Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

XP Home Administrators but NO admin rights [Solved] [Closed]

Started by ggh , Mar 17 2014 03:41 PM

This topic is locked

#1
ggh

Posted 17 March 2014 - 03:41 PM

New Member

Member
8 posts

I am running XP Home on DELL 3100 (has 2 hidden factory partitions and DELLs MBR) which we have owned for 9 years from new. I have ghosted it to a larger disk but still the same installation.

I have long suspected a rootkit as Combofix has been used several times over the years to clear different viruses (We have always has an antivirus package Trendmicro then Mcafee and now Avast but viruses have still got through)

Combofix reports Rootkit activity and restarts but after many cleans it continues to report rootkit activity, yet all the other rootkit tool-downloads I have tried, have reported nothing. So Apart from Combofix claiming to detect rootkit activity and Not being able to run some of the tools becuause of not having Adminitrator rights, I have no other symptoms. The attached cathme.log says "disk not found C:\" but this does not make sense as it is the system drive.

Quote: " disk not found C:\

please note that you need administrator rights to perform deep scan"

As the OTL log shows User Name: Sally | Logged in as Administrator. - all the users are administrators But I also restarted in Safe mode and logged into the real Administrator account and you still get same error.

Can anyone offer help on restoring my admin rights? Could this error being linked to a rootkit?

Attached Files

OTL.Txt 123.15KB 214 downloads
Extras.Txt 51.95KB 147 downloads
catchme.log 728bytes 163 downloads
GMER-Quick-scan.txt 63.42KB 141 downloads

Edited by ggh, 17 March 2014 - 03:49 PM.

#2
michaelg9

Posted 22 March 2014 - 11:27 AM

Trusted Helper

Malware Removal
2,949 posts

. I'm Michael and I'm going to help you fix your computer

Note: Before we start the process you should:

POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

These kind of warnings can be caused by non malicious software, like antivirus programs. Does your computer have any problems? If not, out of curiosity, why did you run all these tools?

I can see that you have downloaded a wide variety of diagnostic tools, like OTL, combofix etc. Please delete them all now and re-download each one needed in my instructions, as there may be a newer version

I'm going to get updated logs:

Next:

Posted Image

OTL Custom Scan

Download OTL to your Desktop
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Under Extra Registry select Use Safelist
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
HKCU\software\classes\clsid|{} /rs
HKLM\software\classes\clsid|{} /rs
HKCR\CLSID\{} /rs
C:\{}. /s
CREATERESTOREPOINT
Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt and Extras.txt in Notepad windows.
Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them with your next reply.

Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

#3
ggh

Posted 25 March 2014 - 02:39 AM

New Member

Topic Starter
Member
8 posts

Hi I have been try to run OTL with your script. It runs without the script but seems to hang the attached jpg is after 9 hours.
any advice? I will leave running for another few hours...

Will update soon

Attached Thumbnails

#4
ggh

Posted 26 March 2014 - 02:23 PM

New Member

Topic Starter
Member
8 posts

Hi Michael I cannot run OTL with your script - so the logs are just without script.

Kept retrying in safe mode and unistalled all antiviruses and ran MCPR removal tool and restarted but no difference. It hangs in HKCU key same place every time is that a clue?

With aswmbr you did not mention about douwnloading the antivirus so I havent.

OTL Text

OTL logfile created on: 26/03/2014 19:50:35 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Rachael\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.34% Memory free
3.83 Gb Paging File | 3.48 Gb Available in Paging File | 90.73% Paging File free
Paging file location(s): H:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 231.53 Gb Total Space | 83.20 Gb Free Space | 35.94% Space Free | Partition Type: NTFS
Drive F: | 46.93 Mb Total Space | 39.75 Mb Free Space | 84.71% Space Free | Partition Type: FAT
Drive G: | 3.00 Gb Total Space | 0.61 Gb Free Space | 20.28% Space Free | Partition Type: FAT32
Drive H: | 231.18 Gb Total Space | 97.88 Gb Free Space | 42.34% Space Free | Partition Type: NTFS

Computer Name: D591F02J | User Name: Rachael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/26 14:50:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rachael\Desktop\OTL.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/09/29 19:58:36 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2010/10/07 12:39:52 | 000,234,784 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPrint\airprint.exe
PRC - [2010/08/24 09:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/01/08 14:19:40 | 000,966,656 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtWLan.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/03 16:44:40 | 000,061,440 | ---- | M] (British Telecommunications Plc.) -- C:\Program Files\BT Common Client\btomosrv.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2002/09/02 08:51:40 | 000,049,152 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe

========== Modules (No Company Name) ==========

MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2009/12/09 21:20:06 | 000,126,976 | ---- | M] () -- C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\EnumDevLib.dll
MOD - [2007/07/12 11:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\acAuth.dll
MOD - [2005/10/07 14:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/07/22 07:21:46 | 000,032,768 | ---- | M] () -- C:\Program Files\MP3 Player Utilities 4.11\AMVConverter\AmvTransform.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (Roxio Upnp Server 9)
SRV - File not found [Disabled | Stopped] -- -- (Roxio UPnP Renderer 9)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/03/11 19:52:28 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/28 06:54:10 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 19:58:36 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/10/07 12:39:52 | 000,234,784 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\AirPrint\airprint.exe -- (AirPrint)
SRV - [2010/08/24 09:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/11/14 21:08:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/07/03 16:44:40 | 000,061,440 | ---- | M] (British Telecommunications Plc.) [Auto | Running] -- C:\Program Files\BT Common Client\btomosrv.exe -- (BT Common Client)
SRV - [2002/09/02 08:51:40 | 000,049,152 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\scfint.sys -- (scfint)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GenericMount.sys -- (GenericMount)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwl5.sys -- (BCM43XX)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2013/08/21 04:31:38 | 000,182,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/08/21 04:31:38 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/05/22 18:49:32 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/09/11 21:54:50 | 000,084,512 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vsflt58.sys -- (vidsflt58)
DRV - [2011/09/11 21:54:37 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2011/09/04 20:34:12 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/09/04 20:34:12 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/04/13 18:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/10/02 04:06:40 | 000,451,968 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/08/08 11:12:42 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/04/20 10:14:06 | 000,024,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btwsp50.sys -- (BTWSp50)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/16 00:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/09/24 13:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/18 11:54:48 | 000,016,640 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2006/08/18 11:10:24 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320bus.sys -- (K320bus)
DRV - [2006/08/18 11:10:22 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mdm.sys -- (K320mdm)
DRV - [2006/08/18 11:10:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mdfl.sys -- (K320mdfl)
DRV - [2006/08/18 11:10:20 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mgmt.sys -- (K320mgmt)
DRV - [2006/08/18 11:10:18 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320obex.sys -- (K320obex)
DRV - [2006/07/24 02:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/07/24 02:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/03/04 12:00:00 | 000,241,664 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/05/31 14:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/05/31 08:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/04/30 13:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 13:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 13:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/04/07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2005/03/25 16:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/12/16 15:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004/10/19 12:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/12/08 17:33:20 | 000,123,276 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.sys -- (SoC PC-Camera Service)
DRV - [2003/01/10 10:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH)
DRV - [2002/06/10 14:20:50 | 000,039,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcd.sys -- (QCDonner)
DRV - [1996/04/03 19:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No CLSID value found
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLR_en
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yah...&p={searchTerms}
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@videoegg.com/Publisher,version=1.5: C:\Documents and Settings\Rachael\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/12/20 19:03:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/12/20 19:03:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/03/01 11:16:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/03/01 11:16:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.0.6\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2014/03/01 11:16:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.0.6\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2014/03/01 11:16:19 | 000,000,000 | ---D | M]

[2006/06/04 10:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rachael\Application Data\Mozilla\Firefox\Profiles\gnxegh77.default\extensions
[2013/12/20 18:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/03/01 09:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/01 09:43:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/01 10:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2014/03/01 10:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014/03/01 10:06:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/19 22:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 22:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/12/20 18:59:16 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2013/11/15 22:30:38 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2014/03/23 23:34:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DAP Bar) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll ()
O3 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\Toolbar\WebBrowser: (no name) - {8020143D-5926-4394-A04D-DD0B649DA121} - No CLSID value found.
O3 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMON.EXE File not found
O4 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe File not found
O4 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007..\Run: [Windows Update] livesrvs.exe File not found
O4 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR=0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)" -"http://www.miniclip....en-invaders/en/" File not found
O4 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007..\RunServices: [Windows Update] livesrvs.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8185 Wireless LAN Utility.lnk = C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://pccheckup.del...oad/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.euro...iler/SysPro.CAB (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1353363277828 (MUWebControl Class)
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.micr...N-US/msorun.cab (IEAnimBehaviorFactory Class)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3A0C622-0B96-43C5-9438-17AAE5FC202B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4E494F6-7B3D-4A61-811D-378E70742D31}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Rachael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rachael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/07/05 12:06:50 | 000,000,398 | ---- | M] () - F:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2005/07/05 12:06:50 | 000,000,398 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT ]
O32 - AutoRun File - [2005/07/07 20:34:30 | 000,001,871 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{26906309-9d98-11da-ac74-0030bdf74598}\Shell - "" = AutoRun
O33 - MountPoints2\{26906309-9d98-11da-ac74-0030bdf74598}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{26906309-9d98-11da-ac74-0030bdf74598}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/26 14:50:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rachael\Desktop\OTL.exe
[2014/03/26 14:47:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rachael\IECompatCache
[2014/03/26 14:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rachael\Application Data\RealNetworks
[2014/03/24 21:35:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/03/23 23:38:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/03/23 22:42:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/23 18:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2014/03/23 14:49:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/16 01:04:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/03/16 01:04:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe
[2014/03/14 23:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/03/01 20:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2014/03/01 14:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2014/03/01 14:21:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlySoft
[2014/03/01 11:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2014/03/01 11:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2014/03/01 10:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2014/03/01 10:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

========== Files - Modified Within 30 Days ==========

[2014/03/26 19:52:39 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/26 19:52:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1008UA.job
[2014/03/26 19:52:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/26 19:52:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{590D0C85-5D8A-458F-87E7-F9EFAE2F358A}.job
[2014/03/26 19:51:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4D5D3230-4EAE-493D-918D-BECD68FA5DAC}.job
[2014/03/26 19:50:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F753D7C8-3562-4E8D-A57C-7C8027CB7A0C}.job
[2014/03/26 19:49:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{33F4E96D-A646-4D58-829B-31D1A666AAE9}.job
[2014/03/26 19:40:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1009UA.job
[2014/03/26 14:50:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rachael\Desktop\OTL.exe
[2014/03/26 14:46:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/26 14:45:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/26 14:45:55 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3753000303-1846566046-2363456648-1008.job
[2014/03/26 14:45:55 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/26 14:45:54 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2014/03/26 14:45:54 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job
[2014/03/26 14:45:54 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3753000303-1846566046-2363456648-1009.job
[2014/03/26 14:45:32 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/25 20:40:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1009Core.job
[2014/03/25 07:52:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1008Core.job
[2014/03/24 22:00:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Schedule.job
[2014/03/24 19:41:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3753000303-1846566046-2363456648-1008.job
[2014/03/23 23:34:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/03/23 15:04:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/03/23 14:44:56 | 000,359,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/16 11:51:31 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/16 01:06:08 | 000,507,406 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/16 01:06:08 | 000,090,216 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/14 18:19:48 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8185 Wireless LAN Utility.lnk
[2014/03/11 19:52:23 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/03/11 19:52:23 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/03/01 14:37:17 | 000,000,108 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2014/03/01 14:22:27 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2014/03/01 10:54:00 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/03/01 09:44:20 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/02/26 01:59:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe
[2014/02/26 01:59:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe

========== Files Created - No Company Name ==========

[2014/03/26 14:22:43 | 2137,149,440 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/16 11:36:14 | 000,000,222 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/16 11:36:13 | 000,000,216 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/01 14:22:27 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
[2014/03/01 10:54:00 | 000,001,558 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/01/03 22:19:34 | 000,332,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/11/15 23:50:00 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2013/10/30 12:07:00 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2013/10/30 12:06:54 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013/10/30 12:06:54 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013/10/30 12:06:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013/10/30 12:06:54 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2007/05/27 15:04:22 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Rachael\default.pls
[2007/03/11 10:52:07 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/20 19:14:14 | 000,000,108 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2006/05/27 11:57:26 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Rachael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2004/08/10 13:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/03/01 10:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2008/12/27 23:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2008/12/28 01:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2011/10/23 17:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2014/03/26 14:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/05/12 15:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010/04/02 19:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BT Access Manager
[2010/04/02 19:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BT Common Client
[2013/04/07 17:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2006/05/20 19:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloanto
[2008/10/24 17:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2014/01/15 23:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/10/24 20:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone DEMO
[2014/01/03 22:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010/04/02 20:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Wireless
[2014/03/01 20:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2007/11/29 17:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/12/05 20:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2013/06/27 19:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2007/03/04 19:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/12/21 18:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/28 01:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2014/01/25 13:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2006/06/04 13:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAMAHA
[2013/01/18 15:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2008/09/14 09:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/04/02 20:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/06/09 22:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\1ClickDVDCopy
[2007/03/09 11:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Audacity
[2006/04/02 21:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BAMZOOKi
[2006/06/09 22:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\CopyToDvd
[2012/09/02 12:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\FCTB000061465
[2006/01/18 19:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leadertech
[2008/12/27 09:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\MSNInstaller
[2007/03/09 11:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NCH Swift Sound
[2009/12/05 20:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Teleca
[2006/01/19 17:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Template
[2010/11/28 09:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\TomTom
[2007/03/15 19:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\tunebite
[2007/03/11 10:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Ulead Systems
[2009/11/18 21:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Vso
[2012/09/02 12:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\wsInspector
[2008/12/18 19:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2006/03/01 18:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\Bamzooki
[2010/04/02 20:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\BT Access Manager
[2010/10/21 19:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\DVDVideoSoftIEHelpers
[2007/08/17 15:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\IMVU
[2012/03/18 22:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\IObit
[2009/12/05 20:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\Teleca
[2008/12/26 22:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\Vso
[2006/01/21 13:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\WebRenderer
[2006/08/02 16:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\YAMAHA
[2008/08/21 00:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SACore
[2012/04/13 20:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\FCTB000061465
[2007/08/19 15:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\IMVU
[2012/05/01 18:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\IObit
[2007/07/05 15:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\Template
[2007/08/26 10:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\Ulead Systems
[2008/09/14 13:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\WebRenderer
[2007/12/26 22:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\wsInspector
[2006/06/04 13:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\YAMAHA
[2011/09/11 13:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Acronis
[2013/07/30 18:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\coupons
[2014/01/15 22:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\ElevatedDiagnostics
[2014/03/14 17:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\IObit
[2008/07/14 22:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Kio
[2013/03/11 20:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Leadertech
[2014/02/02 22:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Mael
[2013/08/15 12:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\NCH Swift Sound
[2011/10/23 16:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Opera
[2014/03/01 09:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Opera Software
[2012/05/31 18:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Oracle
[2014/01/03 22:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Samsung
[2009/12/07 14:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Teleca
[2007/12/21 18:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Viewpoint
[2012/11/01 20:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Windows Live Writer
[2014/03/14 18:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\wsInspector

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Rachael\My Documents\EA Games:Roxio EMC Stream
< End of report >

extra text

OTL Extras logfile created on: 26/03/2014 19:50:35 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Rachael\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.34% Memory free
3.83 Gb Paging File | 3.48 Gb Available in Paging File | 90.73% Paging File free
Paging file location(s): H:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 231.53 Gb Total Space | 83.20 Gb Free Space | 35.94% Space Free | Partition Type: NTFS
Drive F: | 46.93 Mb Total Space | 39.75 Mb Free Space | 84.71% Space Free | Partition Type: FAT
Drive G: | 3.00 Gb Total Space | 0.61 Gb Free Space | 20.28% Space Free | Partition Type: FAT32
Drive H: | 231.18 Gb Total Space | 97.88 Gb Free Space | 42.34% Space Free | Partition Type: NTFS

Computer Name: D591F02J | User Name: Rachael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{192E534C-3761-4CF6-A193-62F8A9A1D5F9}" = Cloanto MenuBox
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29CBFC23-05A7-4286-93B8-BABE29BC1033}" = Nero 7 Ultra Edition
"{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{439800C9-FD42-4EA3-94D2-063DF0926873}" = Match-Up!
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D701F5D-F149-4FAC-AAA2-A36C088C5FE3}" = Ulead MediaStudio Pro 7.0 Video Edition
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{5383D15F-68A1-4F67-A73E-E6F94949BFEE}" = PC Camera
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5F0FC860-ADE1-4B2D-B0A9-CB9FB17C46E8}" = Sony Ericsson PC Suite
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{6F0A34C6-D0F5-4163-B9FF-0839849238F3}" = BT Access Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79AD0F42-5C08-4A01-9EBF-2A1F78FC4C7E}" = DVD X Maker
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = The Sims 2 H&M® Fashion Stuff
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.11
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{984F10FD-11FD-4BED-8163-92DB81E6A825}" = Logitech IM Video Companion
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = The Sims 2 Glamour Life Stuff
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio module
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{BE8913B7-B2C4-48BE-8A26-84390FF4F231}" = DMX Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8A563E-7D2D-4589-B628-4379F1E8D4E1}" = YBS Account Aggregation
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims 2 Seasons
"{E1F4FB82-3EA6-46B6-A18A-9B3A62DA393E}" = hp deskjet 6122
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EEE0F0A7-6B7D-4D1E-9498-43D9D012DDF7}" = Windows Media Format 9 Series SDK
"{EF5A6DD8-4A03-4BDD-A7C3-5CA2FF02DCFA}" = Pippa Funnell
"{EF72E0A5-57E8-471F-837E-82BB19771363}" = REALTEK RTL8185 Wireless LAN Software
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims 2 Bon Voyage
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer2.2.0.1" = Coupon Printer
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Driver Genius Professional Edition 2006_is1" = Driver Genius Professional Edition 2006 6.2.1525
"DriverGuide DriverScan" = DriverGuide DriverScan
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD43_is1" = DVD43 v4.4.0
"Eye Candy 4000" = Eye Candy 4000
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"GearDrivers" = GearDrivers
"Hospital" = Theme Hospital
"hp deskjet 990c series_Driver" = hp deskjet 990c series
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Image Composer" = Microsoft Image Composer 1.5
"InstallShield_{5383D15F-68A1-4F67-A73E-E6F94949BFEE}" = PC Camera
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KaraFun_is1" = KaraFun 1.01b
"Kids Tables and Time" = Kids Tables and Time
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MIXERLITE" = Mixer
"Mozilla Firefox 27.0 (x86 en-GB)" = Mozilla Firefox 27.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PE Builder_is1" = PE Builder 3.1.10a
"Picasa2" = Picasa 2
"PROSet" = Intel® PRO Network Connections Drivers
"Revo Uninstaller" = Revo Uninstaller 1.95
"Shopping Centre Tycoon" = Shopping Centre Tycoon
"SightSpeed" = SightSpeed (remove only)
"Smart Defrag 2_is1" = Smart Defrag 2
"SpeedFan" = SpeedFan (remove only)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TextAloud MP3_is1" = TextAloud MP3
"Theme Park World" = Theme Park World
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Update Service" = Sony Ericsson Update Service
"V3780s User's Manual" = V3780s User's Manual
"ViewpointMediaPlayer" = Viewpoint Media Player
"VTUploader" = VirusTotal Uploader 2.2
"WavePad" = WavePad Uninstall
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHex" = WinHex
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word8.0" = Microsoft Word 97
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"x2VCD" = Super DVD Ripper (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"xvid" = XviD MPEG-4 Video Codec
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3753000303-1846566046-2363456648-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"VideoEgg" = VideoEgg Publisher

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/03/2014 18:50:40 | Computer Name = D591F02J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: A connection with the server could not be established

Error - 23/03/2014 18:50:45 | Computer Name = D591F02J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: A connection with the server could not be established

Error - 23/03/2014 18:50:45 | Computer Name = D591F02J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This network connection does not exist.

Error - 23/03/2014 18:50:45 | Computer Name = D591F02J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This network connection does not exist.

Error - 23/03/2014 19:25:48 | Computer Name = D591F02J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: A connection with the server could not be established

Error - 23/03/2014 19:25:52 | Computer Name = D591F02J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: A connection with the server could not be established

Error - 23/03/2014 19:25:52 | Computer Name = D591F02J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This network connection does not exist.

Error - 23/03/2014 19:25:52 | Computer Name = D591F02J | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....authrootseq.txt>
with error: This network connection does not exist.

Error - 23/03/2014 19:46:27 | Computer Name = D591F02J | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 26/03/2014 10:31:29 | Computer Name = D591F02J | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ System Events ]
Error - 25/03/2014 17:16:52 | Computer Name = D591F02J | Source = Service Control Manager | ID = 7034
Description = The BT Common Client service terminated unexpectedly. It has done
this 1 time(s).

Error - 25/03/2014 17:16:58 | Computer Name = D591F02J | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 26/03/2014 10:22:59 | Computer Name = D591F02J | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.65 for the Network Card with network
address 94445203C36E has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 26/03/2014 10:23:13 | Computer Name = D591F02J | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2

Error - 26/03/2014 10:23:24 | Computer Name = D591F02J | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   sptd

Error - 26/03/2014 10:25:09 | Computer Name = D591F02J | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 00113B18121D has been denied by the DHCP server 192.168.1.254 (The DHCP
Server sent a DHCPNACK message).

Error - 26/03/2014 10:31:41 | Computer Name = D591F02J | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2

Error - 26/03/2014 10:31:43 | Computer Name = D591F02J | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   sptd

Error - 26/03/2014 10:46:11 | Computer Name = D591F02J | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2

Error - 26/03/2014 10:46:12 | Computer Name = D591F02J | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   sptd

< End of report >

aswmbr TEXT

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-26 20:01:21
-----------------------------
20:01:21.265    OS Version: Windows 5.1.2600 Service Pack 3
20:01:21.265    Number of processors: 2 586 0x401
20:01:21.265    ComputerName: D591F02J UserName: Rachael
20:01:24.437    Initialize success
20:02:02.593    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
20:02:02.593    Disk 0 Vendor: ST3500320AS SD1A Size: 476940MB BusType: 3
20:02:02.718    Disk 0 MBR read successfully
20:02:02.718    Disk 0 MBR scan
20:02:02.718    Disk 0 unknown MBR code
20:02:02.718    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       47 MB offset 63
20:02:02.718    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       237084 MB offset 96390
20:02:02.750    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       236731 MB offset 485644950
20:02:02.781    Disk 0 Partition 4 00     DB CP/M / CTOS Dell 8.0     3074 MB offset 970470585
20:02:02.781    Disk 0 scanning sectors +976768065
20:02:02.812    Disk 0 scanning C:\WINDOWS\system32\drivers
20:02:11.203    Service scanning
20:02:20.390    Modules scanning
20:02:24.968    Disk 0 trace - called modules:
20:02:24.968    ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt58.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:02:24.968    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b4dfab8]
20:02:24.968    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8b4f29c8]
20:02:24.968    5 vsflt58.sys[b9f60f7b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8b4d2b00]
20:02:24.968    Scan finished successfully
20:03:11.453    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rachael\Desktop\MBR.dat"
20:03:11.453    The log file has been saved successfully to "C:\Documents and Settings\Rachael\Desktop\aswMBR.txt"

#5
michaelg9

Posted 27 March 2014 - 01:56 PM

Trusted Helper

Malware Removal
2,949 posts

Hey

Just letting you know that I'm checking your logs and I'll post new instructions on the weekend

#6
michaelg9

Posted 30 March 2014 - 03:09 AM

Trusted Helper

Malware Removal
2,949 posts

Hey,

Sorry for the late reply, it's been a busy week

Warning!!
You had an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.

All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breach.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Next:

Please uninstall:

Adobe Flash Player 10 Plugin
Java 7 Update 7
Viewpoint Media Player

The first two are outdated, you can install a newer version later. The last one isn't trustoworthy

Next:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:processes
killallprocesses

:OTL
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No CLSID value found
O3 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\Toolbar\WebBrowser: (no name) - {8020143D-5926-4394-A04D-DD0B649DA121} - No CLSID value found.
O3 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O4 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe File not found
O4 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007..\Run: [Windows Update] livesrvs.exe File not found
O4 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007..\RunServices: [Windows Update] livesrvs.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O33 - MountPoints2\{26906309-9d98-11da-ac74-0030bdf74598}\Shell - "" = AutoRun
O33 - MountPoints2\{26906309-9d98-11da-ac74-0030bdf74598}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{26906309-9d98-11da-ac74-0030bdf74598}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorer.exe
[2012/09/02 12:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\FCTB000061465
[2012/04/13 20:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\FCTB000061465

:Services

:Reg

:Files

:Commands
[purity]
[EMPTYFLASH]
[EMPTYJAVA]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered.
OTL may ask to reboot the machine. Please do so if asked.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

#7
ggh

Posted 31 March 2014 - 04:16 PM

New Member

Topic Starter
Member
8 posts

OTL Fix Log

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3753000303-1846566046-2363456648-1007\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}\ not found.
Registry key HKEY_USERS\S-1-5-21-3753000303-1846566046-2363456648-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8020143D-5926-4394-A04D-DD0B649DA121}\ not found.
Registry key HKEY_USERS\S-1-5-21-3753000303-1846566046-2363456648-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
Registry key HKEY_USERS\S-1-5-21-3753000303-1846566046-2363456648-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}\ not found.
Registry key HKEY_USERS\S-1-5-21-3753000303-1846566046-2363456648-1007\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-3753000303-1846566046-2363456648-1007\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\S-1-5-21-3753000303-1846566046-2363456648-1007\Software\Microsoft\Windows\CurrentVersion\RunServices not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\BackupNoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry key HKEY_USERS\S-1-5-21-3753000303-1846566046-2363456648-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26906309-9d98-11da-ac74-0030bdf74598}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26906309-9d98-11da-ac74-0030bdf74598}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26906309-9d98-11da-ac74-0030bdf74598}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26906309-9d98-11da-ac74-0030bdf74598}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26906309-9d98-11da-ac74-0030bdf74598}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26906309-9d98-11da-ac74-0030bdf74598}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorer.exe not found.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\skins\radio\gray03 folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\skins\radio folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\skins folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\override folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\util folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\weatherplugin\proppage folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\weatherplugin folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\searchcomponent folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\rssreader\proppage\images folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\rssreader\proppage folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\rssreader folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\radioplugin\proppage\widgets folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\radioplugin\proppage\images folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\radioplugin\proppage folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\radioplugin\js folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\radioplugin\images folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\radioplugin\css folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\radioplugin folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\msgboxplugin folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\emailchecker\proppage\widgets folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\emailchecker\proppage folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\emailchecker folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\common\proppage folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\common folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\bookmarksplugin\proppage\images folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\bookmarksplugin\proppage folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res\bookmarksplugin folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components\res folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\js_components folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\images\weather\png folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\images\weather folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\images\ticker folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\images\msgbox folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar\images folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465\Toolbar folder moved successfully.
C:\Documents and Settings\Gary\Application Data\FCTB000061465 folder moved successfully.
C:\Documents and Settings\Rachael\Application Data\FCTB000061465\Toolbar\skins\radio\gray03 folder moved successfully.
C:\Documents and Settings\Rachael\Application Data\FCTB000061465\Toolbar\skins\radio folder moved successfully.
C:\Documents and Settings\Rachael\Application Data\FCTB000061465\Toolbar\skins folder moved successfully.
C:\Documents and Settings\Rachael\Application Data\FCTB000061465\Toolbar\override folder moved successfully.
C:\Documents and Settings\Rachael\Application Data\FCTB000061465\Toolbar\images\weather\png folder moved successfully.
C:\Documents and Settings\Rachael\Application Data\FCTB000061465\Toolbar\images\weather folder moved successfully.
C:\Documents and Settings\Rachael\Application Data\FCTB000061465\Toolbar\images\ticker folder moved successfully.
C:\Documents and Settings\Rachael\Application Data\FCTB000061465\Toolbar\images\msgbox folder moved successfully.
C:\Documents and Settings\Rachael\Application Data\FCTB000061465\Toolbar\images folder moved successfully.
C:\Documents and Settings\Rachael\Application Data\FCTB000061465\Toolbar folder moved successfully.
C:\Documents and Settings\Rachael\Application Data\FCTB000061465 folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 492 bytes

User: All Users

User: bluetooth

User: Default User
->Flash cache emptied: 0 bytes

User: Gary
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: Lucy
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

User: Rachael
->Flash cache emptied: 492 bytes

User: Sally
->Flash cache emptied: 506 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: bluetooth

User: Default User

User: Gary
->Java cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser

User: Lucy
->Java cache emptied: 0 bytes

User: NetworkService

User: Owner

User: Rachael
->Java cache emptied: 0 bytes

User: Sally
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03312014_200957

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL Quick Scan

OTL logfile created on: 31/03/2014 22:29:29 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Sally\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.59% Memory free
3.83 Gb Paging File | 3.06 Gb Available in Paging File | 79.75% Paging File free
Paging file location(s): H:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 231.53 Gb Total Space | 83.33 Gb Free Space | 35.99% Space Free | Partition Type: NTFS
Drive F: | 46.93 Mb Total Space | 39.75 Mb Free Space | 84.71% Space Free | Partition Type: FAT
Drive G: | 3.00 Gb Total Space | 0.61 Gb Free Space | 20.28% Space Free | Partition Type: FAT32
Drive H: | 231.18 Gb Total Space | 97.88 Gb Free Space | 42.34% Space Free | Partition Type: NTFS

Computer Name: D591F02J | User Name: Sally | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/31 20:08:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sally\Desktop\OTL.exe
PRC - [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2010/08/24 10:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/01/08 15:19:40 | 000,966,656 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtWLan.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/15 01:50:40 | 013,637,448 | ---- | M] () -- C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
MOD - [2014/03/15 01:50:40 | 000,394,568 | ---- | M] () -- C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/15 01:50:38 | 004,061,000 | ---- | M] () -- C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/15 01:50:32 | 001,647,432 | ---- | M] () -- C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/15 01:50:30 | 000,051,016 | ---- | M] () -- C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2013/08/14 16:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2009/12/09 22:20:06 | 000,126,976 | ---- | M] () -- C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\EnumDevLib.dll
MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/07/12 12:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\acAuth.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Disabled | Stopped] -- -- (Roxio Upnp Server 9)
SRV - File not found [Disabled | Stopped] -- -- (Roxio UPnP Renderer 9)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/03/11 20:52:28 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/28 07:54:10 | 000,118,896 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/10/07 13:39:52 | 000,234,784 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\AirPrint\airprint.exe -- (AirPrint)
SRV - [2010/08/24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/11/14 22:08:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/07/03 17:44:40 | 000,061,440 | ---- | M] (British Telecommunications Plc.) [Disabled | Stopped] -- C:\Program Files\BT Common Client\btomosrv.exe -- (BT Common Client)
SRV - [2002/09/02 09:51:40 | 000,049,152 | ---- | M] (GEAR Software) [Disabled | Stopped] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\scfint.sys -- (scfint)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GenericMount.sys -- (GenericMount)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\bcmwl5.sys -- (BCM43XX)
DRV - [2013/08/21 05:31:38 | 000,182,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/08/21 05:31:38 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/05/22 19:49:32 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011/09/11 22:54:50 | 000,084,512 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vsflt58.sys -- (vidsflt58)
DRV - [2011/09/11 22:54:37 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2011/09/04 21:34:12 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/09/04 21:34:12 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/10/02 05:06:40 | 000,451,968 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/08/08 12:12:42 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/04/20 11:14:06 | 000,024,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\btwsp50.sys -- (BTWSp50)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/18 12:54:48 | 000,016,640 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2006/08/18 12:10:24 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320bus.sys -- (K320bus)
DRV - [2006/08/18 12:10:22 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mdm.sys -- (K320mdm)
DRV - [2006/08/18 12:10:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mdfl.sys -- (K320mdfl)
DRV - [2006/08/18 12:10:20 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mgmt.sys -- (K320mgmt)
DRV - [2006/08/18 12:10:18 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320obex.sys -- (K320obex)
DRV - [2006/07/24 03:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/07/24 03:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/03/04 13:00:00 | 000,241,664 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2005/11/16 16:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/05/31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/05/31 09:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/04/30 14:50:20 | 000,011,860 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2005/03/25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/12/16 16:32:54 | 000,013,304 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004/10/19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/12/08 18:33:20 | 000,123,276 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.sys -- (SoC PC-Camera Service)
DRV - [2003/01/10 11:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SQCaptur.sys -- (DCamUSBSQTECH)
DRV - [2002/06/10 15:20:50 | 000,039,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcd.sys -- (QCDonner)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\..\SearchScopes,DefaultScope = {9CFD219D-ED6B-4E32-A6AE-F9E7A6AB1D10}
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\..\SearchScopes\{4EAD5559-381D-478B-8E93-79727B5389BD}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\..\SearchScopes\{9CFD219D-ED6B-4E32-A6AE-F9E7A6AB1D10}: "URL" = http://www.google.co...&rlz=1I7GGLR_en
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.5
FF - prefs.js..extensions.enabledAddons: %7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - prefs.js..keyword.URL: "http://uk.search.yah...h?fr=mcafee&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/12/20 20:03:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/12/20 20:03:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/03/01 12:16:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/03/01 12:16:19 | 000,000,000 | ---D | M]

[2012/04/02 16:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sally\Application Data\Mozilla\Extensions
[2012/11/11 22:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sally\Application Data\Mozilla\Firefox\Profiles\e5edr1zn.default\extensions
[2012/10/31 23:27:37 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Documents and Settings\Sally\Application Data\Mozilla\Firefox\Profiles\e5edr1zn.default\extensions\ChoiceGuard@Microsoft
[2012/04/02 16:29:15 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Sally\Application Data\Mozilla\Firefox\Profiles\e5edr1zn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2007/05/07 14:37:27 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Sally\Application Data\Mozilla\Firefox\Profiles\e5edr1zn.default\searchplugins\siteadvisor.xml
[2013/12/20 19:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/03/01 10:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/01 10:43:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/01 11:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2014/03/01 11:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014/03/01 11:06:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/20 20:03:06 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/10/19 23:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 23:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/12/20 19:59:16 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2013/11/15 23:30:38 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: RealDownloader = C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

O1 HOSTS File: ([2014/03/24 00:34:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8185 Wireless LAN Utility.lnk = C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://pccheckup.del...oad/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.euro...iler/SysPro.CAB (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1353363277828 (MUWebControl Class)
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.micr...N-US/msorun.cab (IEAnimBehaviorFactory Class)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3A0C622-0B96-43C5-9438-17AAE5FC202B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4E494F6-7B3D-4A61-811D-378E70742D31}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\AutorunsDisabled\mctp - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Sally\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sally\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/07/05 12:06:50 | 000,000,398 | ---- | M] () - F:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2005/07/05 12:06:50 | 000,000,398 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT ]
O32 - AutoRun File - [2005/07/07 20:34:30 | 000,001,871 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/31 22:16:38 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/27 20:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sally\Application Data\FixZeroAccess
[2014/03/24 22:39:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sally\Desktop\OTL.exe
[2014/03/24 22:35:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/03/24 00:38:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/03/23 23:42:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/03/23 19:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\VirusTotalUploader2
[2014/03/23 19:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sally\Start Menu\Programs\VirusTotal Uploader 2.2
[2014/03/23 15:49:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/23 09:04:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sally\Desktop\Copy of OTL.exe
[2014/03/15 00:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/03/14 19:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sally\Application Data\wsInspector
[2014/03/14 19:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sally\My Documents\wsInspector

========== Files - Modified Within 30 Days ==========

[2014/03/31 22:34:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{33F4E96D-A646-4D58-829B-31D1A666AAE9}.job
[2014/03/31 22:32:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{590D0C85-5D8A-458F-87E7-F9EFAE2F358A}.job
[2014/03/31 22:31:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4D5D3230-4EAE-493D-918D-BECD68FA5DAC}.job
[2014/03/31 22:30:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F753D7C8-3562-4E8D-A57C-7C8027CB7A0C}.job
[2014/03/31 20:11:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/31 20:11:15 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/31 20:11:02 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/31 20:08:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sally\Desktop\OTL.exe
[2014/03/31 19:31:52 | 000,507,406 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/31 19:31:52 | 000,090,216 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/26 22:08:56 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2014/03/26 22:08:56 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job
[2014/03/26 22:08:55 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3753000303-1846566046-2363456648-1009.job
[2014/03/26 22:08:55 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Schedule.job
[2014/03/26 22:08:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3753000303-1846566046-2363456648-1008.job
[2014/03/26 22:08:52 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3753000303-1846566046-2363456648-1009.job
[2014/03/26 22:08:51 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3753000303-1846566046-2363456648-1008.job
[2014/03/26 22:08:50 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1009UA.job
[2014/03/26 22:08:50 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1009Core.job
[2014/03/26 22:08:46 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1008UA.job
[2014/03/26 22:08:45 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1008Core.job
[2014/03/26 22:08:45 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/26 22:08:42 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/26 22:08:41 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/03/26 22:08:41 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/03/24 23:39:28 | 003,825,540 | ---- | M] () -- C:\Documents and Settings\Sally\Desktop\reg009-OTL does not like.reg
[2014/03/24 00:34:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/03/23 19:23:54 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\Sally\Desktop\VirusTotal Uploader 2.2.lnk
[2014/03/23 17:26:02 | 000,118,562 | ---- | M] () -- C:\Documents and Settings\Sally\Desktop\OTL hangs.JPG
[2014/03/23 16:04:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/03/23 15:44:56 | 000,359,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/03/23 08:56:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sally\Desktop\Copy of OTL.exe
[2014/03/16 12:51:31 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/16 12:45:57 | 000,002,318 | ---- | M] () -- C:\Documents and Settings\Sally\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/16 12:45:57 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Sally\Desktop\Google Chrome.lnk
[2014/03/14 22:38:10 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\Sally\Desktop\settings.dat
[2014/03/14 19:19:48 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8185 Wireless LAN Utility.lnk
[2014/03/14 19:13:06 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Sally\Desktop\Startup Inspector for Windows.lnk

========== Files Created - No Company Name ==========

[2014/03/26 15:22:43 | 2137,149,440 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/24 23:39:27 | 003,825,540 | ---- | C] () -- C:\Documents and Settings\Sally\Desktop\reg009-OTL does not like.reg
[2014/03/23 19:23:54 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\Sally\Desktop\VirusTotal Uploader 2.2.lnk
[2014/03/23 17:26:02 | 000,118,562 | ---- | C] () -- C:\Documents and Settings\Sally\Desktop\OTL hangs.JPG
[2014/03/16 12:36:14 | 000,000,222 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/03/16 12:36:13 | 000,000,216 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/14 22:35:50 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Sally\Desktop\settings.dat
[2014/03/14 19:13:06 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Sally\Desktop\Startup Inspector for Windows.lnk
[2014/01/03 23:19:34 | 000,332,274 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/11/16 00:50:00 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2013/10/30 13:07:00 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2013/10/30 13:06:54 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013/10/30 13:06:54 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013/10/30 13:06:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013/10/30 13:06:54 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010/06/02 20:45:46 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Sally\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/11 11:52:07 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/20 20:14:14 | 000,000,108 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

========== ZeroAccess Check ==========

[2004/08/10 14:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/03/01 11:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2008/12/28 00:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2008/12/28 02:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2011/10/23 18:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2014/03/26 15:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/05/12 16:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010/04/02 20:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BT Access Manager
[2010/04/02 20:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BT Common Client
[2013/04/07 18:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2006/05/20 20:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloanto
[2008/10/24 18:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2014/01/16 00:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/10/24 21:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone DEMO
[2014/01/03 23:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010/04/02 21:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Wireless
[2014/03/01 21:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2007/11/29 18:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/12/05 21:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2013/06/27 20:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2007/03/04 20:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2014/03/31 19:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/28 02:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2014/01/25 14:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2006/06/04 14:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAMAHA
[2013/01/18 16:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2008/09/14 10:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/04/02 21:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/06/09 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\1ClickDVDCopy
[2007/03/09 12:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Audacity
[2006/04/02 22:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\BAMZOOKi
[2006/06/09 23:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\CopyToDvd
[2006/01/18 20:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leadertech
[2008/12/27 10:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\MSNInstaller
[2007/03/09 12:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\NCH Swift Sound
[2009/12/05 21:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Teleca
[2006/01/19 18:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Template
[2010/11/28 10:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\TomTom
[2007/03/15 20:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\tunebite
[2007/03/11 11:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Ulead Systems
[2009/11/18 22:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Vso
[2012/09/02 13:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\wsInspector
[2008/12/18 20:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2006/03/01 19:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\Bamzooki
[2010/04/02 21:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\BT Access Manager
[2010/10/21 20:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\DVDVideoSoftIEHelpers
[2007/08/17 16:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\IMVU
[2012/03/18 23:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\IObit
[2009/12/05 21:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\Teleca
[2008/12/26 23:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\Vso
[2006/01/21 14:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\WebRenderer
[2006/08/02 17:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lucy\Application Data\YAMAHA
[2008/08/21 01:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SACore
[2007/08/19 16:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\IMVU
[2012/05/01 19:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\IObit
[2007/07/05 16:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\Template
[2007/08/26 11:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\Ulead Systems
[2008/09/14 14:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\WebRenderer
[2007/12/26 23:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\wsInspector
[2006/06/04 14:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rachael\Application Data\YAMAHA
[2011/09/11 14:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Acronis
[2013/07/30 19:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\coupons
[2014/01/15 23:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\ElevatedDiagnostics
[2014/03/27 20:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\FixZeroAccess
[2014/03/14 18:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\IObit
[2008/07/14 23:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Kio
[2013/03/11 21:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Leadertech
[2014/02/02 23:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Mael
[2013/08/15 13:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\NCH Swift Sound
[2011/10/23 17:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Opera
[2014/03/01 10:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Opera Software
[2012/05/31 19:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Oracle
[2014/01/03 23:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Samsung
[2009/12/07 15:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Teleca
[2007/12/21 19:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Viewpoint
[2012/11/01 21:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Windows Live Writer
[2014/03/14 19:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\wsInspector

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Sally\Desktop\Copy of OTL.exe:SummaryInformation
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Sally\My Documents\My Received Files:Roxio EMC Stream

< End of report >

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Sally (administrator) on D591F02J on 31-03-2014 22:16:55
Running from C:\Documents and Settings\Sally\My Documents\2014 Gary\farbar
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtWLan.exe
(Google Inc.) C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)
HKU\S-1-5-21-3753000303-1846566046-2363456648-1009\...\Run: [H/PC Connection Agent] - "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8185 Wireless LAN Utility.lnk
ShortcutTarget: REALTEK RTL8185 Wireless LAN Utility.lnk -> C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...ferrer:source?}
SearchScopes: HKCU - {4EAD5559-381D-478B-8E93-79727B5389BD} URL = http://uk.search.yah...p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {01113300-3E00-11D2-8470-0060089874ED} http://pccheckup.del...oad/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.euro...iler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.micr...N-US/msorun.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: AutorunsDisabled\mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - No File
Handler: AutorunsDisabled\ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: AutorunsDisabled\mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
Handler: AutorunsDisabled\mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
Handler: AutorunsDisabled\wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Filter: AutorunsDisabled - No CLSID Value - No File
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Sally\Application Data\Mozilla\Firefox\Profiles\e5edr1zn.default
FF SearchEngineOrder.1: Secure Search
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npunagi2.dll (America Online, Inc.)
FF SearchPlugin: C:\Documents and Settings\Sally\Application Data\Mozilla\Firefox\Profiles\e5edr1zn.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Documents and Settings\Sally\Application Data\Mozilla\Firefox\Profiles\e5edr1zn.default\searchplugins\siteadvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Microsoft Choice Guard - C:\Documents and Settings\Sally\Application Data\Mozilla\Firefox\Profiles\e5edr1zn.default\Extensions\ChoiceGuard@Microsoft [2012-10-31]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Sally\Application Data\Mozilla\Firefox\Profiles\e5edr1zn.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-04-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-20]

Chrome:
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (RealDownloader) - C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-21]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Lucy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S4 AirPrint; C:\Program Files\AirPrint\airprint.exe [234784 2010-10-07] (Apple Inc.)
S4 BT Common Client; C:\Program Files\BT Common Client\btomosrv.exe [61440 2007-07-03] (British Telecommunications Plc.)
S4 GEARSecurity; C:\WINDOWS\System32\GEARSEC.EXE [49152 2002-09-02] (GEAR Software)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53248 2001-05-01] (Microsoft Corporation)
S4 Roxio UPnP Renderer 9; No ImagePath
S4 Roxio Upnp Server 9; No ImagePath
S2 RoxLiveShare9; No ImagePath
S4 stllssvr; No ImagePath

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S4 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2011-06-28] (Cisco Systems, Inc.)
S4 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2005-04-07] ()
S4 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [20480 2005-05-31] (IVT Corporation)
S4 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [10804 2005-04-30] (IVT Corporation)
S4 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [23000 2005-05-31] (IVT Corporation)
S4 BTHidEnum; C:\WINDOWS\System32\DRIVERS\vbtenum.sys [11860 2005-04-30] ()
S4 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [28271 2005-04-30] (IVT Corporation)
S4 BTNetFilter; C:\WINDOWS\system32\drivers\BTNetFilter.sys [13304 2004-12-16] ()
S4 BTWSp50; C:\WINDOWS\System32\Drivers\BTWSp50.sys [24560 2007-04-20] (Printing Communications Assoc., Inc. (PCAUSA))
R1 c2scsi; C:\WINDOWS\system32\Drivers\c2scsi.sys [241664 2006-03-04] (Sonic Solutions)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [2432 2006-07-24] (Sonic Solutions)
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [2560 2006-07-24] (Sonic Solutions)
S3 DCamUSBSQTECH; C:\WINDOWS\System32\Drivers\SQcaptur.sys [30921 2003-01-10] (Service & Quality Technology.)
R3 dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [18816 2008-12-27] (RIF)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] ()
S3 K320bus; C:\WINDOWS\System32\DRIVERS\K320bus.sys [61504 2006-08-18] (MCCI)
S3 K320mdfl; C:\WINDOWS\System32\DRIVERS\K320mdfl.sys [9328 2006-08-18] (MCCI)
S3 K320mdm; C:\WINDOWS\System32\DRIVERS\K320mdm.sys [97056 2006-08-18] (MCCI)
S3 K320mgmt; C:\WINDOWS\System32\DRIVERS\K320mgmt.sys [88560 2006-08-18] (MCCI)
S3 K320obex; C:\WINDOWS\System32\DRIVERS\K320obex.sys [86368 2006-08-18] (MCCI)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
S3 QCDonner; C:\WINDOWS\System32\DRIVERS\LVCD.sys [39936 2002-06-10] (Logitech Inc.)
R3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [451968 2007-10-02] (Ralink Technology, Corp.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 rtl8185; C:\WINDOWS\System32\DRIVERS\rtl8185.sys [823936 2012-12-02] (Realtek Semiconductor Corporation )
S3 s1018obex; C:\WINDOWS\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [14776 2013-05-22] ()
S3 SoC PC-Camera Service; C:\WINDOWS\System32\DRIVERS\pfc027.sys [123276 2003-12-08] ()
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
S3 tbhsd; C:\WINDOWS\System32\drivers\tbhsd.sys [16640 2006-09-18] (RapidSolution Software AG)
R3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [61312 2004-10-19] (IVT Corporation)
R3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [82148 2005-03-25] (IVT Corporation)
R0 vidsflt58; C:\WINDOWS\System32\DRIVERS\vsflt58.sys [84512 2011-09-11] (Acronis)
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31744 2005-06-14] (Microsoft Corporation)
S4 adfs; No ImagePath
S4 BCM43XX; system32\DRIVERS\bcmwl5.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 CDRPDACC; \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS [X]
S3 GenericMount; system32\DRIVERS\GenericMount.sys [X]
S3 scfint; system32\DRIVERS\scfint.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S0 sptd; System32\Drivers\sptd.sys [X]
U3 TlntSvr;
U2 V2iMount;
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-31 22:16 - 2014-03-31 22:16 - 00000000 ____D () C:\FRST
2014-03-31 20:16 - 2014-03-31 20:16 - 00022794 _____ () C:\Documents and Settings\Sally\Desktop\03312014_200957.log
2014-03-27 20:35 - 2014-03-27 20:35 - 00000000 ____D () C:\Documents and Settings\Sally\Application Data\FixZeroAccess
2014-03-26 22:03 - 2014-03-26 22:03 - 00147456 _____ () C:\Documents and Settings\Rachael\Desktop\catchme.exe
2014-03-26 22:03 - 2014-03-26 22:03 - 00000091 _____ () C:\Documents and Settings\Rachael\Desktop\catchme.log
2014-03-26 21:46 - 2014-03-26 21:46 - 00000000 ____D () C:\Documents and Settings\Rachael\Doctor Web
2014-03-26 21:41 - 2014-03-26 21:46 - 145443264 _____ () C:\Documents and Settings\Rachael\Desktop\fx9c36qj.exe
2014-03-26 21:03 - 2014-03-26 21:03 - 00001855 _____ () C:\Documents and Settings\Rachael\Desktop\aswMBR.txt
2014-03-26 21:03 - 2014-03-26 21:03 - 00000512 _____ () C:\Documents and Settings\Rachael\Desktop\MBR.dat
2014-03-26 21:01 - 2014-03-26 21:01 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Rachael\Desktop\aswmbr.exe
2014-03-26 20:54 - 2014-03-26 20:54 - 00104762 _____ () C:\Documents and Settings\Rachael\Desktop\OTL.Txt
2014-03-26 20:54 - 2014-03-26 20:54 - 00053282 _____ () C:\Documents and Settings\Rachael\Desktop\Extras.Txt
2014-03-26 15:50 - 2014-03-26 15:50 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Rachael\Desktop\OTL.exe
2014-03-26 15:47 - 2014-03-26 15:47 - 00000000 __SHD () C:\Documents and Settings\Rachael\IECompatCache
2014-03-26 15:47 - 2014-03-26 15:47 - 00000000 ____D () C:\Documents and Settings\Rachael\Application Data\RealNetworks
2014-03-26 15:45 - 2014-03-26 15:46 - 00000643 _____ () C:\WINDOWS\wmsetup.log
2014-03-24 23:39 - 2014-03-24 23:39 - 03825540 _____ () C:\Documents and Settings\Sally\Desktop\reg009-OTL does not like.reg
2014-03-24 22:39 - 2014-03-31 20:08 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Sally\Desktop\OTL.exe
2014-03-24 01:05 - 2014-03-26 15:34 - 00007128 _____ () C:\WINDOWS\setupapi.log
2014-03-24 00:38 - 2014-03-24 00:38 - 00020631 _____ () C:\ComboFix.txt
2014-03-23 23:42 - 2014-03-24 22:33 - 00000000 ____D () C:\Qoobox
2014-03-23 22:36 - 2014-03-23 22:36 - 00117752 _____ () C:\Documents and Settings\Administrator\My Documents\OTL1.Txt
2014-03-23 22:36 - 2014-03-23 22:36 - 00050778 _____ () C:\Documents and Settings\Administrator\My Documents\Extras1.Txt
2014-03-23 22:32 - 2014-03-23 09:08 - 00000634 _____ () C:\Documents and Settings\Administrator\Desktop\otlscript.txt
2014-03-23 22:28 - 2014-03-23 22:28 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\TFC.exe
2014-03-23 22:27 - 2014-03-23 22:27 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
2014-03-23 22:26 - 2014-03-23 22:26 - 00000000 __SHD () C:\Documents and Settings\Administrator\IECompatCache
2014-03-23 22:26 - 2014-03-23 22:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-03-23 19:23 - 2014-03-23 19:23 - 00001754 _____ () C:\Documents and Settings\Sally\Desktop\VirusTotal Uploader 2.2.lnk
2014-03-23 19:23 - 2014-03-23 19:23 - 00000000 ____D () C:\Program Files\VirusTotalUploader2
2014-03-23 19:23 - 2014-03-23 19:23 - 00000000 ____D () C:\Documents and Settings\Sally\Start Menu\Programs\VirusTotal Uploader 2.2
2014-03-23 15:49 - 2014-03-23 15:49 - 00000000 ____D () C:\_OTL
2014-03-23 09:04 - 2014-03-23 08:56 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Sally\Desktop\Copy of OTL.exe
2014-03-22 15:17 - 2014-03-22 15:17 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-03-22 15:17 - 2014-03-22 15:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-03-16 12:36 - 2014-03-31 20:11 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-16 12:36 - 2014-03-16 12:51 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-16 02:37 - 2014-03-16 02:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-16 02:04 - 2014-02-26 02:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-16 02:04 - 2014-02-26 02:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-16 01:44 - 2014-03-24 00:09 - 00000728 _____ () C:\Documents and Settings\Administrator\Desktop\catchme.log
2014-03-16 01:44 - 2014-03-16 01:35 - 00147456 _____ () C:\Documents and Settings\Administrator\Desktop\catchme.exe
2014-03-16 01:42 - 2014-03-16 01:42 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-03-16 01:17 - 2014-03-16 01:17 - 00147456 _____ () C:\Documents and Settings\Gary\Desktop\catchme.exe
2014-03-16 01:15 - 2014-03-16 01:15 - 00000000 ____D () C:\Documents and Settings\Gary\Application Data\RealNetworks
2014-03-15 00:38 - 2014-03-26 15:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-03-15 00:17 - 2014-03-16 01:22 - 00000455 _____ () C:\Documents and Settings\Gary\Desktop\catchme.log
2014-03-14 22:56 - 2014-03-14 22:56 - 00060016 _____ () C:\RootRepeal report 03-14-14 (21-56-02).txt
2014-03-14 22:35 - 2014-03-14 22:38 - 00000015 _____ () C:\Documents and Settings\Sally\Desktop\settings.dat
2014-03-14 19:15 - 2014-03-14 19:19 - 00000000 ____D () C:\Documents and Settings\Sally\Application Data\wsInspector
2014-03-14 19:13 - 2014-03-14 19:13 - 00000766 _____ () C:\Documents and Settings\Sally\Desktop\Startup Inspector for Windows.lnk
2014-03-14 19:13 - 2014-03-14 19:13 - 00000000 ____D () C:\Documents and Settings\Sally\My Documents\wsInspector
2014-03-14 17:48 - 2014-03-14 17:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-14 17:44 - 2014-03-14 17:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-01 21:48 - 2014-03-01 21:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SlySoft
2014-03-01 15:22 - 2014-03-01 15:22 - 00000782 _____ () C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
2014-03-01 15:21 - 2014-03-01 15:21 - 00000000 ____D () C:\Program Files\SlySoft
2014-03-01 15:21 - 2014-03-01 15:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SlySoft
2014-03-01 12:15 - 2014-03-01 12:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-03-01 12:14 - 2014-03-01 12:15 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-01 11:54 - 2014-03-01 11:54 - 00001558 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-03-01 11:54 - 2014-03-01 11:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-03-01 11:51 - 2014-03-01 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-01 11:21 - 2014-03-01 11:21 - 00000000 ____D () C:\Documents and Settings\Sally\Local Settings\Application Data\Skype
2014-03-01 10:33 - 2014-03-01 10:33 - 00000000 ____D () C:\Documents and Settings\Sally\Local Settings\Application Data\Opera Software
2014-03-01 10:33 - 2014-03-01 10:33 - 00000000 ____D () C:\Documents and Settings\Sally\Application Data\Opera Software

==================== One Month Modified Files and Folders =======

2014-03-31 22:17 - 2010-08-19 17:30 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{590D0C85-5D8A-458F-87E7-F9EFAE2F358A}.job
2014-03-31 22:16 - 2014-03-31 22:16 - 00000000 ____D () C:\FRST
2014-03-31 22:16 - 2009-10-27 00:28 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{4D5D3230-4EAE-493D-918D-BECD68FA5DAC}.job
2014-03-31 22:15 - 2014-01-19 15:27 - 00000000 ____D () C:\Documents and Settings\Sally\My Documents\2014 Gary
2014-03-31 22:15 - 2012-04-13 21:17 - 00000426 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{F753D7C8-3562-4E8D-A57C-7C8027CB7A0C}.job
2014-03-31 22:14 - 2009-12-28 22:44 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{33F4E96D-A646-4D58-829B-31D1A666AAE9}.job
2014-03-31 21:59 - 2012-09-22 15:27 - 00032186 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-31 20:23 - 2011-06-28 17:57 - 00000000 _____ () C:\WINDOWS\RTacDbg.txt
2014-03-31 20:16 - 2014-03-31 20:16 - 00022794 _____ () C:\Documents and Settings\Sally\Desktop\03312014_200957.log
2014-03-31 20:12 - 2009-10-25 00:37 - 01263843 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-31 20:11 - 2014-03-16 12:36 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-31 20:11 - 2009-10-25 00:38 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-31 20:11 - 2009-10-25 00:38 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-31 20:11 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-31 20:11 - 2004-08-10 13:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-31 20:10 - 2005-12-25 11:57 - 00000278 ___SH () C:\Documents and Settings\Sally\ntuser.ini
2014-03-31 20:08 - 2014-03-24 22:39 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Sally\Desktop\OTL.exe
2014-03-31 20:00 - 2004-08-10 14:02 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-03-31 19:50 - 2007-09-11 17:07 - 00106560 _____ () C:\Documents and Settings\Sally\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-31 19:36 - 2005-12-21 03:24 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-03-31 19:35 - 2005-12-21 03:24 - 00000000 ____D () C:\Program Files\Java
2014-03-31 19:31 - 2004-08-10 13:57 - 00610056 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-31 19:30 - 2005-12-21 03:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Viewpoint
2014-03-28 10:20 - 2004-08-10 13:51 - 00000895 _____ () C:\WINDOWS\win.ini
2014-03-27 20:35 - 2014-03-27 20:35 - 00000000 ____D () C:\Documents and Settings\Sally\Application Data\FixZeroAccess
2014-03-26 22:19 - 2007-08-10 10:54 - 00000000 ____D () C:\Program Files\Microsoft ActiveSync
2014-03-26 22:18 - 2005-12-25 08:42 - 00000178 ___SH () C:\Documents and Settings\Rachael\ntuser.ini
2014-03-26 22:17 - 2004-08-10 13:52 - 00000000 ____D () C:\WINDOWS\Help
2014-03-26 22:08 - 2014-01-19 14:52 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-26 22:08 - 2013-11-16 00:51 - 00000280 _____ () C:\WINDOWS\Tasks\SmartDefrag_Startup.job
2014-03-26 22:08 - 2013-11-16 00:51 - 00000278 _____ () C:\WINDOWS\Tasks\SmartDefragUpdate.job
2014-03-26 22:08 - 2013-02-19 18:52 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-26 22:08 - 2013-02-19 18:52 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-26 22:08 - 2012-12-28 22:36 - 00000282 _____ () C:\WINDOWS\Tasks\SmartDefrag_Schedule.job
2014-03-26 22:08 - 2012-09-09 17:16 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1009UA.job
2014-03-26 22:08 - 2012-09-09 17:16 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1009Core.job
2014-03-26 22:08 - 2011-11-14 17:21 - 00000284 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3753000303-1846566046-2363456648-1008.job
2014-03-26 22:08 - 2011-11-14 17:21 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3753000303-1846566046-2363456648-1008.job
2014-03-26 22:08 - 2011-11-11 20:54 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3753000303-1846566046-2363456648-1009.job
2014-03-26 22:08 - 2011-11-11 20:54 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3753000303-1846566046-2363456648-1009.job
2014-03-26 22:08 - 2011-08-16 17:03 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-26 22:08 - 2010-09-08 19:01 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1008UA.job
2014-03-26 22:08 - 2010-09-08 19:01 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1008Core.job
2014-03-26 22:03 - 2014-03-26 22:03 - 00147456 _____ () C:\Documents and Settings\Rachael\Desktop\catchme.exe
2014-03-26 22:03 - 2014-03-26 22:03 - 00000091 _____ () C:\Documents and Settings\Rachael\Desktop\catchme.log
2014-03-26 21:46 - 2014-03-26 21:46 - 00000000 ____D () C:\Documents and Settings\Rachael\Doctor Web
2014-03-26 21:46 - 2014-03-26 21:41 - 145443264 _____ () C:\Documents and Settings\Rachael\Desktop\fx9c36qj.exe
2014-03-26 21:46 - 2005-12-25 08:42 - 00000000 ____D () C:\Documents and Settings\Rachael
2014-03-26 21:03 - 2014-03-26 21:03 - 00001855 _____ () C:\Documents and Settings\Rachael\Desktop\aswMBR.txt
2014-03-26 21:03 - 2014-03-26 21:03 - 00000512 _____ () C:\Documents and Settings\Rachael\Desktop\MBR.dat
2014-03-26 21:01 - 2014-03-26 21:01 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Rachael\Desktop\aswmbr.exe
2014-03-26 20:54 - 2014-03-26 20:54 - 00104762 _____ () C:\Documents and Settings\Rachael\Desktop\OTL.Txt
2014-03-26 20:54 - 2014-03-26 20:54 - 00053282 _____ () C:\Documents and Settings\Rachael\Desktop\Extras.Txt
2014-03-26 15:50 - 2014-03-26 15:50 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Rachael\Desktop\OTL.exe
2014-03-26 15:47 - 2014-03-26 15:47 - 00000000 __SHD () C:\Documents and Settings\Rachael\IECompatCache
2014-03-26 15:47 - 2014-03-26 15:47 - 00000000 ____D () C:\Documents and Settings\Rachael\Application Data\RealNetworks
2014-03-26 15:46 - 2014-03-26 15:45 - 00000643 _____ () C:\WINDOWS\wmsetup.log
2014-03-26 15:46 - 2005-12-25 08:42 - 00000804 _____ () C:\Documents and Settings\Rachael\Start Menu\Programs\Windows Media Player.lnk
2014-03-26 15:45 - 2014-03-15 00:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-03-26 15:34 - 2014-03-24 01:05 - 00007128 _____ () C:\WINDOWS\setupapi.log
2014-03-24 23:39 - 2014-03-24 23:39 - 03825540 _____ () C:\Documents and Settings\Sally\Desktop\reg009-OTL does not like.reg
2014-03-24 22:33 - 2014-03-23 23:42 - 00000000 ____D () C:\Qoobox
2014-03-24 22:33 - 2009-10-24 23:56 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-03-24 20:44 - 2004-08-10 14:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-24 00:43 - 2004-08-10 14:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-24 00:42 - 2006-01-03 21:53 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-03-24 00:38 - 2014-03-24 00:38 - 00020631 _____ () C:\ComboFix.txt
2014-03-24 00:35 - 2004-08-10 13:51 - 00000255 _____ () C:\WINDOWS\system.ini
2014-03-24 00:09 - 2014-03-16 01:44 - 00000728 _____ () C:\Documents and Settings\Administrator\Desktop\catchme.log
2014-03-23 22:36 - 2014-03-23 22:36 - 00117752 _____ () C:\Documents and Settings\Administrator\My Documents\OTL1.Txt
2014-03-23 22:36 - 2014-03-23 22:36 - 00050778 _____ () C:\Documents and Settings\Administrator\My Documents\Extras1.Txt
2014-03-23 22:28 - 2014-03-23 22:28 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\TFC.exe
2014-03-23 22:27 - 2014-03-23 22:27 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
2014-03-23 22:26 - 2014-03-23 22:26 - 00000000 __SHD () C:\Documents and Settings\Administrator\IECompatCache
2014-03-23 22:26 - 2014-03-23 22:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-03-23 22:26 - 2006-01-03 21:53 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-03-23 19:45 - 2012-07-08 19:53 - 00000000 ____D () C:\Documents and Settings\Sally\My Documents\2012 Gary
2014-03-23 19:23 - 2014-03-23 19:23 - 00001754 _____ () C:\Documents and Settings\Sally\Desktop\VirusTotal Uploader 2.2.lnk
2014-03-23 19:23 - 2014-03-23 19:23 - 00000000 ____D () C:\Program Files\VirusTotalUploader2
2014-03-23 19:23 - 2014-03-23 19:23 - 00000000 ____D () C:\Documents and Settings\Sally\Start Menu\Programs\VirusTotal Uploader 2.2
2014-03-23 19:19 - 2009-11-08 09:10 - 00000000 ____D () C:\Documents and Settings\Sally\Tracing
2014-03-23 16:04 - 2006-05-27 20:26 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-23 15:49 - 2014-03-23 15:49 - 00000000 ____D () C:\_OTL
2014-03-23 15:44 - 2004-08-10 13:57 - 00359344 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-23 09:08 - 2014-03-23 22:32 - 00000634 _____ () C:\Documents and Settings\Administrator\Desktop\otlscript.txt
2014-03-23 08:56 - 2014-03-23 09:04 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Sally\Desktop\Copy of OTL.exe
2014-03-22 19:13 - 2011-10-23 17:35 - 00000000 ____D () C:\Program Files\Opera
2014-03-22 15:17 - 2014-03-22 15:17 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-03-22 15:17 - 2014-03-22 15:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-03-21 22:56 - 2005-12-25 11:57 - 00000000 ____D () C:\Documents and Settings\Sally
2014-03-19 22:30 - 2011-11-27 22:49 - 00000000 ____D () C:\Dell80GB_Master Paragon
2014-03-17 23:40 - 2013-08-05 12:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-17 23:32 - 2005-12-24 22:14 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-16 12:51 - 2014-03-16 12:36 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-16 12:45 - 2012-09-09 17:19 - 00002300 _____ () C:\Documents and Settings\Sally\Desktop\Google Chrome.lnk
2014-03-16 02:37 - 2014-03-16 02:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-16 01:42 - 2014-03-16 01:42 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-03-16 01:35 - 2014-03-16 01:44 - 00147456 _____ () C:\Documents and Settings\Administrator\Desktop\catchme.exe
2014-03-16 01:34 - 2005-12-24 16:00 - 00000178 ___SH () C:\Documents and Settings\Gary\ntuser.ini
2014-03-16 01:22 - 2014-03-15 00:17 - 00000455 _____ () C:\Documents and Settings\Gary\Desktop\catchme.log
2014-03-16 01:17 - 2014-03-16 01:17 - 00147456 _____ () C:\Documents and Settings\Gary\Desktop\catchme.exe
2014-03-16 01:15 - 2014-03-16 01:15 - 00000000 ____D () C:\Documents and Settings\Gary\Application Data\RealNetworks
2014-03-16 01:15 - 2005-12-24 16:00 - 00000804 _____ () C:\Documents and Settings\Gary\Start Menu\Programs\Windows Media Player.lnk
2014-03-15 13:05 - 2006-02-28 22:01 - 00000000 ____D () C:\Documents and Settings\Sally\Application Data\Adobe
2014-03-15 13:04 - 2010-06-04 10:37 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-03-15 13:03 - 2006-02-28 22:01 - 00000000 ____D () C:\Documents and Settings\Sally\Local Settings\Application Data\Adobe
2014-03-14 22:56 - 2014-03-14 22:56 - 00060016 _____ () C:\RootRepeal report 03-14-14 (21-56-02).txt
2014-03-14 22:38 - 2014-03-14 22:35 - 00000015 _____ () C:\Documents and Settings\Sally\Desktop\settings.dat
2014-03-14 19:55 - 2008-02-28 21:29 - 00000000 ____D () C:\Program Files\Windows Live
2014-03-14 19:54 - 2010-10-21 20:44 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-03-14 19:54 - 2010-10-21 20:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
2014-03-14 19:49 - 2013-03-31 11:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-03-14 19:19 - 2014-03-14 19:15 - 00000000 ____D () C:\Documents and Settings\Sally\Application Data\wsInspector
2014-03-14 19:13 - 2014-03-14 19:13 - 00000766 _____ () C:\Documents and Settings\Sally\Desktop\Startup Inspector for Windows.lnk
2014-03-14 19:13 - 2014-03-14 19:13 - 00000000 ____D () C:\Documents and Settings\Sally\My Documents\wsInspector
2014-03-14 19:13 - 2007-02-11 15:54 - 00000000 ____D () C:\Program Files\Startup Inspector for Windows
2014-03-14 19:13 - 2007-02-11 15:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Startup Inspector for Windows
2014-03-14 19:01 - 2013-03-31 11:14 - 00000000 ____D () C:\Documents and Settings\Sally\Application Data\Skype
2014-03-14 19:01 - 2004-08-10 14:01 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-03-14 18:24 - 2012-02-17 22:11 - 00000000 ____D () C:\Documents and Settings\Sally\Application Data\IObit
2014-03-14 18:04 - 2008-04-09 22:30 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 17:49 - 2009-10-26 23:55 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-14 17:48 - 2014-03-14 17:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-14 17:44 - 2014-03-14 17:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-14 17:42 - 2010-06-04 12:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-11 20:52 - 2014-01-19 14:52 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-11 20:52 - 2014-01-19 14:52 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-01 21:48 - 2014-03-01 21:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SlySoft
2014-03-01 15:37 - 2007-01-20 20:14 - 00000108 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
2014-03-01 15:22 - 2014-03-01 15:22 - 00000782 _____ () C:\Documents and Settings\All Users\Desktop\CloneCD.lnk
2014-03-01 15:21 - 2014-03-01 15:21 - 00000000 ____D () C:\Program Files\SlySoft
2014-03-01 15:21 - 2014-03-01 15:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SlySoft
2014-03-01 14:46 - 2006-12-18 16:37 - 00000000 ____D () C:\Documents and Settings\Sally\Local Settings\Application Data\Ahead
2014-03-01 14:35 - 2006-06-04 14:44 - 00000000 ____D () C:\Documents and Settings\Sally\Application Data\Real
2014-03-01 13:13 - 2013-02-24 00:36 - 00000000 ____D () C:\Documents and Settings\Sally\My Documents\2013
2014-03-01 12:50 - 2012-06-12 00:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-01 12:15 - 2014-03-01 12:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-03-01 12:15 - 2014-03-01 12:14 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-01 11:54 - 2014-03-01 11:54 - 00001558 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-03-01 11:54 - 2014-03-01 11:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-03-01 11:53 - 2014-03-01 11:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-01 11:53 - 2008-09-14 10:09 - 00000000 ____D () C:\Program Files\iTunes
2014-03-01 11:51 - 2008-09-14 10:09 - 00000000 ____D () C:\Program Files\iPod
2014-03-01 11:35 - 2007-12-26 20:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple
2014-03-01 11:21 - 2014-03-01 11:21 - 00000000 ____D () C:\Documents and Settings\Sally\Local Settings\Application Data\Skype
2014-03-01 11:06 - 2005-12-21 03:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-01 10:44 - 2012-04-02 16:26 - 00000746 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-03-01 10:44 - 2005-12-21 03:33 - 00000740 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-03-01 10:33 - 2014-03-01 10:33 - 00000000 ____D () C:\Documents and Settings\Sally\Local Settings\Application Data\Opera Software
2014-03-01 10:33 - 2014-03-01 10:33 - 00000000 ____D () C:\Documents and Settings\Sally\Application Data\Opera Software

Some content of TEMP:
====================
C:\Documents and Settings\Rachael\Local Settings\temp\catchme.dll
C:\Documents and Settings\Sally\Local Settings\temp\catchme.dll
C:\Documents and Settings\Sally\Local Settings\temp\vmpremov.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Sally at 2014-03-31 22:18:00
Running from C:\Documents and Settings\Sally\My Documents\2014 Gary\farbar
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARTEuro (HKLM\...\{1D3C662A-F6C6-4767-A788-7AA43A9A1317}) (Version: 1.00.0000 - Dell)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Belarc Advisor 7.2 (HKLM\...\Belarc Advisor 2.0) (Version: - )
BlueSoleil (HKLM\...\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}) (Version: - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BT Access Manager (HKLM\...\{6F0A34C6-D0F5-4163-B9FF-0839849238F3}) (Version: 81.0.0 - British Telecommunications Plc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
Cloanto MenuBox (HKLM\...\{192E534C-3761-4CF6-A193-62F8A9A1D5F9}) (Version: 3.2.0 - Cloanto)
CloneCD (HKLM\...\CloneCD) (Version: - SlySoft)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer (HKLM\...\Coupon Printer2.2.0.1) (Version: 2.2.0.1 - Coupons.com Inc.) <==== ATTENTION
Data Lifeguard Diagnostic for Windows 1.24 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
dBpoweramp Windows Media Audio 10 Codec (HKLM\...\dBpoweramp Windows Media Audio 10 Codec) (Version: - )
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Direct Show Ogg Vorbis Filter (remove only) (HKLM\...\OggDS) (Version: - )
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
DivX Content Uploader (HKLM\...\{D050D7362D214723AD585B541FFB6C11}) (Version: 1.2.1 - DivX, Inc.)
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.3.1 - DivX,Inc.)
DMX Update (HKLM\...\{BE8913B7-B2C4-48BE-8A26-84390FF4F231}) (Version: - )
Download Accelerator Plus (DAP) (HKLM\...\Download Accelerator Plus (DAP)) (Version: 8555 (Build 292) - Speedbit Ltd.)
Driver Genius Professional Edition 2006 6.2.1525 (HKLM\...\Driver Genius Professional Edition 2006_is1) (Version: - Driver-Soft Inc.)
DriverGuide DriverScan (HKLM\...\DriverGuide DriverScan) (Version: 0.0.41 - )
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version: - )
DVD X Maker (HKLM\...\{79AD0F42-5C08-4A01-9EBF-2A1F78FC4C7E}) (Version: 2.1 - 321 Studios, Inc.)
DVD43 v4.4.0 (HKLM\...\DVD43_is1) (Version: - )
Eye Candy 4000 (HKLM\...\Eye Candy 4000) (Version: - )
Free Audio CD Burner version 1.4 (HKLM\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Free YouTube to MP3 Converter version 3.9 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Limited.)
GearDrivers (HKLM\...\GearDrivers) (Version: - )
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (HKLM\...\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}) (Version: 1.1.1905.1 - Microsoft Corporation)
hp deskjet 6122 (HKLM\...\{E1F4FB82-3EA6-46B6-A18A-9B3A62DA393E}) (Version: 1.01.0000 - Hewlett-Packard)
hp deskjet 990c series (HKLM\...\hp deskjet 990c series_Driver) (Version: - )
HP USB Disk Storage Format Tool (HKLM\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
HTML Slideshow Powertoy for Windows XP (HKLM\...\{4E475FD4-4513-4B1D-8DDA-43912B068C99}) (Version: 1.0.2.0 - Microsoft Corporation)
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Internet Explorer Default Page (Version: 1.00.03 - Dell Inc.) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KaraFun 1.01b (HKLM\...\KaraFun_is1) (Version: - )
Kids Tables and Time (HKLM\...\Kids Tables and Time) (Version: - )
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - )
Logitech IM Video Companion (HKLM\...\{984F10FD-11FD-4BED-8163-92DB81E6A825}) (Version: 1.0.1.1184 - Logitech)
Logitech ImageStudio (HKLM\...\{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}) (Version: 7.20.0000 - Logitech, Inc.)
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Map Button (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Match-Up! (HKLM\...\{439800C9-FD42-4EA3-94D2-063DF0926873}) (Version: 1.0.0 - Microsoft)
MCU (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Image Composer 1.5 (HKLM\...\Image Composer) (Version: - )
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 3.0.127.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version: - )
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Word 97 (HKLM\...\Word8.0) (Version: - )
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)
Mixer (HKLM\...\MIXERLITE) (Version: - )
Mozilla Firefox 27.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 27.0 (x86 en-GB)) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0 - Mozilla)
MP3 Player Utilities 4.11 (HKLM\...\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}) (Version: 4.11 - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
My DSC (HKLM\...\{225AF9A1-B556-88D5-94AA-0010B5426419}) (Version: - )
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Nero 7 Ultra Edition (HKLM\...\{29CBFC23-05A7-4286-93B8-BABE29BC1033}) (Version: 7.03.0637 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
OneCare Advisor (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
Opera Stable 19.0.1326.63 (HKCU\...\Opera 19.0.1326.63) (Version: 19.0.1326.63 - Opera Software ASA)
PC Camera (HKLM\...\InstallShield_{5383D15F-68A1-4F67-A73E-E6F94949BFEE}) (Version: 0.1.1.9 - PC Camera)
PC Camera (Version: 0.1.1.9 - PC Camera) Hidden
PE Builder 3.1.10a (HKLM\...\PE Builder_is1) (Version: - Bart Lagerweij)
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
Pippa Funnell (HKLM\...\{EF5A6DD8-4A03-4BDD-A7C3-5CA2FF02DCFA}) (Version: 1.00.000 - )
PowerDVD 5.9 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
REALTEK RTL8185 Wireless LAN Software (HKLM\...\{EF72E0A5-57E8-471F-837E-82BB19771363}) (Version: 1.00.0145 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.0.43 - Samsung)
Samsung USB Driver (HKLM\...\{86D6A20D-3910-4441-A3E5-EB6977251C86}) (Version: 1.0 - Samsung Techwin)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.0 - Seagate Technology)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - ) Hidden
Shopping Centre Tycoon (HKLM\...\Shopping Centre Tycoon) (Version: 1.00 - Deep Silver)
SightSpeed (remove only) (HKLM\...\SightSpeed) (Version: 5.0 (5018) - SightSpeed Inc.)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4600.0 - SigmaTel)
Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.9 - IObit)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Sonic Audio module (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic Copy Module (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0.1 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0.1 - Sonic Solutions)
Sony Ericsson PC Suite (HKLM\...\{5F0FC860-ADE1-4B2D-B0A9-CB9FB17C46E8}) (Version: 1.30.52 - Sony Ericsson)
Sony Ericsson Update Service (HKLM\...\Update Service) (Version: 2.11.7.13 - Sony Ericsson Mobile Communications AB)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Super DVD Ripper (remove only) (HKLM\...\x2VCD) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tabbed Browsing (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
TextAloud MP3 (HKLM\...\TextAloud MP3_is1) (Version: - )
The Sims 2 (HKLM\...\{8AB8D458-939E-403F-0097-9BA1C1F013D5}) (Version: - )
The Sims 2 Glamour Life Stuff (HKLM\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version: - )
The Sims 2 Nightlife (HKLM\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version: - )
The Sims 2 Open For Business (HKLM\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version: - )
The Sims 2 Pets (HKLM\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version: - )
The Sims 2 University (HKLM\...\{01521746-02A6-4A72-00BD-A285DF6B80C6}) (Version: - )
The Sims 2 Bon Voyage (HKLM\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version: - Electronic Arts)
The Sims 2 H&M® Fashion Stuff (HKLM\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version: - )
The Sims 2 Seasons (HKLM\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version: - )
Theme Hospital (HKLM\...\Hospital) (Version: - )
Theme Park World (HKLM\...\Theme Park World) (Version: - )
TomTom HOME 2.7.6.2056 (HKLM\...\TomTom HOME) (Version: 2.7.6.2056 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Ulead MediaStudio Pro 7.0 Video Edition (HKLM\...\{4D701F5D-F149-4FAC-AAA2-A36C088C5FE3}) (Version: 7.0 - Ulead Systems, Inc.)
Ulead Photo Express 4.0 SE (HKLM\...\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}) (Version: - )
Uninstall Startup Inspector (HKLM\...\{DE114695-AE58-4B66-8E0F-2505188602FB}_is1) (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Windows (KB971513) (HKLM\...\KB971513) (Version: - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2362765) (HKLM\...\KB2362765-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB975364) (HKLM\...\KB975364-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980302) (HKLM\...\KB980302-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
V3780s User's Manual (HKLM\...\V3780s User's Manual) (Version: - )
VirusTotal Uploader 2.2 (HKLM\...\VTUploader) (Version: - )
WavePad Uninstall (HKLM\...\WavePad) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0017.0 - Microsoft Corporation)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Outlook Toolbar (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Windows Live Toolbar Feed Detector (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Connect (Version: - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Format 9 Series SDK (HKLM\...\{EEE0F0A7-6B7D-4D1E-9498-43D9D012DDF7}) (Version: 9.0.0.2980 - Microsoft Corporation)
Windows Media Format SDK Hotfix - KB891122 (Version: - Microsoft Corporation) Hidden
Windows Media Player 10 Hotfix - KB888656 (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinHex (HKLM\...\WinHex) (Version: - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip (HKLM\...\WinZip) (Version: 9.0 (6028) - WinZip Computing, Inc.)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
XviD MPEG-4 Video Codec (HKLM\...\xvid) (Version: - XviD Development Team)
YBS Account Aggregation (HKLM\...\{CC8A563E-7D2D-4589-B628-4379F1E8D4E1}) (Version: 1.0.197 - YBS)
Zoo Tycoon: Complete Collection (HKLM\...\Zoo Tycoon 1.0) (Version: - )

==================== Restore Points =========================

31-03-2014 19:00:18 System Checkpoint
31-03-2014 19:20:46 OTL Restore Point - 31/03/2014 20:20:36

==================== Hosts content: ==========================

2004-08-10 13:51 - 2014-03-24 00:34 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1008Core.job => C:\Documents and Settings\Lucy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1008UA.job => C:\Documents and Settings\Lucy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1009Core.job => C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3753000303-1846566046-2363456648-1009UA.job => C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3753000303-1846566046-2363456648-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3753000303-1846566046-2363456648-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3753000303-1846566046-2363456648-1008.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3753000303-1846566046-2363456648-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\SmartDefragUpdate.job => C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe
Task: C:\WINDOWS\Tasks\SmartDefrag_Schedule.job => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
Task: C:\WINDOWS\Tasks\SmartDefrag_Startup.job => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{33F4E96D-A646-4D58-829B-31D1A666AAE9}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{4D5D3230-4EAE-493D-918D-BECD68FA5DAC}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{590D0C85-5D8A-458F-87E7-F9EFAE2F358A}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F753D7C8-3562-4E8D-A57C-7C8027CB7A0C}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-12-02 13:55 - 2009-12-09 22:20 - 00126976 _____ () C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\EnumDevLib.dll
2012-12-02 13:55 - 2007-07-12 12:11 - 01163264 _____ () C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\acAuth.dll
2014-03-16 12:45 - 2014-03-15 01:50 - 00051016 _____ () C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-16 12:45 - 2014-03-15 01:50 - 04061000 _____ () C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-16 12:45 - 2014-03-15 01:50 - 00394568 _____ () C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-16 12:45 - 2014-03-15 01:50 - 01647432 _____ () C:\Documents and Settings\Sally\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\Administrator\Desktop\catchme.exe:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Administrator\Desktop\catchme.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\Gary\My Documents\Nero6 OEM Serial for Dell PC.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Gary\My Documents\Roxio Trial Serial.jpg:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Lucy\My Documents\EA Games:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Rachael\My Documents\EA Games:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Sally\Desktop\Copy of OTL.exe:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\Sally\Desktop\Copy of OTL.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\Sally\My Documents\My Received Files:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Bluetooth HID Manager
Description: Bluetooth HID Manager
Class Guid: {D76B962B-F0B8-41F2-8590-6605FE4EA312}
Manufacturer: IVT Corporation
Service: BTHidMgr
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Bluetooth HID Enum Device
Description: Bluetooth HID Enum Device
Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Manufacturer: IVT Corporation
Service: BTHidEnum
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Bluetooth AV/HS Audio
Description: Bluetooth AV/HS Audio
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: IVT Corporation.
Service: BlueletAudio
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Bluetooth PAN Network Adapter
Description: Bluetooth PAN Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: IVT Corporation
Service: BT
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/26/2014 03:31:29 PM) (Source: PerfNet) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (03/24/2014 00:46:27 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x715b9e59.
Processing media-specific event for [explorer.exe!ws!]

Error: (03/24/2014 00:25:52 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (03/24/2014 00:25:52 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (03/24/2014 00:25:52 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: A connection with the server could not be established

Error: (03/24/2014 00:25:48 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: A connection with the server could not be established

Error: (03/23/2014 11:50:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2014 11:50:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2014 11:50:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: A connection with the server could not be established

Error: (03/23/2014 11:50:40 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: A connection with the server could not be established

System errors:
=============
Error: (03/31/2014 08:11:30 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/31/2014 08:09:58 PM) (Source: Service Control Manager) (User: )
Description: The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).

Error: (03/31/2014 08:09:58 PM) (Source: Service Control Manager) (User: )
Description: The RealNetworks Downloader Resolver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/31/2014 07:43:50 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/31/2014 07:27:36 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/28/2014 09:02:08 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/27/2014 08:37:35 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde
sptd

Error: (03/27/2014 07:28:39 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/27/2014 00:46:08 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NwlnkNb.
The backup browser is stopping.

Error: (03/26/2014 10:19:34 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Microsoft Office Sessions:
=========================
Error: (03/26/2014 03:31:29 PM) (Source: PerfNet)(User: )
Description:

Error: (03/24/2014 00:46:27 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0715b9e59

Error: (03/24/2014 00:25:52 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (03/24/2014 00:25:52 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (03/24/2014 00:25:52 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootseq.txtA connection with the server could not be established

Error: (03/24/2014 00:25:48 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootseq.txtA connection with the server could not be established

Error: (03/23/2014 11:50:45 PM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (03/23/2014 11:50:45 PM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (03/23/2014 11:50:45 PM) (Source: crypt32)(User: )
Description: http://www.download....uthrootseq.txtA connection with the server could not be established

Error: (03/23/2014 11:50:40 PM) (Source: crypt32)(User: )
Description: http://www.download....uthrootseq.txtA connection with the server could not be established

==================== Memory info ===========================

Percentage of memory in use: 41%
Total physical RAM: 2038.07 MB
Available physical RAM: 1195.38 MB
Total Pagefile: 3923.08 MB
Available Pagefile: 3298.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.26 MB

==================== Drives ================================

Drive c: (500GB_Local Disk) (Fixed) (Total:231.53 GB) (Free:83.33 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Fixed) (Total:0.05 GB) (Free:0.04 GB) FAT
Drive g: () (Fixed) (Total:3 GB) (Free:0.61 GB) FAT32
Drive h: () (Fixed) (Total:231.18 GB) (Free:97.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: DDC4DDC4)

Partition: GPT Partition Type.

==================== End Of Log ============================

#8
michaelg9

Posted 02 April 2014 - 01:01 PM

Trusted Helper

Malware Removal
2,949 posts

Hey,

I'd suggest you uninstall Coupon Printer too.

Next:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:processes

:OTL
[2007/12/21 18:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/12/21 18:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sally\Application Data\Viewpoint
:Services

:Reg

:Files

:Commands
Then click the Run Fix button at the top
Let the program run unhindered.

Next:

I can't find any sign of malware on your computer. How's your computer running? Are there any problems?

#9
ggh

Posted 02 April 2014 - 02:51 PM

New Member

Topic Starter
Member
8 posts

Hi Michael,

PC seems to work ok but
I still cannot run a fresh download of Catchme from GMER

log shows

disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan

Needless to say I am signed in in XP Home as user Sally but in user accounts Sally is a Computer Administrator.

Its as though something is broken....

Also when I run OTL as you first described at beginning of this problem, with extra registry it hangs in HKCU

#10
ggh

Posted 02 April 2014 - 03:35 PM

New Member

Topic Starter
Member
8 posts

Also Just ran Combofix in safemode-with-networking loggedin as Administrator and still beeps and reports rootkit activity and restarts in a view with no icons

#11
michaelg9

Posted 04 April 2014 - 10:29 AM

Trusted Helper

Malware Removal
2,949 posts

That doesn't mean that your computer is infected or has something broken.

Did you disable your antivirus program (avast) before running it?

#12
ggh

Posted 05 April 2014 - 02:44 AM

New Member

Topic Starter
Member
8 posts

Hi Michael

I have uninstalled all my antivirus after I struggled to get OTL to run with your scripts in your earlier posts to me The faulty machine has only been used to run your tests. I realise its at risk.

Thanks for your help but I am still suspicious as there are posts on other sites about my catchme symptom with search phrase
"please note that you need administrator rights to perform deep scan"

Zedo and Slowness - Page 2
forums.spybot.info/showthread.php?27691-Zedo-and-Slowness/page2‎
9 May 2008 - 8 posts - ‎1 author
please note that you need administrator rights to perform deep scan disk not found C:\ please note that you need administrator rights to perform ...
Rootkit - MajorGeeks Support Forums
forums.majorgeeks.com › ... › Malware Removal‎
1 Jun 2013 - 7 posts - ‎2 authors
please note that you need administrator rights to perform deep scan ... I performed all the steps in the readme first thread and have attached the ...
SDFix report. need help. thanks - Resolved/Inactive HijackThis Logs ...

www.lavasoftsupport.com › ... › Resolved/Inactive HijackThis Logs

6 Apr 2009 - 6 posts - ‎2 authors
SDFix report. need help. thanks - posted in Resolved/Inactive HijackThis ... please note that you need administrator rights to perform deep scan
TDL 4. Is it there or a misread by ComboFix?
forum.avast.com/index.php?topic=81654.35;imode‎
Could you delete your current copy of combofix, download and run a fresh one to see if it ..... please note that you need administrator rights to perform deep scan

#13
michaelg9

Posted 05 April 2014 - 10:26 AM

Trusted Helper

Malware Removal
2,949 posts

Hey,
I searched this warning in many other logs, and it's not necessarily a sign on infection. However, let's run a few rootkit scans, additionally to aswmbr, to confirm.

Please restart your computer first.

Next:

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Double-click on the downloaded file to start the program.
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "No", save the log and post back the results.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

Next:

Download AVPTool version 11 from Here to your desktop

Run the programme you have just downloaded to your desktop ( it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

#14
ggh

Posted 07 April 2014 - 04:08 PM

New Member

Topic Starter
Member
8 posts

Disk \Device\Harddisk0\DR0 unknown MBR code

But could that be my dell Restore Partition?

I will do the other tests soon

Attached Files

Results.log 1.01MB 167 downloads

#15
michaelg9

Posted 09 April 2014 - 10:39 AM

Trusted Helper

Malware Removal
2,949 posts

Yes, the unknown mbr code is caused by the fact that your computer has a custom dell partition for recovery. However, in order to confirm that this is it, after you finish the instructions of my previous post, do scan this file in aswmbr and tell me the resutls: