[Indexx]

Running firefox on XP with a zonealarm fw. I.E. disabled since MS's "fix" last month.

Yesterday I noticed in my temp folder that perflib_perfdata.dat that is always there with the same name was showing a different names like perflib_perfdata_bc.dat or perflib_perfdata_03.dat.

When I open firefox zonealarm usually has one click for the loopback but nothing else till I add an address or hit a fav.

Now when I open firefoxafter the loopback click something asks for permission to connect with names like www47.zippyshare.com and hosted-by-i3d.net

Not good.

Anyone knows what this might be or how to stop it?

Thanks,

Indexx

[Advertisements]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

First

Please download OTL to your Desktop

• Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
• Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox
  and
• Check the option for All under the Extra Registry section
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

• OTL.txt <-- Will be opened, maximized
• Extras.txt <-- Will be minimized on task bar.

Please post the contents of both OTL.txt and Extras.txt files in your next reply.

[zep516]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

First

Please download OTL to your Desktop

• Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
• Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox
  and
• Check the option for All under the Extra Registry section
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

• OTL.txt <-- Will be opened, maximized
• Extras.txt <-- Will be minimized on task bar.

Please post the contents of both OTL.txt and Extras.txt files in your next reply.

[Indexx]

Hey I'm listening to Zep right now. I think this is going to work out well. LOL.

The troubles are on my other (main) box. Should I put it online?

I have OTL from last year on that box. Can I use it?

Thanks Zep516

[zep516]

Hello Indexx,

Put the main box online. No OTL'S from last year! Delete your copy and re-download per instruction. Remember everything gets downloaded to the desktop, don't want to see things running from downloads folder.

Post 2 Log files OTL.txt, Extra's .txt

Thanks
Joe

[Indexx]

Will do Joe. back with you soon

[Indexx]

Took a few. Box over heated 1st try. It's old but will be missed.

 

 

Attached Files

•  OTL.Txt   35.36KB   170 downloads
•  Extras.Txt   45.54KB   89 downloads

[zep516]

Don't attach files to the forum, post the log files in like this.

OTL logfile created on: 6/24/2014 7:47:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.04 Mb Total Physical Memory | 729.86 Mb Available Physical Memory | 71.41% Memory free
2.40 Gb Paging File | 2.24 Gb Available in Paging File | 93.35% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.00 Gb Total Space | 38.82 Gb Free Space | 40.02% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 64.17 Gb Free Space | 57.40% Space Free | Partition Type: NTFS
Drive E: | 13.75 Gb Total Space | 0.77 Gb Free Space | 5.61% Space Free | Partition Type: FAT32

Computer Name: LASRIUS | User Name: boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/24 19:30:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14\OTL.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/23 23:38:28 | 000,968,696 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2006/08/23 23:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe


========== Modules (No Company Name) ==========

MOD - [2006/08/23 23:40:50 | 000,145,408 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2006/08/23 23:40:50 | 000,047,104 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\_socket.pyd
MOD - [2006/08/23 23:40:50 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\signedDll.pyd
MOD - [2006/08/23 23:40:50 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyvsinit.pyd
MOD - [2006/08/23 23:37:52 | 000,796,584 | ---- | M] () -- C:\WINDOWS\system32\libeay32_0.9.6l.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/06/09 14:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2006/08/23 23:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/15 00:39:23 | 000,003,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\socketlock.sys -- (SocketLock)
DRV - [2010/04/14 00:04:56 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)
DRV - [2008/04/14 01:25:10 | 000,202,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 01:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/08/23 23:38:36 | 000,392,824 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2006/08/03 01:53:32 | 000,029,680 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2006/04/18 06:29:06 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/14 13:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/03/02 06:03:32 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/09/20 05:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/09/19 15:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 15:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 15:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 10:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 10:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 10:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4019220746-367500967-2072770735-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4019220746-367500967-2072770735-1005\..\SearchScopes,DefaultScope = {D21C353A-29E5-4F69-AF31-8432DDF80CBF}
IE - HKU\S-1-5-21-4019220746-367500967-2072770735-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4019220746-367500967-2072770735-1005\..\SearchScopes\{B6A5E4C4-2536-4B0D-A258-F4FBBEDB455B}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-4019220746-367500967-2072770735-1005\..\SearchScopes\{C4236BF9-A0E9-4F8D-BD96-F06419E16F30}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-4019220746-367500967-2072770735-1005\..\SearchScopes\{C739D6C0-6E08-42FF-A68D-5540E553A401}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-4019220746-367500967-2072770735-1005\..\SearchScopes\{D21C353A-29E5-4F69-AF31-8432DDF80CBF}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-4019220746-367500967-2072770735-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/08 10:58:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/01/08 10:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\boss.LASRIUS\Application Data\Mozilla\Extensions
[2013/01/08 10:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/10 10:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-4019220746-367500967-2072770735-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-4019220746-367500967-2072770735-1005\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\S-1-5-21-4019220746-367500967-2072770735-1005..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe (Globe Software)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4019220746-367500967-2072770735-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4019220746-367500967-2072770735-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-4019220746-367500967-2072770735-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = @ [binary data]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Inso Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | --S- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | --S- | M] () - E:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/24 19:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14
[2010/04/14 00:04:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2014/06/24 19:45:38 | 000,048,882 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/06/24 19:45:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/19 21:41:47 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint Shop Pro 7.lnk
[2014/06/10 21:39:24 | 000,000,209 | -HS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2013/12/06 19:49:52 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2013/05/12 22:13:09 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\recently-used.xbel
[2012/07/11 18:42:29 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/22 15:47:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\wklnhst.dat
[2010/05/05 00:53:04 | 000,000,382 | R-S- | C] () -- C:\Documents and Settings\boss.LASRIUS\ntuser.pol
[2010/04/17 01:58:58 | 000,002,222 | R-S- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/04/15 11:35:24 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.old
[2010/04/14 00:04:18 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\inst.exe
[2010/04/14 00:04:18 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.cat
[2010/04/14 00:04:18 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.inf
[2010/04/13 11:13:46 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/03/28 07:39:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 06:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

And the extra's .txt

OTL Extras logfile created on: 6/24/2014 7:47:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.04 Mb Total Physical Memory | 729.86 Mb Available Physical Memory | 71.41% Memory free
2.40 Gb Paging File | 2.24 Gb Available in Paging File | 93.35% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.00 Gb Total Space | 38.82 Gb Free Space | 40.02% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 64.17 Gb Free Space | 57.40% Space Free | Partition Type: NTFS
Drive E: | 13.75 Gb Total Space | 0.77 Gb Free Space | 5.61% Space Free | Partition Type: FAT32

Computer Name: LASRIUS | User Name: boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\PROGRA~1\NEWFOL~1\INTERN~1\NEWFOL~1\IEXPLO~1.OLD" -nohome
htmlfile [opennew] -- "C:\PROGRA~1\NEWFOL~1\INTERN~1\NEWFOL~1\IEXPLO~1.OLD" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lock folder with Folder Lock] -- C:\WINDOWS\system32\Zerox\Zerox.exe %1 (NewSoftwares.net Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\PROGRA~1\NEWFOL~1\INTERN~1\NEWFOL~1\IEXPLO~1.OLD" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Disabled:Message Queuing -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{1313740E-0072-4E2D-A628-DEFCD38B577A}" = HP User Guides 0011
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 E2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.1
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{5C52EC19-3B77-4B03-BBE8-E7F58ED92D73}" = H&R Block Standard 2011
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{7304A91F-F4AF-41B3-85B6-C5923EDBF899}" = H&R Block Premium + Efile + State 2013
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Premium + Efile + State 2012
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"0E5266B4-9069-401A-93AE-5FF9F1712016" = Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
"320F055A-570F-4335-B026-16A836DB9549" = Final Drive Nitro from Hewlett-Packard Laptops (remove only)
"A-10CubaDeinstKey" = A-10Cuba
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter 5_is1" = Any Video Converter 5 5.0.3
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BarBack for Windows" = BarBack for Windows
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"Combat Flight Simulator 1.00" = Microsoft Combat Flight Simulator
"Combat Flight Simulator 2.0" = Microsoft Combat Flight Simulator 2
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 645 Series" = EPSON WorkForce 645 Series Printer Uninstall
"H&R Block Business 2013" = H&R Block Business 2013 (Remove Only)
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.6.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® PRO Network Connections Drivers
"QVP" = Quick View Plus
"VLC media player" = VideoLAN VLC media player 0.8.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"YSIGet" = YSIGet
"ZoneAlarm" = ZoneAlarm

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/24/2014 7:34:30 PM | Computer Name = LASRIUS | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/24/2014 7:34:30 PM | Computer Name = LASRIUS | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/24/2014 8:25:20 PM | Computer Name = LASRIUS | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/24/2014 8:25:20 PM | Computer Name = LASRIUS | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/24/2014 8:25:20 PM | Computer Name = LASRIUS | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/24/2014 8:25:20 PM | Computer Name = LASRIUS | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/24/2014 8:45:45 PM | Computer Name = LASRIUS | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/24/2014 8:45:45 PM | Computer Name = LASRIUS | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/24/2014 8:45:45 PM | Computer Name = LASRIUS | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 6/24/2014 8:45:45 PM | Computer Name = LASRIUS | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 6/24/2014 8:25:50 PM | Computer Name = LASRIUS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {D6D754B6-C211-4920-92EA-FD714A13246B}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
-Embedding

Error - 6/24/2014 8:25:54 PM | Computer Name = LASRIUS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 6/24/2014 8:25:54 PM | Computer Name = LASRIUS | Source = Service Control Manager | ID = 7001
Description = The Message Queuing service depends on the Server service which failed
to start because of the following error: %%1058

Error - 6/24/2014 8:25:54 PM | Computer Name = LASRIUS | Source = Service Control Manager | ID = 7001
Description = The Message Queuing Triggers service depends on the Message Queuing
service which failed to start because of the following error: %%1068

Error - 6/24/2014 8:26:01 PM | Computer Name = LASRIUS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {D6D754B6-C211-4920-92EA-FD714A13246B}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
-Embedding

Error - 6/24/2014 8:30:56 PM | Computer Name = LASRIUS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {D6D754B6-C211-4920-92EA-FD714A13246B}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
-Embedding

Error - 6/24/2014 8:45:48 PM | Computer Name = LASRIUS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {D6D754B6-C211-4920-92EA-FD714A13246B}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
-Embedding

Error - 6/24/2014 8:45:48 PM | Computer Name = LASRIUS | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 6/24/2014 8:45:48 PM | Computer Name = LASRIUS | Source = Service Control Manager | ID = 7001
Description = The Message Queuing service depends on the Server service which failed
to start because of the following error: %%1058

Error - 6/24/2014 8:45:48 PM | Computer Name = LASRIUS | Source = Service Control Manager | ID = 7001
Description = The Message Queuing Triggers service depends on the Message Queuing
service which failed to start because of the following error: %%1068


< End of report >

Let me look them over for you, I'll get back to asap.
Please Note:Perflib_Perfdata_xxx.dat is not a virus. These files are created by performance monitoring programs, including Windows.

Thanks
Joe

[Indexx]

I kinda know that but it started showing different names all the sudden.

Will paste any new uploads, sorry about that.

[zep516]

Hello,

Remove these programs please from your add / remove program list.
1-Java 7 Update 10
2-J2SE Runtime Environment 5.0 Update 6
3-Adobe Reader 6.0.1----------------------Seriously out of date + Infection risk.

Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. If that is the case then you should go in to Control panels, Java, Security and set the slider to the highest level.
Latest version ofJava is Here


Next

We need to do a fix to delete some files using OTL

• Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :COMMANDS
  [CREATERESTOREPOINT]
  
  :OTL
  O3 - HKU\S-1-5-21-4019220746-367500967-2072770735-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
  O3 - HKU\S-1-5-21-4019220746-367500967-2072770735-1005\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
  O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
  
  
  :Files
  
  ipconfig /flushdns /c
  
  :Commands
  
  [emptytemp]
  [resethosts]
  

• Make sure all other windows are closed.
• Click the Run Fix button at the top
• Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
• Post the log that is found in C:\_OTL\Moved Files in your next reply.
• Open OTL again and click the Quick Scan button.

In your next reply post:
1-OTL Fix log, it pops up in front of you after reboot
2-New OTL After quick scan.

Thanks
Joe

[Indexx]

Joe, I lost the fix log. Thought it'd be in the OTL folder but was not. It said something like fixes went right and restore point created. Also Adobe 6 and j2se would not uninstall. ( You already have this version of the JRE installed.  Please uninstall the product through your add/remove programs utility before reinstalling.). Was using control panel add/remove programs utility.

 

OTL logfile created on: 6/24/2014 8:57:07 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.04 Mb Total Physical Memory | 739.26 Mb Available Physical Memory | 72.33% Memory free
2.40 Gb Paging File | 2.24 Gb Available in Paging File | 93.10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2304 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.00 Gb Total Space | 38.85 Gb Free Space | 40.05% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 64.17 Gb Free Space | 57.40% Space Free | Partition Type: NTFS
Drive E: | 13.75 Gb Total Space | 0.77 Gb Free Space | 5.61% Space Free | Partition Type: FAT32
 
Computer Name: LASRIUS | User Name: boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/24 19:30:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14\OTL.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/23 23:38:28 | 000,968,696 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2006/08/23 23:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2003/07/25 02:40:06 | 000,335,872 | ---- | M] (Globe Software) -- C:\Program Files\Globe Software\StatBar\StatBar.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2006/08/23 23:40:50 | 000,145,408 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2006/08/23 23:40:50 | 000,047,104 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\_socket.pyd
MOD - [2006/08/23 23:40:50 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\signedDll.pyd
MOD - [2006/08/23 23:40:50 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyvsinit.pyd
MOD - [2006/08/23 23:37:52 | 000,796,584 | ---- | M] () -- C:\WINDOWS\system32\libeay32_0.9.6l.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/06/09 14:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2006/08/23 23:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/15 00:39:23 | 000,003,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\socketlock.sys -- (SocketLock)
DRV - [2010/04/14 00:04:56 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)
DRV - [2008/04/14 01:25:10 | 000,202,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 01:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/08/23 23:38:36 | 000,392,824 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2006/08/03 01:53:32 | 000,029,680 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2006/04/18 06:29:06 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/14 13:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/03/02 06:03:32 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/09/20 05:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/09/19 15:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 15:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 15:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 10:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 10:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 10:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {D21C353A-29E5-4F69-AF31-8432DDF80CBF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B6A5E4C4-2536-4B0D-A258-F4FBBEDB455B}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{C4236BF9-A0E9-4F8D-BD96-F06419E16F30}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{C739D6C0-6E08-42FF-A68D-5540E553A401}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D21C353A-29E5-4F69-AF31-8432DDF80CBF}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/08 10:58:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/01/08 10:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\boss.LASRIUS\Application Data\Mozilla\Extensions
[2013/01/08 10:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2014/06/24 20:46:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.5.0_06\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe (Globe Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = @ [binary data]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Inso Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | --S- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | --S- | M] () - E:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/24 20:46:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/24 19:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14
[2010/04/14 00:04:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/24 20:48:21 | 000,048,882 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/06/24 20:48:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/24 20:46:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/06/19 21:41:47 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint Shop Pro 7.lnk
[2014/06/10 21:39:24 | 000,000,209 | -HS- | M] () -- C:\boot.ini
 
========== Files Created - No Company Name ==========
 
[2013/12/06 19:49:52 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2013/05/12 22:13:09 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\recently-used.xbel
[2012/07/11 18:42:29 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/22 15:47:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\wklnhst.dat
[2010/05/05 00:53:04 | 000,000,382 | R-S- | C] () -- C:\Documents and Settings\boss.LASRIUS\ntuser.pol
[2010/04/17 01:58:58 | 000,002,222 | R-S- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/04/15 11:35:24 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.old
[2010/04/14 00:04:18 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\inst.exe
[2010/04/14 00:04:18 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.cat
[2010/04/14 00:04:18 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.inf
[2010/04/13 11:13:46 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006/03/28 07:39:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 06:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009/12/20 02:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2013/06/26 21:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC
[2006/06/05 07:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/03/25 23:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2006/08/05 01:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/10/17 01:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/11/04 20:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/08/09 11:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/12/06 19:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2014/03/22 23:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/12/20 01:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/17 12:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint old
[2008/04/12 11:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2014/03/22 23:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer
[2013/12/06 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\AnvSoft
[2012/03/25 23:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Epson
[2010/04/19 22:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Leadertech
[2014/06/24 21:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\NetSpeedMonitor
[2014/01/23 19:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\OpenOffice
[2013/10/25 18:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\OverDrive
[2011/10/16 15:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\pdf995old
[2014/03/22 23:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\TaxCut
[2010/06/22 15:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Template
[2010/04/14 00:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Vso
 
========== Purity Check ==========
 
 

< End of report >
 

[zep516]

OK.

Don't worry about the fix log, I see the files are gone.

We need to do a fix to delete some files using OTL again.

• Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :COMMANDS
  [CREATERESTOREPOINT]
  
  :OTL
  O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll File not found
  O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.5.0_06\bin\jp2ssv.dll File not found
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
  O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10) 
  
  :Files
  
  ipconfig /flushdns /c
  
  :Commands
  [emptytemp]
  

• Make sure all other windows are closed.
• Click the Run Fix button at the top
• Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
• Post the log that is found in C:\_OTL\Moved Files in your next reply.
• Open OTL again and click the Quick Scan button.
  
  
  This program below (Revo), use it to uninstall Adobe and Java. OR you could also boot to safe mode and see if you can uninstall from there, then you will not need to download Revo Uninstaller. How to start windows XP safe mode---> http://www.bleepingc...s-in-safe-mode/
  
  If you need revo Here it is:
  
  Please download and install Revo Uninstaller Free
• Double click Revo Uninstaller to run it.
• From the list of programs double click on The Program to remove
• When prompted if you want to uninstall click Yes.
• Be sure the Moderate option is selected then click Next.
• The program will run, If prompted again click Yes
• when the built-in uninstaller is finished click on Next.
• Once the program has searched for leftovers click Next.
• Check/tick the bolded items only on the list then click Delete
• when prompted click on Yes and then on next.
• put a check on any folders that are found and select delete
• when prompted select yes then on next
• Once done click Finish.
  
  Go ahead and carry out the instructions. I need to log out. I'll catch up with you Tomorrow and we will keep working on this machine.
  
  Thanks
  Joe
• 
  

[Indexx]

Thanks Joe. I'll have these waiting for you.

Have a great evening and thanks for the help.

[Indexx]

Morning Joe.

Heres the moved  and quick scan logs. The 1st moved log is there if you need it.

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret <    :OTL> in the current context!
Error: Unable to interpret <    O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program > in the current context!
Error: Unable to interpret <Files\Java\jre1.5.0_06\bin\ssv.dll File not found> in the current context!
Error: Unable to interpret <    O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program > in the current context!
Error: Unable to interpret <Files\Java\jre1.5.0_06\bin\jp2ssv.dll File not found> in the current context!
Error: Unable to interpret <    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: > in the current context!
Error: Unable to interpret <Value error.)> in the current context!
Error: Unable to interpret <    O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in > in the current context!
Error: Unable to interpret <1.7.0_10)> in the current context!
Error: Unable to interpret <    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in > in the current context!
Error: Unable to interpret <1.7.0_10) > in the current context!
Error: Unable to interpret <    :Files> in the current context!
Error: Unable to interpret <    ipconfig /flushdns /c> in the current context!
Error: Unable to interpret <    :Commands> in the current context!
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: boss
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: boss.LASRIUS
->Temp folder emptied: 16768 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1295051 bytes
->Flash cache emptied: 291 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 512 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06242014_223808

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\ZLT01ad2.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT03790.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

-------------------------------------------------------------------------------------------------------------------------------------

 

OTL logfile created on: 6/24/2014 11:12:21 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.04 Mb Total Physical Memory | 698.61 Mb Available Physical Memory | 68.35% Memory free
2.40 Gb Paging File | 2.23 Gb Available in Paging File | 92.87% Paging File free
Paging file location(s): C:\pagefile.sys 1536 2304 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.00 Gb Total Space | 38.78 Gb Free Space | 39.99% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 64.17 Gb Free Space | 57.40% Space Free | Partition Type: NTFS
Drive E: | 13.75 Gb Total Space | 0.77 Gb Free Space | 5.61% Space Free | Partition Type: FAT32
 
Computer Name: LASRIUS | User Name: boss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/24 19:30:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14\OTL.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/23 23:38:28 | 000,968,696 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2006/08/23 23:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2003/07/25 02:40:06 | 000,335,872 | ---- | M] (Globe Software) -- C:\Program Files\Globe Software\StatBar\StatBar.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2006/08/23 23:40:50 | 000,145,408 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2006/08/23 23:40:50 | 000,047,104 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\_socket.pyd
MOD - [2006/08/23 23:40:50 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\signedDll.pyd
MOD - [2006/08/23 23:40:50 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyvsinit.pyd
MOD - [2006/08/23 23:37:52 | 000,796,584 | ---- | M] () -- C:\WINDOWS\system32\libeay32_0.9.6l.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/06/09 14:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2006/08/23 23:38:26 | 000,075,768 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/15 00:39:23 | 000,003,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\socketlock.sys -- (SocketLock)
DRV - [2010/04/14 00:04:56 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)
DRV - [2008/04/14 01:25:10 | 000,202,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 01:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/08/23 23:38:36 | 000,392,824 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2006/08/03 01:53:32 | 000,029,680 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2006/04/18 06:29:06 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/14 13:02:54 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/03/02 06:03:32 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/09/20 05:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/09/19 15:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 15:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 15:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 10:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 10:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 10:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {D21C353A-29E5-4F69-AF31-8432DDF80CBF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B6A5E4C4-2536-4B0D-A258-F4FBBEDB455B}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{C4236BF9-A0E9-4F8D-BD96-F06419E16F30}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{C739D6C0-6E08-42FF-A68D-5540E553A401}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D21C353A-29E5-4F69-AF31-8432DDF80CBF}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/08 10:58:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/01/08 10:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\boss.LASRIUS\Application Data\Mozilla\Extensions
[2013/01/08 10:58:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2014/06/24 20:46:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [StatBar] C:\Program Files\Globe Software\StatBar\StatBar.exe (Globe Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = @ [binary data]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Inso Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | --S- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | --S- | M] () - E:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/24 21:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/06/24 21:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boss.LASRIUS\Start Menu\Programs\Revo Uninstaller
[2014/06/24 20:46:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/24 19:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\boss.LASRIUS\Desktop\repair 6-14
[2010/04/14 00:04:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/24 22:39:36 | 000,048,882 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2014/06/24 22:39:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/24 21:57:19 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\boss.LASRIUS\Desktop\Revo Uninstaller.lnk
[2014/06/24 20:46:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/06/19 21:41:47 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint Shop Pro 7.lnk
[2014/06/10 21:39:24 | 000,000,209 | -HS- | M] () -- C:\boot.ini
 
========== Files Created - No Company Name ==========
 
[2014/06/24 21:57:19 | 000,000,919 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Desktop\Revo Uninstaller.lnk
[2013/12/06 19:49:52 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2013/05/12 22:13:09 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\recently-used.xbel
[2012/07/11 18:42:29 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/22 15:47:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\wklnhst.dat
[2010/05/05 00:53:04 | 000,000,382 | R-S- | C] () -- C:\Documents and Settings\boss.LASRIUS\ntuser.pol
[2010/04/17 01:58:58 | 000,002,222 | R-S- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/04/15 11:35:24 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini.old
[2010/04/14 00:04:18 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\inst.exe
[2010/04/14 00:04:18 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.cat
[2010/04/14 00:04:18 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Application Data\pcouffin.inf
[2010/04/13 11:13:46 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\boss.LASRIUS\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006/03/28 07:39:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 06:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009/12/20 02:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2013/06/26 21:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC
[2006/06/05 07:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/03/25 23:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2006/08/05 01:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/10/17 01:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/11/04 20:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2006/08/09 11:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/12/06 19:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2014/03/22 23:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/12/20 01:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/17 12:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint old
[2008/04/12 11:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2014/03/22 23:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer
[2013/12/06 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\AnvSoft
[2012/03/25 23:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Epson
[2010/04/19 22:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Leadertech
[2014/06/24 23:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\NetSpeedMonitor
[2014/01/23 19:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\OpenOffice
[2013/10/25 18:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\OverDrive
[2011/10/16 15:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\pdf995old
[2014/03/22 23:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\TaxCut
[2010/06/22 15:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Template
[2010/04/14 00:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\boss.LASRIUS\Application Data\Vso
 
========== Purity Check ==========
 
 

< End of report >
 

[zep516]

How are things?

And:

Were you able to get adobe and Java uninstalled

Joe

[Indexx]

Evening Joe,

Somethings still trying to phone home.

I believe so but I'll go check