 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/01/16 17:04:46 | 000,109,782 | ---- | C] () -- C:\WINDOWS\CopernicAgentUninstall.exe
[2013/12/16 01:15:04 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/09/18 20:51:46 | 001,510,494 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Imagic50_1.bmp
[2013/09/18 20:51:42 | 001,510,494 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Imagic50.bmp
[2013/09/09 20:10:07 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SingleViewer.INI
[2013/09/06 20:45:22 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2013/08/15 15:59:21 | 000,001,575 | ---- | C] () -- C:\Documents and Settings\User\.recently-used.xbel
[2013/07/22 14:06:40 | 000,077,076 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/07/18 23:02:01 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2013/07/18 23:01:23 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlcdpmui.dll
[2013/07/18 23:01:23 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2013/07/18 23:01:22 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlcdih.exe
[2013/07/18 23:01:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2013/07/18 23:01:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2013/07/18 23:01:21 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlcdusb1.dll
[2013/07/18 23:01:21 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcdlmpm.dll
[2013/07/18 23:01:21 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomm.dll
[2013/07/18 23:01:21 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.exe
[2013/07/18 23:01:21 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcdpplc.dll
[2013/07/18 23:01:20 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcdhbn3.dll
[2013/07/18 23:01:20 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomc.dll
[2013/07/18 23:01:20 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcdcoms.exe
[2013/07/18 23:01:20 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdprox.dll
[2013/07/18 23:01:19 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcdserv.dll
[2013/07/18 23:01:18 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2013/07/18 23:01:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2013/07/18 23:01:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2013/07/18 23:01:16 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2013/07/18 23:01:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2013/07/18 23:01:15 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2013/06/20 21:48:57 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/06/20 21:48:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/06/20 21:48:57 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2013/06/07 13:17:02 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2013/06/07 13:17:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2013/06/05 23:34:36 | 001,614,242 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-220523388-1979792683-1801674531-1003-0.dat
[2013/06/05 23:34:36 | 000,311,730 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/04 18:37:37 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\B39A30FC39.sys
[2013/06/04 18:37:36 | 000,002,828 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2013/06/04 16:05:51 | 000,127,488 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/04 15:05:22 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2013/06/03 20:37:05 | 000,180,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/06/03 20:37:04 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/06/01 12:02:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/06/01 10:50:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/06/01 10:44:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/06/01 10:02:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/06/01 09:59:12 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2013/06/01 10:44:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/04/16 21:18:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/02/11 13:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/10 19:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/02/24 19:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/02/20 17:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Internet Helper Anti-phishing
[2013/06/03 10:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2014/02/20 15:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2013/09/13 10:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2013/09/06 21:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOIK
[2013/06/10 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2013/06/11 16:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auslogics
[2013/12/11 11:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVAST Software
[2014/01/16 17:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Copernic
[2013/12/03 17:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2013/08/15 15:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\gtk-2.0
[2013/09/06 21:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Imagic507N
[2013/07/01 14:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2013/09/13 13:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
[2013/06/05 22:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PCDr
[2013/09/13 12:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2014/02/11 14:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spotify
[2013/06/04 17:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2014/03/12 13:19:36 | 000,014,698 | ---- | M] ()(C:\Documents and Settings\User\Desktop\??t? t? Saßßat?????a??.docx) -- C:\Documents and Settings\User\Desktop\Αυτό το Σαββατοκύριακο.docx
[2014/03/12 13:19:35 | 000,014,698 | ---- | C] ()(C:\Documents and Settings\User\Desktop\??t? t? Saßßat?????a??.docx) -- C:\Documents and Settings\User\Desktop\Αυτό το Σαββατοκύριακο.docx

< End of report >

Thanks for asking advice from your colleague. I'll wait to hear from you when he gets back to you. No hurry.... I will be pleased to have a rest from all this stuff!!!!!!

Chris.
  • 0

#39
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I don't see anything new in the log.
Do you know what this file on the desktop is:?

Συνάντησα την Ειρήνη στο σούπερμάρκετ.docx
  • 0

#40
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts
Hello again,

Very stupidly, we are attempting to learn Greek.... and the file on the desktop was our Greek homework! :lol: It actually means 'I met Irene in the supermarket' :lol:

The computer is behaving itself today. I deliberately left it alone a couple of times: the screen went black but everything came back okay when the mouse was moved. I remember one day (last week, I think it was) nothing at all was happening when it was left idle, so there has obviously been some kind of issue with it going onto idle. All is well today though. It hasn't humg up on just the wallpaper any more when starting up, either.

Chris.
  • 0

Advertisements


#41
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Learning a new language isn't stupid...especially if it means you are taking a trip there. :)
I had Google translate the file name so I knew it was something to do with the supermarket, I was just making sure that you know the file was on the desktop and what it was.
I'm glad the monitor problem and the computer hanging on the desktop walpaper issue have resolved themselves (for the moment, anyway).
I will be back as soon as my colleague has a chance to look at you logs.

Regards,
godawgs
  • 0

#42
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Chris,

Unfortunately, because the repair shop installed a Windows installation that was not from the your Windows CD the registration license number is likely not the same as the original license number that was on the original XP installation. We don't think the SFC module will ever work without having a copy of Windows XP that the repair shop installed.

Then we get into whether or not the repair shop used the correct type of license when they reinstalled Windows or if they, in effect, installed an unlicensed copy of Windows on the new hard drive.

The bottom line is that I don't think we will be able to check the System Files to see if any are corrupted. I will remove the i386 folder I had you create and reset the Regisrty keys that we edited when we clean up.

I didn't see anything in the last OTL scan that we did. Let me know if the computer is still behaving. If it is we should be ready to clean up.
  • 0

#43
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts

Hello again,

 

The computer has mostly been behaving well, although my husband said that yesterday evening there was once again a problem with getting everything back once the computer had been idle for a while. A shame, as I had been hoping that perhaps changing the wallpaper had sorted the problem!

 

After reading your last message, I decided to write to the shop which installed the new hard drive - and their reply is below.  I am not sure what to make of it myself..... but perhaps you would be kind enough to comment.

 

Chris.

 

-------------------------------------------------------------------------------

 

Hello Christine,


Thank you for contacting us via our website.


I have read through your notes and taken a look at your original invoice.


Us using our own discs should make no odds to your PC – any disc will work on any system; then part that makes it unique is the license code affixed to your machine. This would have been the code that would have been installed against your PC and none other, so I can assure you that nothing untoward would have gone on there.

 

I too have been faced with similar problems in the past when running SFC scans, where it will not accept the disc, when it is more than clearly the correct version of Windows. Over time we have just put this down to a bug within XP that is sometimes present. As I’m sure you are aware, support for windows XP is stopping in the next couple of weeks, as it has come to the end of its existence. Over time, and since Vista, 7, and 8 operating systems have come out, it has become harder and harder to make a PC work from scratch with Windows XP.

 

If you wish to bring the machine to us, then we will be more than happy to take a look at the issues you are facing.

 

I hope this clears up any confusion and please do not hesitate to get in contact if you have any further queries.  


  • 1

#44
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Chris,
 
I take the repair shop at it's word. It just may be that the system file checker won't work on your machine. I can't think of anything else to do. I will remove the i386 folder and reverse the changes we made to the Registry keys when we clean up.
 
I'm gonna ask the Techs if someone will look at the monitor issue and give me some suggestions or post some for you, as I don't believe this is a malware problem. I don't see anything else on your system.
 
In the mean time I want to get a look at one more Registry key.

otlicon.pngOTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the customFix.png box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Windows File Protection


2. Re-open otlicon.pngon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    OTL_Main_Tutorial.gif
  • Click the greyed out None button at the top of the console.<---Very Important
  • Click the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thecustomFix.png box, right click and click Paste. This will put the above script inside OTL
  • Click the runscanbutton.png button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
    • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

  • 0

#45
Channeal

Channeal

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 879 posts

Hello again,

 

Sorry for taking a while replying to your last message.... we have been helping our daughter move. She only rents one room in a house - but it was surprising how long it took to move all her stuff!

 

The computer is having a bad spell again..... the problem with recovering everything after a period when the computer has been left idle has been back again and also when first turned on it has been taking ages to get past the welcome screen and then sticks on the wallpaper-only screen for a while. As it seems that some of our problems may be to do with running XP - and as support for it is now being withdrawn - we have been discussing whether to update Windows to the latest version. Not sure if it would be worth it though, as this is an old machine and may, I guess, only have a limited life expectancy now.

 

Anyway.....I have done the scan you requested. Well actually, I did it the night before last while I was very tired - and it took me three attempts because I kept messing it up and forgetting to click the necessary boxes! Here are the final results though: -

 

 

 

OTL logfile created on: 25/03/2014 23:08:43 - Run 11
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.50 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 78.15% Memory free
5.34 Gb Paging File | 4.67 Gb Available in Paging File | 87.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 326.31 Gb Free Space | 70.06% Space Free | Partition Type: NTFS
Drive D: | 148.99 Gb Total Space | 48.02 Gb Free Space | 32.23% Space Free | Partition Type: NTFS
 
Computer Name: USER-0868A33E33 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== LOP Check ==========
 
[2014/02/11 13:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/10 19:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/02/24 19:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/02/20 17:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Internet Helper Anti-phishing
[2013/06/03 10:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2014/02/20 15:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2013/09/13 10:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2013/09/06 21:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOIK
[2013/06/10 10:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2013/06/11 16:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Auslogics
[2013/12/11 11:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVAST Software
[2014/01/16 17:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Copernic
[2013/12/03 17:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2013/08/15 15:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\gtk-2.0
[2013/09/06 21:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Imagic507N
[2013/07/01 14:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2013/09/13 13:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
[2013/06/05 22:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PCDr
[2013/09/13 12:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2014/02/11 14:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spotify
[2013/06/04 17:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search
[2014/03/25 21:49:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2014/02/25 04:02:09 | 000,000,520 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2014/03/25 13:28:36 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Windows File Protection >

< End of report >
 

Thanks again,

Chris.


Edited by Channeal, 27 March 2014 - 06:40 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP