[sirspread]

about a month ago i accidently clicked on a java install without checking it properly

i ran a scan using avira, malawarebytes,spybot and adwcleaner which all found various malware and viruses

the problem i have is everytime i think i have cleared them all seems ok until a few days later and new scans show more virus and malaware

i have just ran another thorough check and got rid of one more (pup.optional.domaiq)

alot of the original stuff was istart123

any help would be greatly appreciated

 

OTL logfile created on: 05/09/2014 19:17:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1023.36 Mb Total Physical Memory | 376.52 Mb Available Physical Memory | 36.79% Memory free
2.40 Gb Paging File | 1.56 Gb Available in Paging File | 64.88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.35 Gb Total Space | 126.29 Gb Free Space | 55.06% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 0.37 Gb Free Space | 10.59% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-447023AE6B | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/05 19:15:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe
PRC - [2014/09/02 20:56:26 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/09/02 14:39:57 | 000,427,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014/08/12 08:31:19 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014/08/12 08:30:35 | 000,751,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/08/12 08:30:35 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/08/04 14:20:42 | 000,161,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014/08/04 14:20:40 | 000,149,296 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/13 16:54:10 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2005/07/06 11:14:12 | 000,471,040 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxcecoms.exe
PRC - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/02 20:56:18 | 003,715,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/08/21 22:31:12 | 017,048,240 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll
MOD - [2014/08/04 14:20:40 | 000,139,056 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014/08/04 14:20:34 | 000,052,472 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014/08/04 14:20:22 | 000,067,832 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
MOD - [2014/08/04 14:16:58 | 000,245,760 | ---- | M] () -- C:\Program Files\Avira\My Avira\System.ComponentModel.Composition.dll
MOD - [2014/02/13 21:44:58 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\f0bb94276be98ff9ff0b22152fa633b9\System.Xml.Linq.ni.dll
MOD - [2014/02/13 21:44:01 | 011,906,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f0b0625c2db624ba9c97ad1b12490d79\System.Web.ni.dll
MOD - [2014/02/13 21:43:46 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7e310942e6e9a5d623e003130ec3d9bd\System.Transactions.ni.dll
MOD - [2014/02/13 21:43:45 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/02/13 21:43:33 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\5c157466d360a10b2c97e94b41ddc588\System.Management.ni.dll
MOD - [2014/02/13 21:43:27 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\78e7a4c3acd1a345c4ef1f73ff48a1dd\System.EnterpriseServices.ni.dll
MOD - [2014/02/13 21:33:11 | 017,403,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\80743209bcc0a3af8305acd51569b483\System.ServiceModel.ni.dll
MOD - [2014/02/13 21:32:34 | 001,071,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\184f020284184651f03aa3cbc2bbccb6\System.IdentityModel.ni.dll
MOD - [2014/02/13 18:40:19 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/02/13 18:40:04 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/13 18:35:03 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/13 18:34:26 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ff1a0afc7a73669bca0ac4dffd8ee7c4\SMDiagnostics.ni.dll
MOD - [2014/02/13 18:32:14 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9860da66bf0219612908e7412b0a6e2e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/13 18:30:26 | 000,240,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\493eb38d7888e3ec1733b7bbc4a6c460\WindowsFormsIntegration.ni.dll
MOD - [2014/02/13 18:30:09 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/13 18:29:40 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/13 18:29:07 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/13 18:27:57 | 002,518,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\ff8f87204db52c710c5fb5792d3f2283\System.Data.Linq.ni.dll
MOD - [2014/02/13 18:27:32 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\af8afdcab485e00a04b18ed487981f3d\System.Data.ni.dll
MOD - [2014/02/13 18:27:19 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
MOD - [2014/02/13 18:26:53 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\508d144b1e81e6642be4fea8799fb424\PresentationFramework.Luna.ni.dll
MOD - [2014/02/13 18:26:14 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dad6af4d4f3b92adf0497c5ec9565236\PresentationFramework.ni.dll
MOD - [2014/02/13 18:24:55 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
MOD - [2014/02/13 18:24:24 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
MOD - [2014/02/13 18:23:59 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/13 18:23:19 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007/09/13 16:54:10 | 000,643,142 | ---- | M] () -- C:\WINDOWS\aticlocklib.dll
MOD - [2005/07/12 10:33:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
MOD - [2005/02/24 17:23:52 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 4300 Series\lxcecnv4.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/09/02 20:56:19 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/08/21 22:31:15 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/12 08:31:19 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/08/12 08:30:44 | 001,021,008 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2014/08/12 08:30:35 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/08/04 14:20:40 | 000,149,296 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2011/05/18 17:28:57 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/09/13 16:54:10 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2005/07/06 11:14:12 | 000,471,040 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\system32\lxcecoms.exe -- (lxce_device)
SRV - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\22F.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2014/09/05 19:08:18 | 000,052,440 | ---- | M] (Malwarebytes Corporation) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\ebmedi.sys -- (uvfhheuk)
DRV - [2014/07/03 15:33:49 | 000,097,648 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2014/05/22 09:29:45 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/11/12 11:36:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/07/24 12:31:25 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/09/13 16:54:14 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007/09/13 16:54:14 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2007/09/13 16:54:12 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2007/09/13 16:54:10 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2007/02/08 14:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2005/07/04 08:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 21:16:26 | 001,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/06/09 00:22:20 | 003,160,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/04/15 03:14:00 | 001,130,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/08 01:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/04 05:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/01/10 22:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/10/14 15:39:54 | 000,006,928 | ---- | M] (Compaq Computer Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (EABFiltr)
DRV - [2002/01/28 17:43:58 | 000,005,168 | ---- | M] (Compaq Computer Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 15 BD F4 82 DD CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 88 D1 6D 0D 18 A8 94 48 B2 6D 50 24 A8 A4 24 68  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}:  File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Compaq_Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/09/02 20:55:28 | 000,000,000 | ---D | M]
 
[2012/04/19 14:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/04/12 16:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions\[email protected]
[2014/09/04 11:35:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\extensions
[2014/08/14 10:00:58 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2014/08/05 08:40:41 | 000,371,596 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\extensions\[email protected]
[2014/08/27 21:46:47 | 000,230,013 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\extensions\[email protected]
[2014/08/14 09:56:27 | 000,002,372 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}\content\shortcuts-and-tweaks\supportership-expiration-date.js
[2014/09/02 20:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2014/09/02 20:55:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2014/09/02 20:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/09/02 20:56:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/08/31 21:40:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CPub Object) - {696D8C1E-7039-40c8-9C66-07D9D2A2D00D} - C:\Program Files\AdCleaner\AdCleaner.dll (eEriEsoft, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LXCECATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRecycleBinSize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0? = kbd.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1? = soundman.exe (Realtek Semiconductor Corp.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2? = aolsoftware.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3? = reader_sl.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4? = newlock.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6? = newadmin.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Broadband Toolbar 5.0\resources\en-GB\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcp...ols/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A545EDF-3EBE-41C5-B268-01AB4F12860F}: DhcpNameServer = 15.243.128.51 15.243.160.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E059185C-61F5-4054-86B1-D03485FBE296}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/09 21:20:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 20:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/05 19:08:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2014/09/05 19:08:18 | 000,052,440 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\ebmedi.sys
[2014/09/04 11:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2014/09/02 20:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/09/02 19:41:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/09/02 19:25:26 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/09/02 17:37:56 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
[2014/08/31 21:54:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/08/27 23:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2014/08/24 20:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft
[2014/08/24 20:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adware-Removal-Tool
[2014/08/16 19:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Fralimbo
[2014/08/12 10:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/05 19:24:01 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{60F2B32C-DEDB-47D4-B669-B12AA3C1622A}.job
[2014/09/05 19:08:18 | 000,052,440 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\ebmedi.sys
[2014/09/05 18:45:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/09/05 18:23:26 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/09/05 17:56:13 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ins and outs.xlr
[2014/09/05 17:56:13 | 000,008,174 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2014/09/05 15:06:03 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/09/05 15:00:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/09/05 14:52:17 | 000,918,552 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\172.jpg
[2014/09/05 14:35:41 | 000,053,248 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\photothumb.db
[2014/09/04 12:19:59 | 001,247,810 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\15121191572_246dfda13e_o.jpg
[2014/09/04 12:19:46 | 001,534,156 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\14934992097_aa9aced89e_o.jpg
[2014/09/04 12:19:25 | 001,527,237 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\14934901770_a673c0168a_o.jpg
[2014/09/04 12:19:17 | 001,493,007 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\15121546815_c06630323d_o.jpg
[2014/09/04 12:19:05 | 001,488,521 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\15121174892_f7c9146851_o.jpg
[2014/09/04 09:16:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/09/02 17:37:56 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
[2014/08/31 21:40:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/08/28 11:14:37 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira.lnk
[2014/08/27 20:08:22 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/08/27 17:15:44 | 000,000,183 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\xmas.rtf
[2014/08/21 21:43:38 | 001,364,531 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner_3.308.exe
[2014/08/19 12:46:48 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2014/08/17 16:52:49 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2014/08/16 20:45:42 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/08/16 20:45:04 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/08/16 20:45:03 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/08/07 11:40:14 | 000,000,482 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\jobs.rtf
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/05 17:56:12 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ins and outs.xlr
[2014/09/05 14:52:10 | 000,918,552 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\172.jpg
[2014/09/04 12:25:50 | 000,815,804 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Copy of DSC_0172.JPG
[2014/09/04 12:19:56 | 001,247,810 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\15121191572_246dfda13e_o.jpg
[2014/09/04 12:19:38 | 001,534,156 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\14934992097_aa9aced89e_o.jpg
[2014/09/04 12:19:21 | 001,527,237 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\14934901770_a673c0168a_o.jpg
[2014/09/04 12:19:12 | 001,493,007 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\15121546815_c06630323d_o.jpg
[2014/09/04 12:19:00 | 001,488,521 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\15121174892_f7c9146851_o.jpg
[2014/08/28 11:14:34 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira.lnk
[2014/08/21 21:42:52 | 001,364,531 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner_3.308.exe
[2014/08/17 13:54:48 | 000,000,183 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\xmas.rtf
[2014/08/12 22:51:51 | 000,132,976 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/29 21:05:50 | 000,001,547 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\.recently-used.xbel
[2010/05/06 13:07:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\settings.dat
[2010/04/20 21:10:11 | 000,015,084 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\eo0MLX
[2010/04/20 21:10:11 | 000,015,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\eo0MLX
[2010/03/08 18:38:46 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/15 17:00:14 | 000,008,174 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2010/02/11 14:00:46 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Analog Swirl
[2010/02/11 14:00:46 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Ambience
[2010/02/11 14:00:46 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/02/11 13:38:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Analog Mono
[2010/02/11 13:38:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Action Clauses
[2010/02/11 13:38:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
 
========== ZeroAccess Check ==========
 
[2005/01/02 15:22:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/08/09 22:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disk Cleaner
[2010/02/11 13:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Drum Kits
[2010/02/11 14:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/05/18 17:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/02/11 14:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\External Build System
[2010/05/09 23:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/11 13:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2014/08/28 20:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2010/12/16 22:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/03/09 23:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/04/05 22:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2011/01/13 22:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Track Prince
[2010/02/11 14:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/06/21 21:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/08/30 17:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2010/09/27 21:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\acccore
[2012/12/11 23:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Azureus
[2011/04/23 22:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\com.Shutterfly.ExpressUploader
[2013/08/15 10:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Dropbox
[2010/06/23 17:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Facebook
[2010/12/13 22:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\FinalBurner AudioCD Ripper
[2010/12/13 22:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\FinalBurner Video DVD
[2014/01/05 22:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GlarySoft
[2011/03/29 21:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\gtk-2.0
[2010/05/29 13:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterVideo
[2010/04/11 19:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2010/07/18 17:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller
[2010/05/29 13:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Nikon
[2010/12/12 18:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org
[2010/05/11 12:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Panda Security
[2011/10/13 12:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PhotoScape
[2005/01/02 15:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2010/02/15 17:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2011/09/04 12:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\windows-dvd-maker
[2011/06/21 21:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WindSolutions
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/11/09 11:21:50 | 103,378,319 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\셫἗喴7
[2013/11/09 11:21:50 | 103,378,319 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\셫἗喴7
[2013/11/03 18:27:08 | 104,814,100 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\Ƞ杼喴7
[2013/11/03 18:27:08 | 104,814,100 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\Ƞ杼喴7
[2013/11/02 22:50:05 | 104,684,788 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\䃸예喴7
[2013/11/02 22:50:05 | 104,684,788 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\䃸예喴7
[2013/10/29 21:27:31 | 104,021,456 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ᓛ娻喴7
[2013/10/29 21:27:31 | 104,021,456 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ᓛ娻喴7
[2013/10/26 17:32:44 | 103,108,672 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\枴謐喴7
[2013/10/26 17:32:44 | 103,108,672 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\枴謐喴7
[2013/10/26 10:28:25 | 103,054,676 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\鴐Ⳑ喴7
[2013/10/26 10:28:25 | 103,054,676 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\鴐Ⳑ喴7
[2013/10/24 20:30:57 | 102,837,954 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\㗓╷喴7
[2013/10/24 20:30:57 | 102,837,954 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\㗓╷喴7
[2013/10/23 20:27:59 | 102,674,996 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\醶혭喴7
[2013/10/23 20:27:59 | 102,674,996 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\醶혭喴7
[2013/10/17 09:20:51 | 101,413,064 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\凱喴7
[2013/10/17 09:20:51 | 101,413,064 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\凱喴7
[2013/10/16 15:08:04 | 101,406,750 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ꢔ擄喴7
[2013/10/16 15:08:04 | 101,406,750 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ꢔ擄喴7
[2013/10/13 18:28:09 | 100,742,045 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\꾵喴7
[2013/10/13 18:28:09 | 100,742,045 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\꾵喴7
[2013/10/12 10:24:42 | 100,595,853 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\廼縖喴7
[2013/10/12 10:24:42 | 100,595,853 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\廼縖喴7
[2013/10/09 14:57:40 | 100,146,679 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\钅骴喴7
[2013/10/09 14:57:40 | 100,146,679 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\钅骴喴7
[2013/10/08 15:34:05 | 099,859,239 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\甜둤喴7
[2013/10/08 15:34:05 | 099,859,239 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\甜둤喴7
[2013/10/05 18:05:02 | 099,386,337 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\휺ꑍ喴7
[2013/10/05 18:05:02 | 099,386,337 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\휺ꑍ喴7
[2013/10/05 12:03:00 | 099,327,492 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\욘᭬喴7
[2013/10/05 12:03:00 | 099,327,492 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\욘᭬喴7
[2013/10/03 16:32:40 | 099,131,034 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\遾ፑ喴7
[2013/10/03 16:32:40 | 099,131,034 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\遾ፑ喴7
[2013/10/02 09:37:46 | 098,712,514 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\㸷喴7
[2013/10/02 09:37:46 | 098,712,514 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\㸷喴7
[2013/09/30 16:46:01 | 098,512,375 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\쮠ਵ喴7
[2013/09/30 16:46:01 | 098,512,375 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\쮠ਵ喴7
[2013/09/26 15:46:39 | 097,961,477 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ఽ塱喴7
[2013/09/26 15:46:39 | 097,961,477 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ఽ塱喴7
[2013/09/24 18:18:21 | 097,540,783 | ---- | M] ()(C:\WINDOWS\System32\??7) -- C:\WINDOWS\System32\喴7
[2013/09/24 18:18:21 | 097,540,783 | ---- | C] ()(C:\WINDOWS\System32\??7) -- C:\WINDOWS\System32\喴7
[2013/09/18 15:56:35 | 098,159,724 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\厈旉喴7
[2013/09/18 15:56:35 | 098,159,724 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\厈旉喴7
[2013/09/17 17:36:06 | 097,949,955 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\吅ḏ喴7
[2013/09/17 17:36:06 | 097,949,955 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\吅ḏ喴7
[2013/09/15 17:53:18 | 097,671,483 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\湳喴7
[2013/09/15 17:53:18 | 097,671,483 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\湳喴7
[2013/09/12 21:40:54 | 097,373,152 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\鷾့喴7
[2013/09/12 21:40:54 | 097,373,152 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\鷾့喴7
[2013/09/09 22:00:28 | 096,772,628 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\䔶ꟛ喴7
[2013/09/09 22:00:28 | 096,772,628 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\䔶ꟛ喴7
[2013/09/07 17:03:46 | 096,511,910 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\▙ἧ喴7
[2013/09/07 17:03:46 | 096,511,910 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\▙ἧ喴7
[2013/09/01 18:37:25 | 095,199,041 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\섴঵喴7
[2013/09/01 18:37:25 | 095,199,041 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\섴঵喴7
[2013/08/31 17:02:45 | 095,115,989 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ⳅ喴7
[2013/08/31 17:02:45 | 095,115,989 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ⳅ喴7
[2013/08/31 09:55:07 | 095,070,807 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\๊⯛喴7
[2013/08/31 09:55:07 | 095,070,807 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\๊⯛喴7
[2013/08/29 11:14:06 | 094,566,678 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\礔喴7
[2013/08/29 11:14:06 | 094,566,678 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\礔喴7
[2013/08/28 15:30:21 | 100,864,333 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\含㨵喴7
[2013/08/28 15:30:21 | 100,864,333 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\含㨵喴7
[2013/08/27 14:46:52 | 100,448,122 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\↨⑿喴7
[2013/08/27 14:46:52 | 100,448,122 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\↨⑿喴7
[2013/08/25 17:25:07 | 100,156,396 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\귨喴7
[2013/08/25 17:25:07 | 100,156,396 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\귨喴7
[2013/08/24 10:48:17 | 100,038,487 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ꄂ喴7
[2013/08/24 10:48:17 | 100,038,487 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ꄂ喴7
[2013/08/21 20:36:51 | 099,727,755 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\鞩ꅄ喴7
[2013/08/21 20:36:51 | 099,727,755 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\鞩ꅄ喴7

< End of report >
 

[Advertisements]

also got this from otl

it says extras.txt notepad

 

 

OTL Extras logfile created on: 05/09/2014 19:17:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1023.36 Mb Total Physical Memory | 376.52 Mb Available Physical Memory | 36.79% Memory free
2.40 Gb Paging File | 1.56 Gb Available in Paging File | 64.88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.35 Gb Total Space | 126.29 Gb Free Space | 55.06% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 0.37 Gb Free Space | 10.59% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-447023AE6B | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\WINDOWS\system32\lxcecoms.exe" = C:\WINDOWS\system32\lxcecoms.exe:*:Enabled:4300 Series Server -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcepswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcepswx.exe:*:Enabled:4300 Series Printer Status -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE" = C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Services -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1266096361\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1266096361\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1266096361\ee\AOLDesktop.exe" = C:\Program Files\Common Files\AOL\1266096361\ee\AOLDesktop.exe:*:Enabled:AOL Desktop -- (AOL LLC)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{10AE4FDC-32F9-4E56-8EE1-10629DD11C4E}" = Avira
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}" = KODAK Share Button App
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{e67154a7-9cc5-4167-b782-f3982bc6c70d}" = Avira
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0207194-35B9-4476-B02E-395EE52B5960}" = ASUS nVidia Driver
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"AdCleaner_is1" = AdCleaner 1.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AOL Broadband Toolbar" = AOL Broadband Toolbar 5.0
"AOL Regclient" = AOL Registration
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Easy Access Buttons" = Compaq Easy Access Buttons 3.00 D2
"Free Window Registry Repair" = Free Window Registry Repair
"ie8" = Windows Internet Explorer 8
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Lexmark 4300 Series" = Lexmark 4300 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motocross Madness 2" = Microsoft Motocross Madness 2
"Mozilla Firefox 32.0 (x86 en-US)" = Mozilla Firefox 32.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MS Access 97 SP2" = MS Access 97 SP2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"PROSet" = Intel® PRO Network Connections Drivers
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Shogun Total War - Warlord Edition" = Shogun - Total War - Warlord Edition
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28/08/2014 06:02:35 | Computer Name = YOUR-447023AE6B | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 avira.oe.servicehost.exe, P2 1.1.18.28431, P3
 53c3ed8f, P4 system.componentmodel.composition, P5 4.0.0.1, P6 4c2933cc, P7 49c,
 P8 20, P9 ha2r5vsskg1rxuacxv143hzfuv1ct25u, P10 NIL.
 
Error - 30/08/2014 15:12:16 | Computer Name = YOUR-447023AE6B | Source = Application Hang | ID = 1002
Description = Hanging application SDUpdate.exe, version 1.6.0.12, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 31/08/2014 16:10:19 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Java™ 6 Update 20 -- Internal Error 2753. regutils.dll
 
Error - 31/08/2014 16:51:45 | Computer Name = YOUR-447023AE6B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....uthrootseq.txt>
 with error: A connection with the server could not be established  
 
Error - 04/09/2014 06:03:24 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001.
 The following applications must be closed before continuing the uninstall:   Mozilla
 Firefox
 
Error - 04/09/2014 06:03:26 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001.
 The following applications must be closed before continuing the uninstall:   Mozilla
 Firefox
 
Error - 04/09/2014 06:03:37 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001.
 The following applications must be closed before continuing the uninstall:   Mozilla
 Firefox
 
Error - 04/09/2014 06:03:38 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001.
 The following applications must be closed before continuing the uninstall:   Mozilla
 Firefox
 
Error - 04/09/2014 06:06:06 | Computer Name = YOUR-447023AE6B | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 32.0.0.5350, faulting
 module mozalloc.dll, version 32.0.0.5350, fault address 0x0000141b.
 
Error - 04/09/2014 06:06:26 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001.
 The following applications must be closed before continuing the uninstall:   Mozilla
 Firefox
 
[ System Events ]
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:28:37 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the NVSvc service.
 
Error - 04/09/2014 15:34:18 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the NVSvc service.
 
 
< End of report >
 

[sirspread]

also got this from otl

it says extras.txt notepad

 

 

OTL Extras logfile created on: 05/09/2014 19:17:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1023.36 Mb Total Physical Memory | 376.52 Mb Available Physical Memory | 36.79% Memory free
2.40 Gb Paging File | 1.56 Gb Available in Paging File | 64.88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.35 Gb Total Space | 126.29 Gb Free Space | 55.06% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 0.37 Gb Free Space | 10.59% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-447023AE6B | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\WINDOWS\system32\lxcecoms.exe" = C:\WINDOWS\system32\lxcecoms.exe:*:Enabled:4300 Series Server -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcepswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcepswx.exe:*:Enabled:4300 Series Printer Status -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE" = C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Services -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1266096361\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1266096361\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1266096361\ee\AOLDesktop.exe" = C:\Program Files\Common Files\AOL\1266096361\ee\AOLDesktop.exe:*:Enabled:AOL Desktop -- (AOL LLC)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{10AE4FDC-32F9-4E56-8EE1-10629DD11C4E}" = Avira
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}" = KODAK Share Button App
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{e67154a7-9cc5-4167-b782-f3982bc6c70d}" = Avira
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0207194-35B9-4476-B02E-395EE52B5960}" = ASUS nVidia Driver
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"AdCleaner_is1" = AdCleaner 1.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AOL Broadband Toolbar" = AOL Broadband Toolbar 5.0
"AOL Regclient" = AOL Registration
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Easy Access Buttons" = Compaq Easy Access Buttons 3.00 D2
"Free Window Registry Repair" = Free Window Registry Repair
"ie8" = Windows Internet Explorer 8
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Lexmark 4300 Series" = Lexmark 4300 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motocross Madness 2" = Microsoft Motocross Madness 2
"Mozilla Firefox 32.0 (x86 en-US)" = Mozilla Firefox 32.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MS Access 97 SP2" = MS Access 97 SP2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"PROSet" = Intel® PRO Network Connections Drivers
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Shogun Total War - Warlord Edition" = Shogun - Total War - Warlord Edition
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28/08/2014 06:02:35 | Computer Name = YOUR-447023AE6B | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 avira.oe.servicehost.exe, P2 1.1.18.28431, P3
 53c3ed8f, P4 system.componentmodel.composition, P5 4.0.0.1, P6 4c2933cc, P7 49c,
 P8 20, P9 ha2r5vsskg1rxuacxv143hzfuv1ct25u, P10 NIL.
 
Error - 30/08/2014 15:12:16 | Computer Name = YOUR-447023AE6B | Source = Application Hang | ID = 1002
Description = Hanging application SDUpdate.exe, version 1.6.0.12, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 31/08/2014 16:10:19 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Java™ 6 Update 20 -- Internal Error 2753. regutils.dll
 
Error - 31/08/2014 16:51:45 | Computer Name = YOUR-447023AE6B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....uthrootseq.txt>
 with error: A connection with the server could not be established  
 
Error - 04/09/2014 06:03:24 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001.
 The following applications must be closed before continuing the uninstall:   Mozilla
 Firefox
 
Error - 04/09/2014 06:03:26 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001.
 The following applications must be closed before continuing the uninstall:   Mozilla
 Firefox
 
Error - 04/09/2014 06:03:37 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001.
 The following applications must be closed before continuing the uninstall:   Mozilla
 Firefox
 
Error - 04/09/2014 06:03:38 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001.
 The following applications must be closed before continuing the uninstall:   Mozilla
 Firefox
 
Error - 04/09/2014 06:06:06 | Computer Name = YOUR-447023AE6B | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 32.0.0.5350, faulting
 module mozalloc.dll, version 32.0.0.5350, fault address 0x0000141b.
 
Error - 04/09/2014 06:06:26 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001.
 The following applications must be closed before continuing the uninstall:   Mozilla
 Firefox
 
[ System Events ]
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:07:00 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
   %%126
 
Error - 04/09/2014 06:28:37 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the NVSvc service.
 
Error - 04/09/2014 15:34:18 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the NVSvc service.
 
 
< End of report >
 

[BrianDrab]

Hi. My name is Brian, and I will be helping you with Malware Removal.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.
 

- General Instructions -

• Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performaning any steps so you understand all that needs to be done.
• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
• Any fixes provided by myself are for this log file only and should not be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 

- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

I apologize for the delay. I'm reviewing your logs now and will be back with you shortly. Please let me know if you are no longer in need of assistance.

[sirspread]

thanks for helping i will wait for further assistance

[BrianDrab]

OK, I reviewed the logs. Following is what I would like you to do.
 
 
Step#1 - Warnings
CCleaner
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.
 
Windows XP
Windows XP has reached End of Life
You likely are already aware of this but I feel it is necessary to mention it. Windows XP has reached end of life. What this means is that Microsoft will no longer be supporting it. Security vulnerabilities that are found in Windows XP will no longer be patched so this leaves you very exposed to threats. Upgrading, if possible, to a newer Operating System is advised. You can read more about this from here.
 
 
Step#2 - OTL Fix
1. Double-click on OTL.exe to open.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.
 

reg:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = DWORD:0
 
Commands:
[EmptyTemp]

3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
 
 
 
Step#3 - Fresh Set of Logs Needed
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 32-bit Version so please ensure you download that one.
2. Double-click to open the file. When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
 
 
 
Items for your next post
1. Contents of the OTL fix
2. Contents of the FRST and Addition logs

[sirspread]

here is the otl contents

 

All processes killed
Error: Unable to interpret <reg:> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]> in the current context!
Error: Unable to interpret <"DisableSR" = DWORD:0> in the current context!
Error: Unable to interpret <[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]> in the current context!
Error: Unable to interpret <"Start" = DWORD:0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Commands:> in the current context!
Error: Unable to interpret <[EmptyTemp]> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 09092014_140538

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

 

 

contents of the frst log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by Compaq_Owner (administrator) on YOUR-447023AE6B on 09-09-2014 14:14:52
Running from C:\Documents and Settings\Compaq_Owner\desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(ASUSTeK COMPUTER INC.) C:\WINDOWS\ATKKBService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\lxcecoms.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LXCECATS] => rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 0
HKU\.DEFAULT\...\Policies\system: [NoVisualStyleChoice] 0
HKU\.DEFAULT\...\Policies\system: [NoColorChoice] 0
HKU\.DEFAULT\...\Policies\system: [NoSizeChoice] 0
HKU\.DEFAULT\...\Policies\system: [DisableLockWorkstation] 0
HKU\.DEFAULT\...\Policies\system: [DisableChangePassword] 0
HKU\.DEFAULT\...\Policies\system: [HideLogonScripts] 0
HKU\.DEFAULT\...\Policies\system: [HideLogoffScripts] 0
HKU\.DEFAULT\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoThemesTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeKeyboardNavigationIndicators] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeAnimation] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoAddPrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [RestrictCpl] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisallowCpl] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDrivesInSendToMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [RestrictRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisallowRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRecycleFiles] 0
HKU\.DEFAULT\...\Policies\Explorer: [ForceRecycleBinSize] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoPropertiesMyDocuments] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoPropertiesRecycleBin] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoManageMyComputerVerb] 0
HKU\.DEFAULT\...\Policies\Explorer: [ClassicShell] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoCustomizeWebView] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFileMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWinKeys] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSecurityTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoInstrumentation] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoCustomizeThisFolder] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWebView] 0
HKU\.DEFAULT\...\Policies\Explorer: [DontShowSuperHidden] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoOnlinePrintsWizard] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoPublishingWizard] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSMMyPictures] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuMyMusic] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSMMyDocs] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFavoritesMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHelp] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoCommonGroups] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoUserNameInStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuEjectPC] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSimpleStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [ForceStartMenuLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDisconnect] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoNtSecurity] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [GreyMSIAds] 0
HKU\.DEFAULT\...\Policies\Explorer: [ForceMaxRecentDocs] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSMBalloonTip] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSMBalloonTips] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [LockTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAVolume] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCANetwork] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAPower] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKU\.DEFAULT\...\Policies\Explorer: [NoTaskGrouping] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWebServices] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFileUrl] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoBandCustomize] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\.DEFAULT\...\Policies\Explorer: [SpecifyDefaultButtons] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoNetHood] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoComputersNearMe] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKU\.DEFAULT\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogOff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [PromptRunasInstallNetPath] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDesktopCleanupWizard] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoThumbnailCache] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Policies\Explorer: [ForceCopyAclwithFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [StartRunNoHOMEPATH] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\system: [HideLogonScripts] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoChangeKeyboardNavigationIndicators] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoChangeAnimation] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoAddPrinter] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [RestrictCpl] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [DisallowCpl] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoDrivesInSendToMenu] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [ForceRecycleBinSize] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoSharedDocuments] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoPropertiesMyDocuments] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoPropertiesRecycleBin] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoCustomizeWebView] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoWinKeys] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoSecurityTab] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoInstrumentation] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoCustomizeThisFolder] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoWebView] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [DontShowSuperHidden] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoOnlinePrintsWizard] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoPublishingWizard] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoHelp] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoNetworkConnections] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoStartMenuPinnedList] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoUserNameInStartMenu] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoStartMenuEjectPC] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoSimpleStartMenu] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [ForceStartMenuLogoff] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoDisconnect] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoNtSecurity] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [GreyMSIAds] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [ForceMaxRecentDocs] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoSMBalloonTip] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoSMBalloonTips] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [LockTaskbar] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [HideSCAPower] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoTaskGrouping] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoWebServices] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoFileUrl] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [SpecifyDefaultButtons] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoComputersNearMe] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [EnforceShellExtensionSecurity] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [PromptRunasInstallNetPath] 1
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoDesktopCleanupWizard] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoThumbnailCache] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [ForceCopyAclwithFile] 0
HKU\S-1-5-21-4207471033-598798117-2367749602-1008\...\Policies\Explorer: [StartRunNoHOMEPATH] 0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC015BDF482DDCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: CPub Object -> {696D8C1E-7039-40c8-9C66-07D9D2A2D00D} -> C:\Program Files\AdCleaner\AdCleaner.dll (eEriEsoft, Inc.)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcp...ols/pcmatic.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437
FF NewTab: www.google.com
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\Compaq_Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FoxTrick - C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\Extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} [2014-08-14]
FF Extension: Classic Theme Restorer - C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\Extensions\[email protected] [2014-05-14]
FF Extension: Exif Viewer - C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\Extensions\[email protected] [2014-08-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-19]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-12] (Avira Operations GmbH & Co. KG)
S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 ATKKeyboardService; C:\WINDOWS\ATKKBService.exe [258560 2007-09-13] (ASUSTeK COMPUTER INC.) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-05-18] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R3 lxce_device; C:\WINDOWS\system32\lxcecoms.exe [471040 2005-07-06] (Lexmark International, Inc.)
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 asusgsb; C:\WINDOWS\System32\drivers\asusgsb.sys [12416 2007-09-13] (ASUSTeK Computer Inc.) [File not signed]
R1 asuskbnt; C:\WINDOWS\System32\drivers\atkkbnt.sys [11136 2007-09-13] (ASUSTeK COMPUTER INC.) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-11-12] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 dsiarhwprog; C:\WINDOWS\System32\Drivers\dsiarhwprog.sys [29184 2007-02-08] (Thesycon GmbH, Germany) [File not signed]
R1 EABFiltr; C:\WINDOWS\system32\drivers\EABFiltr.sys [6928 2002-10-14] (Compaq Computer Corp.)
S3 eabusb; C:\WINDOWS\system32\drivers\eabusb.sys [5168 2002-01-28] (Compaq Computer Corp.)
R1 EIO; C:\WINDOWS\system32\drivers\EIO.sys [12288 2007-09-13] (ASUSTeK Computer Inc.) [File not signed]
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-08] (Windows ® Server 2003 DDK provider)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
S3 sonypvs1; C:\WINDOWS\System32\DRIVERS\sonypvs1.sys [102220 2002-10-15] (Sony Corporation) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-07-24] (Avira GmbH)
R3 Video3D; C:\WINDOWS\System32\Drivers\Video3D32.sys [10752 2007-09-13] (ASUSTeK COMPUTER INC.) [File not signed]
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\22F.tmp [X]
S3 NielGfx; system32\drivers\nielgfx.sys [X]
S0 nielprt; system32\DRIVERS\nielprt.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 14:14 - 2014-09-09 14:15 - 00024680 _____ () C:\Documents and Settings\Compaq_Owner\desktop\FRST.txt
2014-09-09 14:14 - 2014-09-09 14:14 - 00001698 _____ () C:\Documents and Settings\Compaq_Owner\desktop\09092014_140538.log
2014-09-09 14:05 - 2014-09-09 14:05 - 00000000 ____D () C:\_OTL
2014-09-09 14:03 - 2014-09-09 14:03 - 01097728 _____ (Farbar) C:\Documents and Settings\Compaq_Owner\desktop\FRST.exe
2014-09-05 17:56 - 2014-09-07 23:37 - 00014336 _____ () C:\Documents and Settings\Compaq_Owner\desktop\ins and outs.xlr
2014-09-04 11:06 - 2014-09-04 11:06 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2014-09-02 20:55 - 2014-09-02 20:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-02 19:25 - 2014-09-02 19:25 - 00000000 ___SD () C:\ComboFix
2014-09-02 17:37 - 2014-09-02 17:37 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-08-31 21:54 - 2014-08-31 21:54 - 00020621 _____ () C:\ComboFix.txt
2014-08-31 21:54 - 2014-08-31 21:54 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-31 21:54 - 2014-08-31 21:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-31 21:54 - 2014-08-31 21:54 - 00000000 ____D () C:\Documents and Settings\Administrator.YOUR-447023AE6B\Local Settings\temp
2014-08-31 21:40 - 2014-09-09 14:15 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Local Settings\temp
2014-08-31 21:08 - 2014-08-31 21:08 - 00000000 _____ () C:\WINDOWS\system32\REN368.tmp
2014-08-31 21:08 - 2014-08-31 21:08 - 00000000 _____ () C:\WINDOWS\system32\REN367.tmp
2014-08-28 11:14 - 2014-08-28 11:14 - 00000866 _____ () C:\Documents and Settings\All Users\desktop\Avira.lnk
2014-08-27 23:12 - 2014-08-27 23:12 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Adobe
2014-08-24 20:18 - 2014-08-30 20:06 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2014-08-24 20:18 - 2014-08-24 20:18 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-08-21 22:24 - 2014-08-21 22:25 - 00048282 _____ () C:\JavaRa.log
2014-08-21 21:42 - 2014-08-21 21:43 - 01364531 _____ () C:\Documents and Settings\Compaq_Owner\desktop\adwcleaner_3.308.exe
2014-08-17 21:01 - 2014-09-09 14:08 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-17 21:01 - 2014-09-09 14:08 - 00000000 _____ () C:\WINDOWS\wiaservc.log
2014-08-17 21:01 - 2014-09-09 14:06 - 00032336 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-17 21:01 - 2014-08-17 21:01 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-17 16:53 - 2014-09-09 14:09 - 00311744 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-16 19:54 - 2014-08-16 22:08 - 00000000 ____D () C:\Program Files\Fralimbo
2014-08-16 19:46 - 2014-08-16 19:46 - 00000170 _____ () C:\Documents and Settings\Compaq_Owner\Application Data\WindApp.boostrap.log
2014-08-16 10:53 - 2014-08-16 10:54 - 00004537 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log
2014-08-12 22:51 - 2014-09-09 14:06 - 00132976 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-08-12 10:36 - 2014-08-28 20:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 14:15 - 2014-09-09 14:14 - 00024680 _____ () C:\Documents and Settings\Compaq_Owner\desktop\FRST.txt
2014-09-09 14:15 - 2014-08-31 21:40 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Local Settings\temp
2014-09-09 14:14 - 2014-09-09 14:14 - 00001698 _____ () C:\Documents and Settings\Compaq_Owner\desktop\09092014_140538.log
2014-09-09 14:14 - 2014-04-13 17:03 - 00000000 ____D () C:\FRST
2014-09-09 14:14 - 2010-02-13 20:20 - 00000436 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{60F2B32C-DEDB-47D4-B669-B12AA3C1622A}.job
2014-09-09 14:10 - 2010-02-11 13:23 - 00000000 ____D () C:\Program Files\Lx_cats
2014-09-09 14:09 - 2014-08-17 16:53 - 00311744 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-09 14:08 - 2014-08-17 21:01 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-09 14:08 - 2014-08-17 21:01 - 00000000 _____ () C:\WINDOWS\wiaservc.log
2014-09-09 14:08 - 2014-03-11 10:16 - 00000236 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-09 14:08 - 2004-11-09 21:39 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-09 14:06 - 2014-08-17 21:01 - 00032336 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-09 14:06 - 2014-08-12 22:51 - 00132976 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-09-09 14:05 - 2014-09-09 14:05 - 00000000 ____D () C:\_OTL
2014-09-09 14:03 - 2014-09-09 14:03 - 01097728 _____ (Farbar) C:\Documents and Settings\Compaq_Owner\desktop\FRST.exe
2014-09-09 13:45 - 2012-05-04 06:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-09 13:14 - 2010-02-13 17:42 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner
2014-09-09 13:10 - 2013-09-05 15:30 - 00000000 ____D () C:\AdwCleaner
2014-09-09 09:23 - 2010-02-13 17:02 - 00022419 _____ () C:\lxce.log
2014-09-09 09:20 - 2004-11-09 21:23 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-07 23:37 - 2014-09-05 17:56 - 00014336 _____ () C:\Documents and Settings\Compaq_Owner\desktop\ins and outs.xlr
2014-09-07 23:37 - 2010-02-15 17:00 - 00008174 _____ () C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2014-09-07 19:53 - 2014-07-03 13:26 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 19:08 - 2011-06-12 22:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwmp11$
2014-09-05 17:15 - 2010-11-23 10:10 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-09-05 16:58 - 2005-01-02 15:39 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-09-05 15:12 - 2004-11-24 00:25 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-05 14:35 - 2011-11-19 21:57 - 00053248 ____H () C:\Documents and Settings\Compaq_Owner\desktop\photothumb.db
2014-09-04 11:06 - 2014-09-04 11:06 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2014-09-04 09:16 - 2012-04-26 11:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-02 20:56 - 2014-09-02 20:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-02 19:41 - 2010-02-14 12:03 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-02 19:41 - 2010-02-12 22:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-09-02 19:26 - 2004-11-24 00:36 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-09-02 19:25 - 2014-09-02 19:25 - 00000000 ___SD () C:\ComboFix
2014-09-02 19:25 - 2010-05-11 20:00 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-09-02 17:37 - 2014-09-02 17:37 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-08-31 21:54 - 2014-08-31 21:54 - 00020621 _____ () C:\ComboFix.txt
2014-08-31 21:54 - 2014-08-31 21:54 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-08-31 21:54 - 2014-08-31 21:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-08-31 21:54 - 2014-08-31 21:54 - 00000000 ____D () C:\Documents and Settings\Administrator.YOUR-447023AE6B\Local Settings\temp
2014-08-31 21:46 - 2004-11-09 21:11 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-31 21:39 - 2004-11-24 00:07 - 00000000 ____D () C:\WINDOWS\Help
2014-08-31 21:08 - 2014-08-31 21:08 - 00000000 _____ () C:\WINDOWS\system32\REN368.tmp
2014-08-31 21:08 - 2014-08-31 21:08 - 00000000 _____ () C:\WINDOWS\system32\REN367.tmp
2014-08-30 20:06 - 2014-08-24 20:18 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2014-08-28 20:37 - 2014-08-12 10:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-08-28 11:14 - 2014-08-28 11:14 - 00000866 _____ () C:\Documents and Settings\All Users\desktop\Avira.lnk
2014-08-28 11:14 - 2013-07-24 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-08-28 11:12 - 2013-07-24 13:04 - 00000000 ____D () C:\Program Files\Avira
2014-08-27 23:12 - 2014-08-27 23:12 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Adobe
2014-08-27 20:08 - 2010-03-08 18:38 - 00024064 _____ () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-24 22:22 - 2010-02-13 19:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB967715$
2014-08-24 20:18 - 2014-08-24 20:18 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-08-21 22:31 - 2012-05-04 06:50 - 00699568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-21 22:31 - 2011-05-28 14:25 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-21 22:25 - 2014-08-21 22:24 - 00048282 _____ () C:\JavaRa.log
2014-08-21 22:24 - 2005-01-02 15:27 - 00000000 ____D () C:\Program Files\Java
2014-08-21 21:54 - 2011-12-14 23:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2633171$
2014-08-21 21:43 - 2014-08-21 21:42 - 01364531 _____ () C:\Documents and Settings\Compaq_Owner\desktop\adwcleaner_3.308.exe
2014-08-21 16:42 - 2010-03-11 12:01 - 00020294 _____ () C:\lxcescan.log
2014-08-19 12:46 - 2010-02-13 23:07 - 00196608 _____ () C:\WINDOWS\system32\Drivers\nStandard.bin
2014-08-17 21:01 - 2014-08-17 21:01 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log
2014-08-17 21:00 - 2010-02-13 17:42 - 00000178 ___SH () C:\Documents and Settings\Compaq_Owner\ntuser.ini
2014-08-17 16:57 - 2013-12-07 22:37 - 00000000 ____D () C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Vistaprint Photo Books
2014-08-17 16:52 - 2004-11-23 23:08 - 00000281 __RSH () C:\boot.ini
2014-08-17 16:52 - 2004-11-09 21:20 - 00000792 _____ () C:\WINDOWS\win.ini
2014-08-17 16:50 - 2010-02-11 12:50 - 00000000 __SHD () C:\Documents and Settings\Compaq_Owner\UserData
2014-08-16 22:08 - 2014-08-16 19:54 - 00000000 ____D () C:\Program Files\Fralimbo
2014-08-16 22:08 - 2004-11-24 00:04 - 00000000 ____D () C:\Program Files\Common Files\System
2014-08-16 21:28 - 2004-11-24 00:04 - 00000000 ____D () C:\Program Files\Common Files\Services
2014-08-16 20:45 - 2011-05-05 22:13 - 00000738 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-16 20:45 - 2010-02-16 00:02 - 00000732 _____ () C:\Documents and Settings\All Users\desktop\Mozilla Firefox.lnk
2014-08-16 20:45 - 2010-02-13 17:42 - 00000811 _____ () C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Internet Explorer.lnk
2014-08-16 19:51 - 2010-08-07 15:41 - 00000000 ____D () C:\Program Files\Google
2014-08-16 19:46 - 2014-08-16 19:46 - 00000170 _____ () C:\Documents and Settings\Compaq_Owner\Application Data\WindApp.boostrap.log
2014-08-16 10:55 - 2005-01-02 15:27 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-16 10:54 - 2014-08-16 10:53 - 00004537 _____ () C:\WINDOWS\system32\jupdate-1.7.0_67-b01.log
2014-08-14 23:04 - 2013-08-14 22:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-14 23:02 - 2010-02-13 18:48 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-12 10:36 - 2013-07-24 13:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira

Files to move or delete:
====================
C:\Documents and Settings\Compaq_Owner\settings.dat


Some content of TEMP:
====================
C:\Documents and Settings\Compaq_Owner\Local Settings\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

i didnt get an addition log
 

[BrianDrab]

Thank you. Please follow the steps below to get the Addition log.

 

Step#1 - Let's get that Addition.txt File
 
1. Double-click on FRST to open..
2. Ensure that the Addition.txt check box is checked in the Optional Scan area at the bottom of the screen.
3. Press the Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop). We will not need this log this time.
5. Another log will be created (Addition.txt - also located in the same directory as FRST.exe).
6. Please paste the contents of the Addition.txt log in your next reply.

[sirspread]

here is the addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2014
Ran by Compaq_Owner at 2014-09-09 14:48:52
Running from C:\Documents and Settings\Compaq_Owner\desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.41612 - ABBYY Software House)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
AdCleaner 1.2 (HKLM\...\AdCleaner_is1) (Version:  - eEriEsoft,Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
AOL Broadband Toolbar 5.0 (HKLM\...\AOL Broadband Toolbar) (Version: 5.0.80.1 - AOL)
AOL Registration (HKLM\...\AOL Regclient) (Version:  - )
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - )
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
ASUS Gamer OSD (HKLM\...\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}) (Version: 2.05.0913 - ASUSTeK COMPUTER INC.)
ASUS nVidia Driver (Version: 5.00.0000 - ASUSTek) Hidden
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5150 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.13-050414a2-023930C-HP - )
Avira (HKLM\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Compaq Easy Access Buttons 3.00 D2 (HKLM\...\Easy Access Buttons) (Version:  - )
Compaq Multimedia Keyboard Software (HKLM\...\KBD) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Free Window Registry Repair (HKLM\...\Free Window Registry Repair) (Version:  - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
InterVideo WinDVD Player (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.789 - InterVideo Inc.)
Java™ 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
K-Lite Codec Pack 5.2.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 5.2.0 - )
KODAK Share Button App (HKLM\...\{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}) (Version: 3.01.0000.0000 - Eastman Kodak Company)
Lexmark 4300 Series (HKLM\...\Lexmark 4300 Series) (Version:  - )
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Age of Empires Gold (HKLM\...\Age of Empires Gold 1.0) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Motocross Madness 2 (HKLM\...\Motocross Madness 2) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Mozilla Firefox 32.0 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MS Access 97 SP2 (HKLM\...\MS Access 97 SP2) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PC-Doctor 5 for Windows (HKLM\...\InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}) (Version: 5.00.2832.01 - PC-Doctor)
PC-Doctor 5 for Windows (Version: 5.00.2832.01 - PC-Doctor) Hidden
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PS2 (HKLM\...\PS2) (Version:  - )
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version:  - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Shogun - Total War - Warlord Edition (HKLM\...\Shogun Total War - Warlord Edition) (Version:  - )
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.3 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.2 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.2 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.2 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sony USB Driver (HKLM\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version:  - )
Sophos Anti-Rootkit 1.5.0 (HKLM\...\Sophos-AntiRootkit) (Version: 1.5.0 - Sophos Plc)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4207471033-598798117-2367749602-1008_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Documents and Settings\Compaq_Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 19:00 - 2014-08-31 21:40 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{60F2B32C-DEDB-47D4-B669-B12AA3C1622A}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2011-05-17 17:34 - 2009-11-05 08:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2010-02-13 19:24 - 2005-07-12 10:33 - 00032768 _____ () C:\WINDOWS\system32\LXPRMON.DLL
2010-02-11 12:52 - 2007-09-13 16:54 - 00643142 _____ () C:\WINDOWS\aticlocklib.dll
2010-02-11 13:22 - 2005-02-24 17:23 - 00061440 _____ () C:\Program Files\Lexmark 4300 Series\lxcecnv4.dll
2014-08-04 14:16 - 2014-08-04 14:16 - 00245760 _____ () C:\Program Files\Avira\My Avira\System.ComponentModel.Composition.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-31 21:47 - 2014-08-04 14:20 - 00052472 _____ () C:\Documents and Settings\Compaq_Owner\Local Settings\temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-02 20:55 - 2014-09-02 20:56 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk => C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\WINDOWS\pss\McAfee Security Scan Plus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: AlcWzrd => ALCWZRD.EXE
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUSGamerOSD => C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
MSCONFIG\startupreg: ATIPTA => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: eabconfg.cpl => C:\Program Files\Compaq\EAB\EABSERVR.EXE /Start
MSCONFIG\startupreg: EzPrint => "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
MSCONFIG\startupreg: FaxCenterServer => "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
MSCONFIG\startupreg: High Definition Audio Property Page Shortcut => HDAShCut.exe
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1266096361\ee\AOLSoftware.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\windows\system\hpsysdrv.exe
MSCONFIG\startupreg: IPHSend => C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
MSCONFIG\startupreg: KBD => C:\HP\KBD\KBD.EXE
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: KodakShareButtonApp => C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
MSCONFIG\startupreg: LSBWatcher => c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
MSCONFIG\startupreg: lxcemon.exe => "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
MSCONFIG\startupreg: MSConfig => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: PS2 => C:\WINDOWS\system32\ps2.exe
MSCONFIG\startupreg: Recguard => C:\WINDOWS\SMINST\RECGUARD.EXE
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2014 11:06:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox

Error: (09/04/2014 11:06:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 32.0.0.5350, faulting module mozalloc.dll, version 32.0.0.5350, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/04/2014 11:03:38 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox

Error: (09/04/2014 11:03:37 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox

Error: (09/04/2014 11:03:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox

Error: (09/04/2014 11:03:24 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox

Error: (08/31/2014 09:51:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: A connection with the server could not be established

Error: (08/31/2014 09:10:19 PM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Java™ 6 Update 20 -- Internal Error 2753. regutils.dll

Error: (08/30/2014 08:12:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SDUpdate.exe, version 1.6.0.12, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/28/2014 11:02:35 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 avira.oe.servicehost.exe, P2 1.1.18.28431, P3 53c3ed8f, P4 system.componentmodel.composition, P5 4.0.0.1, P6 4c2933cc, P7 49c, P8 20, P9 clr20r30, P10 clr20r31.


System errors:
=============
Error: (09/09/2014 02:05:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The lxce_device service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/09/2014 02:05:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WAN Miniport (ATW) Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/09/2014 02:05:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/09/2014 02:05:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ATK Keyboard Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/09/2014 02:05:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Active File Monitor V7 service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/09/2014 09:23:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (09/07/2014 06:34:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (09/04/2014 08:34:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (09/04/2014 11:28:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (09/04/2014 11:07:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (09/04/2014 11:06:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox(NULL)(NULL)(NULL)

Error: (09/04/2014 11:06:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.0.5350mozalloc.dll32.0.0.53500000141b

Error: (09/04/2014 11:03:38 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox(NULL)(NULL)(NULL)

Error: (09/04/2014 11:03:37 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox(NULL)(NULL)(NULL)

Error: (09/04/2014 11:03:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox(NULL)(NULL)(NULL)

Error: (09/04/2014 11:03:24 AM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001. The following applications must be closed before continuing the uninstall:

Mozilla Firefox(NULL)(NULL)(NULL)

Error: (08/31/2014 09:51:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....uthrootseq.txtA connection with the server could not be established

Error: (08/31/2014 09:10:19 PM) (Source: MsiInstaller) (EventID: 10005) (User: YOUR-447023AE6B)
Description: Product: Java™ 6 Update 20 -- Internal Error 2753. regutils.dll(NULL)(NULL)(NULL)

Error: (08/30/2014 08:12:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDUpdate.exe1.6.0.12hungapp0.0.0.000000000

Error: (08/28/2014 11:02:35 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3avira.oe.servicehost.exe1.1.18.2843153c3ed8fsystem.componentmodel.composition4.0.0.14c2933cc49c20ha2r5vsskg1rxuacxv143hzfuv1ct25uNIL


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.06GHz
Percentage of memory in use: 68%
Total physical RAM: 1023.36 MB
Available physical RAM: 318.99 MB
Total Pagefile: 2460.74 MB
Available Pagefile: 1640.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.55 MB

==================== Drives ================================

Drive c: (PRESARIO) (Fixed) (Total:229.35 GB) (Free:126.27 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (PRESARIO_RP) (Fixed) (Total:3.52 GB) (Free:0.37 GB) FAT32 ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=3.5 GB) - (Type=0B)
Partition 2: (Active) - (Size=229.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[BrianDrab]

Thank you. There was an issue with the initial fix (my fault). Please do the following.

 

Step#1 - OTL Fix
1. Double-click on OTL.exe to open.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.
 

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = DWORD:0
 
:Commands
[EmptyTemp]

 

3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[sirspread]

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\\"DisableSR" | DWORD:0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr\\"Start" |DWORD:0 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 434 bytes
 
User: Administrator.YOUR-447023AE6B
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes
 
User: All Users
 
User: Compaq_Owner
->Temp folder emptied: 52475 bytes
->Temporary Internet Files folder emptied: 9208458 bytes
->Java cache emptied: 5658272 bytes
->FireFox cache emptied: 88003820 bytes
->Flash cache emptied: 61382 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 376858 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 8 bytes
 
Total Files Cleaned = 99.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09092014_164412

Files\Folders moved on Reboot...
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

[BrianDrab]

Please follow the instructions below.
 
Step#1 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here. Please follow the section How to remove an installed program.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. Also if you want to keep any of the following programs, you may reinstall after we are done cleaning your machine.
 
-AdCleaner 1.2
-Free Window Registry Repair (These types of programs are not recommended and can cause more harm than good)
-PC-Doctor 5 for Windows
-Sophos-AntiRootkit
 
 
Step#2 - OTL Fix
1. Double-click OTL.exe to run.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.

:Commands
[CreateRestorePoint]
 
:OTL
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
 
:Reg
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-

 
 
Step#3 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   1.01KB   180 downloads

    Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
 
2. Run FRST by Double-Clicking on the file and choosing.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 
Step#4 - Adware Scan
 
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Double-Click on AdwCleaner.exe to run the tool. Click Yes if asked to allow the program from an unknown publisher.
4. Click I Agree on the Terms of Use screen.
5. Click on Scan.
6. After the scan is complete click on "Clean"
7. Confirm each time with Ok on the messages that follow.
8. Your computer will be rebooted automatically. A text file will open after the restart.
9. Please post the content of that logfile with your next answer.
10. You can find the logfile at C:\AdwCleaner[S0].txt as well.
 
 
Step 5 - Fresh set of OTL logs

• Double-click on OTL.exe and ensure you check the options that I have outlined in Red below.
• 
• Click the "Run Scan" button.
• When the scan completes, it will open OTL.Txt on the desktop. There is another file named Extras.txt that will be minimized on the taskbar. We need the contents of both files. These files are also saved in the same location as you are running OTL from.
• Please copy the contents of the OTL.Txt and Extras.Txt file and paste it into your reply. Paste OTL.Txt first and then Paste Extras.txt.

Step#6 - Resolve Disabled Startup Items
You have many disabled startup items. It's better if we remove any startup items that you don't want so that they don't accidentally get re-enabled. Let me know if there are any of the following that you don't want me to remove from starting up automatically.
 
AOL 9.0 Tray Icon
McAfee Security Scan Plus
LimeWire On Startup
AdobeARM.exe
ALCMTR.EXE    <----We will be removing this one
ALCWZRD.EXE
APSDaemon.exe
GamerOSD.exe
atiptaxx.exe
avgnt.exe <----This one should really be re-enabled. Let me know if you disagree.
EABSERVR.EXE
ezprint.exe
fm3032.exe
HDAShCut.exe
AOLSoftware.exe
HPWuSchd2.exe
hpsysdrv.exe
IPHSend.exe
KBD.EXE
dumprep
Listener.exe
lsburnwatcher.exe
lxcemon.exe
MSConfig.exe <---This is just because you have disabled startup items. It will disappear once we clean things up.
msmsgs.exe
msnmsgr.exe
NvMcTray.dll,NvTaskbarInit
nwiz.exe /install
ps2.exe
RECGUARD.EXE
SOUNDMAN.EXE
jusched.exe
 
 
 
Items for your next post
1. Any issues with Uninstalls
2. OTL Fix
3. FRST Fix log
4. AdwCleaner log
5. Answers on Disabled Startup Items

[sirspread]

1 there were no issues with uninstalls

 

2 frst fix log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by Compaq_Owner at 2014-09-09 21:12:42 Run:1
Running from C:\Documents and Settings\Compaq_Owner\desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC015BDF482DDCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
BHO: CPub Object -> {696D8C1E-7039-40c8-9C66-07D9D2A2D00D} -> C:\Program Files\AdCleaner\AdCleaner.dll (eEriEsoft, Inc.)
Toolbar: HKLM - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx []
2014-09-02 19:41 - 2010-02-12 22:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
Reboot:
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{696D8C1E-7039-40c8-9C66-07D9D2A2D00D}" => Key deleted successfully.
"HKCR\CLSID\{696D8C1E-7039-40c8-9C66-07D9D2A2D00D}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.
"HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{41564952-412D-5637-00A7-7A786E7484D7} => value deleted successfully.
"HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => value deleted successfully.
"HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.
"HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}" => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh" => Key deleted successfully.
"C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx" => File/Directory not found.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

3

adw cleaner log

 

# AdwCleaner v3.309 - Report created 09/09/2014 at 21:32:41
# Updated 02/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Compaq_Owner - YOUR-447023AE6B
# Running from : C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v32.0 (x86 en-US)

[ File : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\prefs.js ]


*************************

AdwCleaner[0].txt - [1249 octets] - [12/09/2013 12:40:44]
AdwCleaner[1].txt - [7082 octets] - [12/09/2013 15:30:20]
AdwCleaner[R0].txt - [27491 octets] - [05/09/2013 15:35:27]
AdwCleaner[R10].txt - [2014 octets] - [21/09/2013 14:32:43]
AdwCleaner[R11].txt - [2075 octets] - [21/09/2013 22:47:36]
AdwCleaner[R12].txt - [2203 octets] - [25/09/2013 22:23:29]
AdwCleaner[R13].txt - [2264 octets] - [29/09/2013 15:00:50]
AdwCleaner[R14].txt - [2323 octets] - [05/10/2013 14:21:30]
AdwCleaner[R15].txt - [2384 octets] - [15/10/2013 11:22:29]
AdwCleaner[R16].txt - [2445 octets] - [22/10/2013 15:36:09]
AdwCleaner[R17].txt - [2506 octets] - [27/10/2013 22:19:33]
AdwCleaner[R18].txt - [2567 octets] - [05/11/2013 22:52:16]
AdwCleaner[R19].txt - [2628 octets] - [14/11/2013 17:56:51]
AdwCleaner[R1].txt - [1110 octets] - [05/09/2013 15:43:11]
AdwCleaner[R20].txt - [2684 octets] - [27/11/2013 09:28:56]
AdwCleaner[R21].txt - [2810 octets] - [29/12/2013 23:09:03]
AdwCleaner[R22].txt - [4307 octets] - [04/01/2014 16:01:32]
AdwCleaner[R23].txt - [2768 octets] - [12/01/2014 22:19:27]
AdwCleaner[R24].txt - [2829 octets] - [16/01/2014 15:24:20]
AdwCleaner[R25].txt - [2890 octets] - [16/01/2014 21:46:57]
AdwCleaner[R26].txt - [2951 octets] - [21/01/2014 23:00:40]
AdwCleaner[R27].txt - [3012 octets] - [21/01/2014 23:26:56]
AdwCleaner[R28].txt - [3133 octets] - [02/02/2014 19:31:40]
AdwCleaner[R29].txt - [3194 octets] - [03/02/2014 23:22:23]
AdwCleaner[R2].txt - [1230 octets] - [05/09/2013 20:22:15]
AdwCleaner[R30].txt - [3255 octets] - [05/02/2014 21:47:11]
AdwCleaner[R31].txt - [3316 octets] - [09/02/2014 20:25:33]
AdwCleaner[R32].txt - [3439 octets] - [15/02/2014 23:40:08]
AdwCleaner[R33].txt - [3500 octets] - [27/02/2014 16:05:43]
AdwCleaner[R34].txt - [3561 octets] - [04/03/2014 21:40:48]
AdwCleaner[R35].txt - [4892 octets] - [23/03/2014 20:04:49]
AdwCleaner[R36].txt - [3741 octets] - [23/03/2014 23:36:45]
AdwCleaner[R37].txt - [3802 octets] - [24/03/2014 12:51:17]
AdwCleaner[R38].txt - [3863 octets] - [25/03/2014 20:08:58]
AdwCleaner[R39].txt - [3924 octets] - [27/03/2014 20:22:29]
AdwCleaner[R3].txt - [1351 octets] - [07/09/2013 14:16:27]
AdwCleaner[R40].txt - [3985 octets] - [28/03/2014 23:25:11]
AdwCleaner[R41].txt - [4046 octets] - [29/03/2014 14:57:49]
AdwCleaner[R42].txt - [4107 octets] - [01/04/2014 17:29:04]
AdwCleaner[R43].txt - [4168 octets] - [06/04/2014 20:04:57]
AdwCleaner[R44].txt - [11629 octets] - [08/04/2014 10:32:32]
AdwCleaner[R45].txt - [4474 octets] - [08/04/2014 10:40:47]
AdwCleaner[R46].txt - [4475 octets] - [08/04/2014 10:42:11]
AdwCleaner[R47].txt - [4790 octets] - [08/04/2014 10:58:41]
AdwCleaner[R48].txt - [4658 octets] - [08/04/2014 11:30:07]
AdwCleaner[R49].txt - [4719 octets] - [08/04/2014 13:04:33]
AdwCleaner[R4].txt - [1411 octets] - [10/09/2013 16:10:28]
AdwCleaner[R50].txt - [4780 octets] - [08/04/2014 18:16:09]
AdwCleaner[R51].txt - [4841 octets] - [10/04/2014 13:37:26]
AdwCleaner[R52].txt - [4902 octets] - [10/04/2014 20:23:25]
AdwCleaner[R53].txt - [4963 octets] - [13/04/2014 22:16:32]
AdwCleaner[R54].txt - [5038 octets] - [15/04/2014 20:47:24]
AdwCleaner[R55].txt - [5099 octets] - [16/04/2014 19:07:16]
AdwCleaner[R56].txt - [5160 octets] - [24/04/2014 17:07:30]
AdwCleaner[R57].txt - [5223 octets] - [10/06/2014 20:21:11]
AdwCleaner[R58].txt - [5282 octets] - [03/07/2014 12:06:08]
AdwCleaner[R59].txt - [5343 octets] - [10/07/2014 11:16:40]
AdwCleaner[R5].txt - [4522 octets] - [12/09/2013 16:14:45]
AdwCleaner[R60].txt - [5469 octets] - [14/08/2014 10:16:53]
AdwCleaner[R61].txt - [5530 octets] - [16/08/2014 10:55:00]
AdwCleaner[R62].txt - [1938 octets] - [16/08/2014 20:17:56]
AdwCleaner[R63].txt - [10159 octets] - [16/08/2014 21:11:38]
AdwCleaner[R64].txt - [5969 octets] - [16/08/2014 21:22:04]
AdwCleaner[R65].txt - [6084 octets] - [16/08/2014 22:13:56]
AdwCleaner[R66].txt - [6145 octets] - [16/08/2014 22:30:15]
AdwCleaner[R67].txt - [6019 octets] - [17/08/2014 11:48:43]
AdwCleaner[R68].txt - [6141 octets] - [17/08/2014 15:32:26]
AdwCleaner[R69].txt - [6263 octets] - [17/08/2014 16:27:18]
AdwCleaner[R6].txt - [1712 octets] - [12/09/2013 17:04:25]
AdwCleaner[R70].txt - [6324 octets] - [19/08/2014 22:46:57]
AdwCleaner[R71].txt - [11239 octets] - [21/08/2014 21:47:29]
AdwCleaner[R72].txt - [6552 octets] - [21/08/2014 21:58:59]
AdwCleaner[R73].txt - [6613 octets] - [24/08/2014 16:26:12]
AdwCleaner[R74].txt - [6674 octets] - [27/08/2014 20:56:44]
AdwCleaner[R75].txt - [6735 octets] - [28/08/2014 22:29:21]
AdwCleaner[R76].txt - [6796 octets] - [30/08/2014 20:06:50]
AdwCleaner[R77].txt - [6980 octets] - [05/09/2014 14:55:22]
AdwCleaner[R78].txt - [6979 octets] - [05/09/2014 19:09:24]
AdwCleaner[R79].txt - [7040 octets] - [05/09/2014 22:16:59]
AdwCleaner[R7].txt - [1832 octets] - [15/09/2013 20:38:26]
AdwCleaner[R80].txt - [7101 octets] - [07/09/2014 19:53:35]
AdwCleaner[R81].txt - [7162 octets] - [09/09/2014 13:07:13]
AdwCleaner[R82].txt - [7582 octets] - [09/09/2014 21:29:11]
AdwCleaner[R8].txt - [1892 octets] - [17/09/2013 19:37:20]
AdwCleaner[R9].txt - [1952 octets] - [19/09/2013 16:34:08]
AdwCleaner[S0].txt - [27172 octets] - [05/09/2013 15:37:20]
AdwCleaner[S10].txt - [4230 octets] - [06/04/2014 20:06:57]
AdwCleaner[S11].txt - [10507 octets] - [08/04/2014 10:33:51]
AdwCleaner[S12].txt - [4858 octets] - [08/04/2014 11:00:17]
AdwCleaner[S13].txt - [5405 octets] - [10/07/2014 13:37:57]
AdwCleaner[S14].txt - [9657 octets] - [16/08/2014 21:13:49]
AdwCleaner[S15].txt - [6213 octets] - [16/08/2014 22:56:53]
AdwCleaner[S16].txt - [6081 octets] - [17/08/2014 11:52:43]
AdwCleaner[S17].txt - [6203 octets] - [17/08/2014 15:33:42]
AdwCleaner[S18].txt - [11423 octets] - [21/08/2014 21:51:33]
AdwCleaner[S19].txt - [7044 octets] - [05/09/2014 14:58:17]
AdwCleaner[S1].txt - [1172 octets] - [05/09/2013 15:44:24]
AdwCleaner[S20].txt - [7028 octets] - [09/09/2014 21:32:41]
AdwCleaner[S2].txt - [1292 octets] - [05/09/2013 20:23:21]
AdwCleaner[S3].txt - [4677 octets] - [12/09/2013 16:16:18]
AdwCleaner[S4].txt - [1773 octets] - [12/09/2013 17:05:40]
AdwCleaner[S5].txt - [2692 octets] - [14/11/2013 17:59:19]
AdwCleaner[S6].txt - [4399 octets] - [04/01/2014 16:02:39]
AdwCleaner[S7].txt - [3072 octets] - [21/01/2014 23:27:59]
AdwCleaner[S8].txt - [3376 octets] - [09/02/2014 20:26:31]
AdwCleaner[S9].txt - [4772 octets] - [23/03/2014 20:08:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S20].txt - [7569 octets] ##########
 

 

 

OTL.Txt

OTL logfile created on: 09/09/2014 21:42:18 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1023.36 Mb Total Physical Memory | 307.77 Mb Available Physical Memory | 30.07% Memory free
2.40 Gb Paging File | 1.66 Gb Available in Paging File | 69.09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.35 Gb Total Space | 125.99 Gb Free Space | 54.93% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 0.37 Gb Free Space | 10.59% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-447023AE6B | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/05 19:15:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\desktop\OTL.exe
PRC - [2014/09/02 20:56:26 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/09/02 14:39:57 | 000,427,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014/08/12 08:31:19 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014/08/12 08:30:35 | 000,751,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/08/12 08:30:35 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/08/04 14:20:42 | 000,161,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014/08/04 14:20:40 | 000,149,296 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/13 16:54:10 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2005/07/06 11:14:12 | 000,471,040 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxcecoms.exe
PRC - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/02 20:56:18 | 003,715,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/08/04 14:20:40 | 000,139,056 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014/08/04 14:20:34 | 000,052,472 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014/08/04 14:20:22 | 000,067,832 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
MOD - [2014/08/04 14:16:58 | 000,245,760 | ---- | M] () -- C:\Program Files\Avira\My Avira\System.ComponentModel.Composition.dll
MOD - [2014/02/13 21:44:58 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\f0bb94276be98ff9ff0b22152fa633b9\System.Xml.Linq.ni.dll
MOD - [2014/02/13 21:44:01 | 011,906,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f0b0625c2db624ba9c97ad1b12490d79\System.Web.ni.dll
MOD - [2014/02/13 21:43:46 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7e310942e6e9a5d623e003130ec3d9bd\System.Transactions.ni.dll
MOD - [2014/02/13 21:43:45 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/02/13 21:43:33 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\5c157466d360a10b2c97e94b41ddc588\System.Management.ni.dll
MOD - [2014/02/13 21:43:27 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\78e7a4c3acd1a345c4ef1f73ff48a1dd\System.EnterpriseServices.ni.dll
MOD - [2014/02/13 21:33:11 | 017,403,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\80743209bcc0a3af8305acd51569b483\System.ServiceModel.ni.dll
MOD - [2014/02/13 21:32:34 | 001,071,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\184f020284184651f03aa3cbc2bbccb6\System.IdentityModel.ni.dll
MOD - [2014/02/13 18:40:19 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/02/13 18:40:04 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/13 18:35:03 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/13 18:34:26 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ff1a0afc7a73669bca0ac4dffd8ee7c4\SMDiagnostics.ni.dll
MOD - [2014/02/13 18:32:14 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9860da66bf0219612908e7412b0a6e2e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/13 18:30:26 | 000,240,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\493eb38d7888e3ec1733b7bbc4a6c460\WindowsFormsIntegration.ni.dll
MOD - [2014/02/13 18:30:09 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/13 18:29:40 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/13 18:29:07 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/13 18:27:57 | 002,518,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\ff8f87204db52c710c5fb5792d3f2283\System.Data.Linq.ni.dll
MOD - [2014/02/13 18:27:32 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\af8afdcab485e00a04b18ed487981f3d\System.Data.ni.dll
MOD - [2014/02/13 18:27:19 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
MOD - [2014/02/13 18:26:53 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\508d144b1e81e6642be4fea8799fb424\PresentationFramework.Luna.ni.dll
MOD - [2014/02/13 18:26:14 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dad6af4d4f3b92adf0497c5ec9565236\PresentationFramework.ni.dll
MOD - [2014/02/13 18:24:55 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
MOD - [2014/02/13 18:24:24 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
MOD - [2014/02/13 18:23:59 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/13 18:23:19 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007/09/13 16:54:10 | 000,643,142 | ---- | M] () -- C:\WINDOWS\aticlocklib.dll
MOD - [2005/07/12 10:33:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\LXPRMON.DLL
MOD - [2005/02/24 17:23:52 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 4300 Series\lxcecnv4.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/09/02 20:56:19 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/08/21 22:31:15 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/12 08:31:19 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/08/12 08:30:44 | 001,021,008 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2014/08/12 08:30:35 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/08/04 14:20:40 | 000,149,296 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2011/05/18 17:28:57 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/09/13 16:54:10 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2005/07/06 11:14:12 | 000,471,040 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\system32\lxcecoms.exe -- (lxce_device)
SRV - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\22F.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2014/07/03 15:33:49 | 000,097,648 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2014/05/22 09:29:45 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/11/12 11:36:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/07/24 12:31:25 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/09/13 16:54:14 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2007/09/13 16:54:14 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2007/09/13 16:54:12 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2007/09/13 16:54:10 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2007/02/08 14:45:14 | 000,029,184 | R--- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2005/07/04 08:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 21:16:26 | 001,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/06/09 00:22:20 | 003,160,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/04/15 03:14:00 | 001,130,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/08 01:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/04 05:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/01/10 22:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/10/14 15:39:54 | 000,006,928 | ---- | M] (Compaq Computer Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (EABFiltr)
DRV - [2002/01/28 17:43:58 | 000,005,168 | ---- | M] (Compaq Computer Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 88 D1 6D 0D 18 A8 94 48 B2 6D 50 24 A8 A4 24 68  [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 88 D1 6D 0D 18 A8 94 48 B2 6D 50 24 A8 A4 24 68  [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 88 D1 6D 0D 18 A8 94 48 B2 6D 50 24 A8 A4 24 68  [binary data]
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 88 D1 6D 0D 18 A8 94 48 B2 6D 50 24 A8 A4 24 68  [binary data]
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}:  File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Compaq_Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/09/02 20:55:28 | 000,000,000 | ---D | M]
 
[2012/04/19 14:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2010/04/12 16:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions\[email protected]
[2014/09/04 11:35:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\extensions
[2014/08/14 10:00:58 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2014/08/05 08:40:41 | 000,371,596 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\extensions\[email protected]
[2014/08/27 21:46:47 | 000,230,013 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\extensions\[email protected]
[2014/08/14 09:56:27 | 000,002,372 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\21xlyd7h.default-1397587372437\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}\content\shortcuts-and-tweaks\supportership-expiration-date.js
[2014/09/02 20:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2014/09/02 20:55:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2014/09/02 20:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/09/02 20:56:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/08/31 21:40:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LXCECATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRecycleBinSize = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0? = kbd.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1? = soundman.exe (Realtek Semiconductor Corp.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2? = aolsoftware.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3? = reader_sl.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4? = newlock.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5? = newadmin.exe
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRecycleBinSize = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0? = kbd.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1? = soundman.exe (Realtek Semiconductor Corp.)
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2? = aolsoftware.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3? = reader_sl.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4? = newlock.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 5? = newadmin.exe
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\Software\Policies\Microsoft\Internet Explorer\ZOOM present
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictCpl = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrivesInSendToMenu = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRecycleBinSize = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyDocuments = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeWebView = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCustomizeThisFolder = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebView = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DontShowSuperHidden = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHelp = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDisconnect = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNtSecurity = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceMaxRecentDocs = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTips = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PromptRunasInstallNetPath = 1
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 0? = kbd.exe
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 1? = soundman.exe (Realtek Semiconductor Corp.)
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 2? = aolsoftware.exe
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 3? = reader_sl.exe
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 4? = newlock.exe
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun: 6? = newadmin.exe
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Broadband Toolbar 5.0\resources\en-GB\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcp...ols/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A545EDF-3EBE-41C5-B268-01AB4F12860F}: DhcpNameServer = 15.243.128.51 15.243.160.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E059185C-61F5-4054-86B1-D03485FBE296}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/09 21:20:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 20:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/09 14:05:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/09/09 14:03:45 | 001,097,728 | ---- | C] (Farbar) -- C:\Documents and Settings\Compaq_Owner\Desktop\FRST.exe
[2014/09/09 13:14:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2014/09/05 19:15:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2014/09/04 11:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2014/09/02 20:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/09/02 19:41:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/09/02 19:25:26 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/09/02 17:37:56 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
[2014/08/31 21:54:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/08/27 23:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2014/08/24 20:18:12 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\subinacl.exe
[2014/08/24 20:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft
[2014/08/24 20:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adware-Removal-Tool
[2014/08/16 19:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Fralimbo
[2014/08/12 10:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Package Cache
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/09 21:49:01 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{60F2B32C-DEDB-47D4-B669-B12AA3C1622A}.job
[2014/09/09 21:45:21 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/09/09 21:36:27 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/09/09 21:35:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/09/09 14:03:51 | 001,097,728 | ---- | M] (Farbar) -- C:\Documents and Settings\Compaq_Owner\Desktop\FRST.exe
[2014/09/09 09:20:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/09/07 23:37:07 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ins and outs.xlr
[2014/09/07 23:37:07 | 000,008,174 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2014/09/07 19:53:59 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/09/05 19:15:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2014/09/05 14:35:41 | 000,053,248 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\photothumb.db
[2014/09/04 12:19:59 | 001,247,810 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\15121191572_246dfda13e_o.jpg
[2014/09/04 12:19:46 | 001,534,156 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\14934992097_aa9aced89e_o.jpg
[2014/09/04 12:19:25 | 001,527,237 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\14934901770_a673c0168a_o.jpg
[2014/09/04 12:19:17 | 001,493,007 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\15121546815_c06630323d_o.jpg
[2014/09/04 12:19:05 | 001,488,521 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\15121174892_f7c9146851_o.jpg
[2014/09/02 17:37:56 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
[2014/08/31 21:40:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/08/30 20:06:20 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\subinacl.exe
[2014/08/28 11:14:37 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira.lnk
[2014/08/27 20:08:22 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/08/27 17:15:44 | 000,000,183 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\xmas.rtf
[2014/08/21 22:31:14 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/08/21 22:31:13 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/08/21 21:43:38 | 001,364,531 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner_3.308.exe
[2014/08/19 12:46:48 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2014/08/17 16:52:49 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2014/08/16 20:45:42 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/08/16 20:45:04 | 000,000,750 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/08/16 20:45:03 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
========== Files Created - No Company Name ==========
 
[2014/09/05 17:56:12 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ins and outs.xlr
[2014/09/04 12:25:50 | 000,815,804 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Copy of DSC_0172.JPG
[2014/09/04 12:19:56 | 001,247,810 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\15121191572_246dfda13e_o.jpg
[2014/09/04 12:19:38 | 001,534,156 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\14934992097_aa9aced89e_o.jpg
[2014/09/04 12:19:21 | 001,527,237 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\14934901770_a673c0168a_o.jpg
[2014/09/04 12:19:12 | 001,493,007 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\15121546815_c06630323d_o.jpg
[2014/09/04 12:19:00 | 001,488,521 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\15121174892_f7c9146851_o.jpg
[2014/08/28 11:14:34 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira.lnk
[2014/08/21 21:42:52 | 001,364,531 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\adwcleaner_3.308.exe
[2014/08/17 13:54:48 | 000,000,183 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\xmas.rtf
[2014/08/12 22:51:51 | 000,132,976 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/29 21:05:50 | 000,001,547 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\.recently-used.xbel
[2010/05/06 13:07:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\settings.dat
[2010/04/20 21:10:11 | 000,015,084 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\eo0MLX
[2010/04/20 21:10:11 | 000,015,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\eo0MLX
[2010/03/08 18:38:46 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/15 17:00:14 | 000,008,174 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2010/02/11 14:00:46 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Analog Swirl
[2010/02/11 14:00:46 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Ambience
[2010/02/11 14:00:46 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/02/11 13:38:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Analog Mono
[2010/02/11 13:38:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Action Clauses
[2010/02/11 13:38:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
 
========== ZeroAccess Check ==========
 
[2005/01/02 15:22:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/02/12 23:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlarySoft
[2014/04/20 22:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.YOUR-447023AE6B\Application Data\SampleView
[2010/08/09 22:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disk Cleaner
[2010/02/11 13:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Drum Kits
[2010/02/11 14:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/05/18 17:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/02/11 14:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\External Build System
[2010/05/09 23:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/11 13:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2014/08/28 20:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2010/12/16 22:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/03/09 23:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/04/05 22:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2011/01/13 22:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Track Prince
[2010/02/11 14:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/06/21 21:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/08/30 17:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A2A58654-12AA-408A-B411-58A76959BE7F}
[2010/09/27 21:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\acccore
[2012/12/11 23:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Azureus
[2011/04/23 22:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\com.Shutterfly.ExpressUploader
[2013/08/15 10:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Dropbox
[2010/06/23 17:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Facebook
[2010/12/13 22:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\FinalBurner AudioCD Ripper
[2010/12/13 22:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\FinalBurner Video DVD
[2014/01/05 22:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GlarySoft
[2011/03/29 21:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\gtk-2.0
[2010/05/29 13:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterVideo
[2010/04/11 19:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2010/07/18 17:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller
[2010/05/29 13:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Nikon
[2010/12/12 18:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\OpenOffice.org
[2010/05/11 12:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Panda Security
[2011/10/13 12:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PhotoScape
[2005/01/02 15:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2010/02/15 17:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2011/09/04 12:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\windows-dvd-maker
[2011/06/21 21:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WindSolutions
[2005/01/02 15:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/11/09 11:21:50 | 103,378,319 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\셫἗喴7
[2013/11/09 11:21:50 | 103,378,319 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\셫἗喴7
[2013/11/03 18:27:08 | 104,814,100 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\Ƞ杼喴7
[2013/11/03 18:27:08 | 104,814,100 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\Ƞ杼喴7
[2013/11/02 22:50:05 | 104,684,788 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\䃸예喴7
[2013/11/02 22:50:05 | 104,684,788 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\䃸예喴7
[2013/10/29 21:27:31 | 104,021,456 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ᓛ娻喴7
[2013/10/29 21:27:31 | 104,021,456 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ᓛ娻喴7
[2013/10/26 17:32:44 | 103,108,672 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\枴謐喴7
[2013/10/26 17:32:44 | 103,108,672 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\枴謐喴7
[2013/10/26 10:28:25 | 103,054,676 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\鴐Ⳑ喴7
[2013/10/26 10:28:25 | 103,054,676 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\鴐Ⳑ喴7
[2013/10/24 20:30:57 | 102,837,954 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\㗓╷喴7
[2013/10/24 20:30:57 | 102,837,954 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\㗓╷喴7
[2013/10/23 20:27:59 | 102,674,996 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\醶혭喴7
[2013/10/23 20:27:59 | 102,674,996 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\醶혭喴7
[2013/10/17 09:20:51 | 101,413,064 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\凱喴7
[2013/10/17 09:20:51 | 101,413,064 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\凱喴7
[2013/10/16 15:08:04 | 101,406,750 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ꢔ擄喴7
[2013/10/16 15:08:04 | 101,406,750 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ꢔ擄喴7
[2013/10/13 18:28:09 | 100,742,045 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\꾵喴7
[2013/10/13 18:28:09 | 100,742,045 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\꾵喴7
[2013/10/12 10:24:42 | 100,595,853 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\廼縖喴7
[2013/10/12 10:24:42 | 100,595,853 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\廼縖喴7
[2013/10/09 14:57:40 | 100,146,679 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\钅骴喴7
[2013/10/09 14:57:40 | 100,146,679 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\钅骴喴7
[2013/10/08 15:34:05 | 099,859,239 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\甜둤喴7
[2013/10/08 15:34:05 | 099,859,239 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\甜둤喴7
[2013/10/05 18:05:02 | 099,386,337 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\휺ꑍ喴7
[2013/10/05 18:05:02 | 099,386,337 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\휺ꑍ喴7
[2013/10/05 12:03:00 | 099,327,492 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\욘᭬喴7
[2013/10/05 12:03:00 | 099,327,492 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\욘᭬喴7
[2013/10/03 16:32:40 | 099,131,034 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\遾ፑ喴7
[2013/10/03 16:32:40 | 099,131,034 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\遾ፑ喴7
[2013/10/02 09:37:46 | 098,712,514 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\㸷喴7
[2013/10/02 09:37:46 | 098,712,514 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\㸷喴7
[2013/09/30 16:46:01 | 098,512,375 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\쮠ਵ喴7
[2013/09/30 16:46:01 | 098,512,375 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\쮠ਵ喴7
[2013/09/26 15:46:39 | 097,961,477 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ఽ塱喴7
[2013/09/26 15:46:39 | 097,961,477 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ఽ塱喴7
[2013/09/24 18:18:21 | 097,540,783 | ---- | M] ()(C:\WINDOWS\System32\??7) -- C:\WINDOWS\System32\喴7
[2013/09/24 18:18:21 | 097,540,783 | ---- | C] ()(C:\WINDOWS\System32\??7) -- C:\WINDOWS\System32\喴7
[2013/09/18 15:56:35 | 098,159,724 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\厈旉喴7
[2013/09/18 15:56:35 | 098,159,724 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\厈旉喴7
[2013/09/17 17:36:06 | 097,949,955 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\吅ḏ喴7
[2013/09/17 17:36:06 | 097,949,955 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\吅ḏ喴7
[2013/09/15 17:53:18 | 097,671,483 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\湳喴7
[2013/09/15 17:53:18 | 097,671,483 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\湳喴7
[2013/09/12 21:40:54 | 097,373,152 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\鷾့喴7
[2013/09/12 21:40:54 | 097,373,152 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\鷾့喴7
[2013/09/09 22:00:28 | 096,772,628 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\䔶ꟛ喴7
[2013/09/09 22:00:28 | 096,772,628 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\䔶ꟛ喴7
[2013/09/07 17:03:46 | 096,511,910 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\▙ἧ喴7
[2013/09/07 17:03:46 | 096,511,910 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\▙ἧ喴7
[2013/09/01 18:37:25 | 095,199,041 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\섴঵喴7
[2013/09/01 18:37:25 | 095,199,041 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\섴঵喴7
[2013/08/31 17:02:45 | 095,115,989 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ⳅ喴7
[2013/08/31 17:02:45 | 095,115,989 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ⳅ喴7
[2013/08/31 09:55:07 | 095,070,807 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\๊⯛喴7
[2013/08/31 09:55:07 | 095,070,807 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\๊⯛喴7
[2013/08/29 11:14:06 | 094,566,678 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\礔喴7
[2013/08/29 11:14:06 | 094,566,678 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\礔喴7
[2013/08/28 15:30:21 | 100,864,333 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\含㨵喴7
[2013/08/28 15:30:21 | 100,864,333 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\含㨵喴7
[2013/08/27 14:46:52 | 100,448,122 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\↨⑿喴7
[2013/08/27 14:46:52 | 100,448,122 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\↨⑿喴7
[2013/08/25 17:25:07 | 100,156,396 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\귨喴7
[2013/08/25 17:25:07 | 100,156,396 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\귨喴7
[2013/08/24 10:48:17 | 100,038,487 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ꄂ喴7
[2013/08/24 10:48:17 | 100,038,487 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ꄂ喴7
[2013/08/21 20:36:51 | 099,727,755 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\鞩ꅄ喴7
[2013/08/21 20:36:51 | 099,727,755 | ---- | C] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\鞩ꅄ喴7

< End of report >
 

 

exras

 

OTL Extras logfile created on: 09/09/2014 21:42:18 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1023.36 Mb Total Physical Memory | 307.77 Mb Available Physical Memory | 30.07% Memory free
2.40 Gb Paging File | 1.66 Gb Available in Paging File | 69.09% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.35 Gb Total Space | 125.99 Gb Free Space | 54.93% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 0.37 Gb Free Space | 10.59% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-447023AE6B | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\WINDOWS\system32\lxcecoms.exe" = C:\WINDOWS\system32\lxcecoms.exe:*:Enabled:4300 Series Server -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcepswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcepswx.exe:*:Enabled:4300 Series Printer Status -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE" = C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Services -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1266096361\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1266096361\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1266096361\ee\AOLDesktop.exe" = C:\Program Files\Common Files\AOL\1266096361\ee\AOLDesktop.exe:*:Enabled:AOL Desktop -- (AOL LLC)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{10AE4FDC-32F9-4E56-8EE1-10629DD11C4E}" = Avira
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}" = KODAK Share Button App
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{e67154a7-9cc5-4167-b782-f3982bc6c70d}" = Avira
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0207194-35B9-4476-B02E-395EE52B5960}" = ASUS nVidia Driver
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AOL Broadband Toolbar" = AOL Broadband Toolbar 5.0
"AOL Regclient" = AOL Registration
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Easy Access Buttons" = Compaq Easy Access Buttons 3.00 D2
"ie8" = Windows Internet Explorer 8
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Lexmark 4300 Series" = Lexmark 4300 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motocross Madness 2" = Microsoft Motocross Madness 2
"Mozilla Firefox 32.0 (x86 en-US)" = Mozilla Firefox 32.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MS Access 97 SP2" = MS Access 97 SP2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"PROSet" = Intel® PRO Network Connections Drivers
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Shogun Total War - Warlord Edition" = Shogun - Total War - Warlord Edition
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4207471033-598798117-2367749602-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28/08/2014 06:02:35 | Computer Name = YOUR-447023AE6B | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 avira.oe.servicehost.exe, P2 1.1.18.28431, P3
 53c3ed8f, P4 system.componentmodel.composition, P5 4.0.0.1, P6 4c2933cc, P7 49c,
 P8 20, P9 ha2r5vsskg1rxuacxv143hzfuv1ct25u, P10 NIL.
 
Error - 30/08/2014 15:12:16 | Computer Name = YOUR-447023AE6B | Source = Application Hang | ID = 1002
Description = Hanging application SDUpdate.exe, version 1.6.0.12, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 31/08/2014 16:10:19 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Java™ 6 Update 20 -- Internal Error 2753. regutils.dll
 
Error - 31/08/2014 16:51:45 | Computer Name = YOUR-447023AE6B | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download....uthrootseq.txt>
 with error: A connection with the server could not be established  
 
Error - 04/09/2014 06:03:24 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001.
 The following applications must be closed before continuing the uninstall:   Mozilla
 Firefox
 
Error - 04/09/2014 06:03:26 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001.
 The following applications must be closed before continuing the uninstall:   Mozilla
 Firefox
 
Error - 04/09/2014 06:03:37 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001.
 The following applications must be closed before continuing the uninstall:   Mozilla
 Firefox
 
Error - 04/09/2014 06:03:38 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001.
 The following applications must be closed before continuing the uninstall:   Mozilla
 Firefox
 
Error - 04/09/2014 06:06:06 | Computer Name = YOUR-447023AE6B | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 32.0.0.5350, faulting
 module mozalloc.dll, version 32.0.0.5350, fault address 0x0000141b.
 
Error - 04/09/2014 06:06:26 | Computer Name = YOUR-447023AE6B | Source = MsiInstaller | ID = 10005
Description = Product: Avira SearchFree Toolbar plus Web Protection -- Error 25001.
 The following applications must be closed before continuing the uninstall:   Mozilla
 Firefox
 
[ System Events ]
Error - 09/09/2014 09:05:42 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7034
Description = The WAN Miniport (ATW) Service service terminated unexpectedly.  It
 has done this 1 time(s).
 
Error - 09/09/2014 09:05:44 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7034
Description = The lxce_device service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 09/09/2014 11:44:15 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7034
Description = The ATK Keyboard Service service terminated unexpectedly.  It has
done this 1 time(s).
 
Error - 09/09/2014 11:44:15 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor V7 service terminated unexpectedly.
 It has done this 1 time(s).
 
Error - 09/09/2014 11:44:15 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 09/09/2014 11:44:15 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7034
Description = The WAN Miniport (ATW) Service service terminated unexpectedly.  It
 has done this 1 time(s).
 
Error - 09/09/2014 11:44:16 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7034
Description = The lxce_device service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 09/09/2014 15:18:42 | Computer Name = YOUR-447023AE6B | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.12 for the Network Card with network
 address 0013D3573709 has been  denied by the DHCP server 192.168.0.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 09/09/2014 16:21:40 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the NVSvc service.
 
Error - 09/09/2014 16:38:15 | Computer Name = YOUR-447023AE6B | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the NVSvc service.
 
 
< End of report >
 

 

disabled start ups feel free to stop eveything in your list

[BrianDrab]

Awesome job. Can you do Step#2 please? I believe you may have missed it.

[sirspread]

sorry did do it but forgot to add it

just done it again here it is

 

 

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 09092014_222536
 

[BrianDrab]

Almost there.
 
Step#1 - OTL Fix
1. Double-click OTL.exe to run.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.

:Commands
[CreateRestorePoint]
 
:OTL
[2013/11/09 11:21:50 | 103,378,319 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\셫἗喴7
[2013/11/03 18:27:08 | 104,814,100 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\Ƞ杼喴7
[2013/11/02 22:50:05 | 104,684,788 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\䃸예喴7
[2013/10/29 21:27:31 | 104,021,456 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ᓛ娻喴7
[2013/10/26 17:32:44 | 103,108,672 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\枴謐喴7
[2013/10/26 10:28:25 | 103,054,676 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\鴐Ⳑ喴7
[2013/10/24 20:30:57 | 102,837,954 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\㗓╷喴7
[2013/10/23 20:27:59 | 102,674,996 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\醶혭喴7
[2013/10/17 09:20:51 | 101,413,064 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\凱喴7
[2013/10/16 15:08:04 | 101,406,750 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ꢔ擄喴7
[2013/10/13 18:28:09 | 100,742,045 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\꾵喴7
[2013/10/12 10:24:42 | 100,595,853 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\廼縖喴7
[2013/10/09 14:57:40 | 100,146,679 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\钅骴喴7
[2013/10/08 15:34:05 | 099,859,239 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\甜둤喴7
[2013/10/05 18:05:02 | 099,386,337 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\휺ꑍ喴7
[2013/10/05 12:03:00 | 099,327,492 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\욘᭬喴7
[2013/10/03 16:32:40 | 099,131,034 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\遾ፑ喴7
[2013/10/02 09:37:46 | 098,712,514 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\㸷喴7
[2013/09/30 16:46:01 | 098,512,375 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\쮠ਵ喴7
[2013/09/26 15:46:39 | 097,961,477 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ఽ塱喴7
[2013/09/24 18:18:21 | 097,540,783 | ---- | M] ()(C:\WINDOWS\System32\??7) -- C:\WINDOWS\System32\喴7
[2013/09/18 15:56:35 | 098,159,724 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\厈旉喴7
[2013/09/17 17:36:06 | 097,949,955 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\吅ḏ喴7
[2013/09/15 17:53:18 | 097,671,483 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\湳喴7
[2013/09/12 21:40:54 | 097,373,152 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\鷾့喴7
[2013/09/09 22:00:28 | 096,772,628 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\䔶ꟛ喴7
[2013/09/07 17:03:46 | 096,511,910 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\▙ἧ喴7
[2013/09/01 18:37:25 | 095,199,041 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\섴঵喴7
[2013/08/31 17:02:45 | 095,115,989 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ⳅ喴7
[2013/08/31 09:55:07 | 095,070,807 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\๊⯛喴7
[2013/08/29 11:14:06 | 094,566,678 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\礔喴7
[2013/08/28 15:30:21 | 100,864,333 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\含㨵喴7
[2013/08/27 14:46:52 | 100,448,122 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\↨⑿喴7
[2013/08/25 17:25:07 | 100,156,396 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\귨喴7
[2013/08/24 10:48:17 | 100,038,487 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\ꄂ喴7
[2013/08/21 20:36:51 | 099,727,755 | ---- | M] ()(C:\WINDOWS\System32\???7) -- C:\WINDOWS\System32\鞩ꅄ喴7
 
:Reg
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
:Files
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\eo0MLX
C:\Documents and Settings\All Users\Application Data\eo0MLX
 
:commands
[Reboot]

 
3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
 
 
Step#2 - Change MSConfig to enable items 
 We need to enable the startup items so that we can remove them We can't remove them while they are disabled.
1. Click the Start button, choose Run and type msconfig and click OK.
2. In the General tab, click Normal Startup and click OK.
3. Reboot when prompted.
 
Step#3 - Fresh Set of Logs Needed
 
1. Double-click to FRST to open. 
2. Note: Please ensure that the Addition.txt check box is checked within the Optional Scan area at the bottom of the form.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. It will generate another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
 
 
Step#4 - Malwarebytes Scan
I see that you already have this installed and it is current so instead of downloading you can simply open up the one you already have.

• Download Malwarebytes to your desktop from here.
• Double-click on the file that is downloaded to your desktop.
• Select the appropriate language and click OK.
• Click Next.
• Select "I accept the agreement" and click Next.
• Click Next
• Change the install path if desired. Normally you will keep this as is. Click Next.
• Click Next again.
• Click Next again.
• Click Install.
• Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium" since we are going to uninstall when we are done.
• Click Finish
• If an update is found you will be prompted to download and install. Go ahead.
• Click the Scan button at the top of the form and then click Scan Now.
  
• Once the scan completes click the View detailed log link.
  
• Then click the Copy to clipboard button and paste into your next post.
  

Step#5 - Security Check
 
1. Download Security Check from here or here.
2. Save it to your Desktop.
3. Double-click SecurityCheck.exe to run. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Sometimes this can take 10 to 15 minutes to run so don't be alarmed if it does.
 
    
 
Items for your next post
1. OTL Fix Log
2. Addition.txt Log
3. Malwarebytes log
4. Security Check log