Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Post 'Cannot Update' disappeared?

(In Progress)
(!)

jud72's Avatar
jud72 jud72 is offline
Computer Specs
Member with 124 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Intermediate
06-Mar-2012, 01:36 PM #1
Post 'Cannot Update' disappeared?
My apologies for this new post but I just don't know what to do. My post 'Cannot Update' which I have been waiting patiently for an answer,has been going further and further down the list and has now disappeared altogether. The strange thing about it is, if I do a search for 'Cannot Update' it tells me it's in this 'Virus & Other Malware Removal' forum. Your help would be most appreciated.
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 55,628 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
06-Mar-2012, 09:18 PM #2
I assume that you're referring to this thread:

http://forums.techguy.org/virus-othe...ot-update.html

Phantom010 has been assisting you.

The last time that you replied to it was February 26th - 9 days ago.

-------------------------------------------------------
jud72's Avatar
jud72 jud72 is offline
Computer Specs
Member with 124 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Intermediate
07-Mar-2012, 09:43 AM #3
Cannot Update disappeared
flavallee, I must be missing something being relatively new to this Forum You are correct in saying Phantom010 was assisting me and my last post was 26 Feb. 2012. That was when Phantom010 informed me that I would be better off contacting the Virus And Other Malware Removal Forum for extra help. That is exactly what I did and as I stated in my last post, I have had no response. I appreciate you spend a lot of your valuable time assisting people and for that I am truly grateful. I just could not understand why my post Cannot Update on this particular Forum had disappeared after getting no responses. As you will see from the attachment, they are the last two posts between Phantom010 and myself.
If I am doing something wrong please tell me so I can rectify it.

Very sincerely jud72
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,213 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
07-Mar-2012, 09:57 AM #4
Run the following and let me see the logs..

Step 1
Download aswMBR from Here
If it asks to update during the process please allow this to happen.
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Ensure Quick scan is selected,then select Scan button to start the scan as illustrated below



    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
  • Once the scan finishes click Save log to save the log to your Desktop.


  • Copy and paste the contents of aswMBR.txt back here for review
  • You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

Step 2

Download OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3
Link 4
  • Double click on the icon to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Under the Custom Scan box paste this in:

    Code:
    netsvcs
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    msconfig
    %SYSTEMDRIVE%\*.exe
    %LOCALAPPDATA%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Let me see the following in your reply :-
  • aswMBR log
  • OTL scan log
  • Extras log
  • Attached MBR.zip file

Kevin
jud72's Avatar
jud72 jud72 is offline
Computer Specs
Member with 124 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Intermediate
07-Mar-2012, 01:27 PM #5
CanOTL logfile created on: 07/03/2012 15:39:33 - Run 1 OTL by Onot Update disappeared
Kevin, I truly hope I have executed your directions properly.
------------------------------------------------------------------------------------------
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-07 14:40:25
-----------------------------
14:40:25.676 OS Version: Windows 6.0.6002 Service Pack 2
14:40:25.676 Number of processors: 2 586 0xF0D
14:40:25.677 ComputerName: NATHANLAP UserName: Larry
14:40:27.262 Initialize success
14:42:25.861 AVAST engine defs: 12030700
14:44:47.657 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:44:47.662 Disk 0 Vendor: WDC_WD1600BEVT-60ZCT1 13.01A13 Size: 152627MB BusType: 3
14:44:47.716 Disk 0 MBR read successfully
14:44:47.721 Disk 0 MBR scan
14:44:47.756 Disk 0 unknown MBR code
14:44:47.762 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 142304 MB offset 63
14:44:47.809 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10319 MB offset 291440640
14:44:47.826 Disk 0 scanning sectors +312573952
14:44:47.897 Disk 0 scanning C:\Windows\system32\drivers
14:45:07.175 Service scanning
14:45:23.096 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
14:45:44.163 Modules scanning
14:45:51.830 Disk 0 trace - called modules:
14:45:51.853 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
14:45:51.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859c1400]
14:45:51.865 3 CLASSPNP.SYS[805df8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85797b98]
14:45:53.211 AVAST engine scan C:\Windows
14:45:58.903 AVAST engine scan C:\Windows\system32
14:51:10.365 AVAST engine scan C:\Windows\system32\drivers
14:51:40.830 AVAST engine scan C:\Users\Larry
15:18:06.183 AVAST engine scan C:\ProgramData
15:28:17.456 Scan finished successfully
15:31:14.963 Disk 0 MBR has been saved successfully to "C:\Users\Larry\Desktop\MBR.dat"
15:31:15.151 The log file has been saved successfully to "C:\Users\Larry\Desktop\fixMBR.txt"





OTL logfile created on: 07/03/2012 15:39:33 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Larry\Desktop\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 44.05% Memory free
4.10 Gb Paging File | 2.74 Gb Available in Paging File | 66.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.97 Gb Total Space | 37.35 Gb Free Space | 26.88% Space Free | Partition Type: NTFS
Drive D: | 10.08 Gb Total Space | 1.75 Gb Free Space | 17.37% Space Free | Partition Type: NTFS

Computer Name: NATHANLAP | User Name: Larry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/07 15:34:31 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\Desktop\OTL.exe
PRC - [2012/03/07 14:23:06 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Larry\Desktop\Desktop\aswMBR.exe
PRC - [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.) -- C:\Program Files\Maxthon3\Bin\Maxthon.exe
PRC - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/02 16:14:02 | 000,325,728 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/08/25 10:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/01 12:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 16:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2007/12/17 13:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/11 13:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2000/06/29 08:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\Windows\System32\Crypserv.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/30 00:41:44 | 001,977,328 | ---- | M] () -- C:\Program Files\Maxthon3\Core\Webkit\avcodec-53.dll
MOD - [2012/01/30 00:41:44 | 000,284,656 | ---- | M] () -- C:\Program Files\Maxthon3\Core\Webkit\avformat-53.dll
MOD - [2012/01/30 00:41:44 | 000,168,352 | ---- | M] () -- C:\Program Files\Maxthon3\Core\Webkit\avutil-51.dll
MOD - [2012/01/30 00:41:40 | 006,277,280 | ---- | M] () -- C:\Program Files\Maxthon3\Core\Webkit\Npplugins\NPSWF32.dll
MOD - [2012/01/30 00:41:36 | 000,103,848 | ---- | M] () -- C:\Program Files\Maxthon3\Bin\Maxzlib.dll
MOD - [2012/01/08 19:50:36 | 000,573,100 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2009/11/04 00:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2009/01/18 17:15:14 | 000,120,832 | RHS- | M] () -- C:\Windows\System32\MPCDx.ax
MOD - [2008/01/28 10:15:28 | 000,073,728 | ---- | M] () -- c:\Program Files\MyMorph\Mcmh.dll
MOD - [2005/02/22 17:55:02 | 000,081,920 | RHS- | M] () -- C:\Windows\System32\aac_parser.ax


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/01 12:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2008/10/06 16:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 19:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/17 13:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 13:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2000/06/29 08:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl2775598b)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- -- (fcconsqh)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aswMBR)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/26 18:02:28 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2009/09/05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/01/20 06:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/29 14:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/01/21 02:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/10/17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 00:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/03 22:45:48 | 000,178,913 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0260Vid.sys -- (V0260VID)
DRV - [2002/06/20 16:45:42 | 000,020,128 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2002/06/20 16:45:40 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2002/06/20 16:45:36 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2002/06/20 16:45:34 | 000,039,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2000/02/03 19:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=brn1&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {343db173-0e5a-4f2a-b7bb-71a49085d70e} - C:\Program Files\Online_Radio_1.1\tbOnli.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {a5342a22-51ef-4c3d-89b1-4ad16a70a6cb} - C:\Program Files\TalkTalk AOL News Toolbar\talktalkaolnewstb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/?l=dis&o=APN10112&gct=hp
IE - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://inboxtoolbar.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80245&lng=en
IE - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchrom ebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5 videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/04 14:58:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail. com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2012/02/25 19:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.c om: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/02/25 19:02:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/25 19:02:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\downloader@freeyout ubetomp3converter.org: C:\Program Files\FreeYouTubeToMP3TURBOConverter\Firefox [2012/02/25 19:02:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/26 06:37:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/29 18:19:11 | 000,000,000 | ---D | M]

[2012/01/27 08:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Extensions
[2011/06/10 07:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/29 13:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2009/04/22 17:31:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/02/19 13:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\4rmj8wns.Default User\extensions
[2012/02/19 13:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\gkwwk389.Laurence\e xtensions
[2010/04/25 18:18:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\gkwwk389.Laurence\e xtensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/29 18:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions
[2012/02/25 19:00:49 | 000,000,000 | ---D | M] (TalkTalk AOL News Toolbar) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions\{28f4e092-ca3b-4f0e-ab1e-e6d22b3bbca8}
[2011/06/25 18:06:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(259)
[2011/07/09 17:29:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(30)
[2010/04/25 07:55:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(4)
[2012/02/25 19:00:15 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2011/11/27 07:20:07 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions\ietab@ip(20).cn
[2011/06/29 16:34:54 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions\toolbar@alot(258).com
[2010/11/29 13:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1acye6y6.default\ extensions
[2011/11/14 18:59:48 | 000,002,135 | ---- | M] () -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\4rmj8wns.Default User\searchplugins\GoogleFeed.xml
[2012/03/02 11:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/25 19:00:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/03/18 06:55:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}(152)
[2012/03/02 11:41:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/25 19:00:06 | 000,000,000 | ---D | M] (DealPly) -- C:\Program Files\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/02/25 19:00:06 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
[2012/02/20 18:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/02/20 18:35:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/26 06:37:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/02 11:41:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/18 17:44:16 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012/02/26 06:37:28 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/26 06:37:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/26 06:37:28 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/26 06:37:28 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/26 12:12:06 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/01/26 12:34:27 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/02/26 06:37:28 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Online Radio 1.1 Toolbar) - {343db173-0e5a-4f2a-b7bb-71a49085d70e} - C:\Program Files\Online_Radio_1.1\tbOnli.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (TalkTalk AOL News Toolbar Loader) - {acd398d8-0875-4aab-8f62-1be965f51857} - C:\Program Files\TalkTalk AOL News Toolbar\talktalkaolnewstb.dll (AOL LLC.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Online Radio 1.1 Toolbar) - {343db173-0e5a-4f2a-b7bb-71a49085d70e} - C:\Program Files\Online_Radio_1.1\tbOnli.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (TalkTalk AOL News Toolbar) - {3561c277-e1a5-4696-aa84-c77aeea35962} - C:\Program Files\TalkTalk AOL News Toolbar\talktalkaolnewstb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (Online Radio 1.1 Toolbar) - {343DB173-0E5A-4F2A-B7BB-71A49085D70E} - C:\Program Files\Online_Radio_1.1\tbOnli.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (TalkTalk AOL News Toolbar) - {3561C277-E1A5-4696-AA84-C77AEEA35962} - C:\Program Files\TalkTalk AOL News Toolbar\talktalkaolnewstb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000..\Run: [Cookienator] C:\Program Files\Cookienator\cookienator.exe (CodeFromThe70s.org)
O4 - Startup: C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DATEwise3.lnk = C:\Program Files\BizWare Magic DATEwise\DATEwise3.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Download Video - {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files\FreeYouTubeToMP3TURBOConverter\ytmRunner.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64629E26-77BC-4FF9-A8B2-729FB9753BCA}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B936E51-37B9-4912-8FD5-27104EA3BC19}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0fa10a73-743e-11de-8464-001f1660862f}\Shell - "" = AutoRun
O33 - MountPoints2\{0fa10a73-743e-11de-8464-001f1660862f}\Shell\AutoRun\command - "" = F:\MediaManager.exe
O33 - MountPoints2\{aab26a49-e6b0-11df-8059-001f1660862f}\Shell - "" = Autorun
O33 - MountPoints2\{aab26a49-e6b0-11df-8059-001f1660862f}\Shell\verb\command - "" = C:\Windows\explorer.exe -- [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\Shell - "" = AutoRun
O33 - MountPoints2\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\Shell\AutoRun\command - "" = G:\MediaManager.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe - (AVM Software Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips SA19xx Device Manager.lnk - C:\Program Files\Philips\GoGear SA19xx Device Manager\main.exe - (KeenHigh Tech.)
MsConfig - StartUpFolder: C:^Users^Larry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Larry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Larry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WKCALREM.LNK - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AMTDeviceService - hkey= - key= - File not found
MsConfig - StartUpReg: APSDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: Creative WebCam Tray - hkey= - key= - C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - File not found
MsConfig - StartUpReg: EPSON Stylus SX200 Series - hkey= - key= - File not found
MsConfig - StartUpReg: Festoon - hkey= - key= - File not found
MsConfig - StartUpReg: GhostWall - hkey= - key= - File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - File not found
MsConfig - StartUpReg: HP Health Check Scheduler - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: HPAdvisor - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpWirelessAssistant - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found
MsConfig - StartUpReg: Rainlendar2 - hkey= - key= - File not found
MsConfig - StartUpReg: SearchSettings - hkey= - key= - File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SnapDraw-Free - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - File not found
MsConfig - StartUpReg: swg - hkey= - key= - File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - File not found
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdateLBPShortCut - hkey= - key= - File not found
MsConfig - StartUpReg: UpdateP2GoShortCut - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePDIRShortCut - hkey= - key= - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePSTShortCut - hkey= - key= - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: VueMinder - hkey= - key= - File not found
MsConfig - StartUpReg: WMBoot - hkey= - key= - C:\Program Files\Logitech\WingMan Profiler\ChekList.exe ()
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 11:58:37 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\Reg sticks
[2012/03/02 11:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/02 11:41:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/02 11:41:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/02 11:41:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/26 13:50:29 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Synaptics
[2012/02/26 13:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2012/02/26 13:37:22 | 055,375,144 | ---- | C] (Synaptics Incorporated) -- C:\Users\Larry\Desktop\Synaptics_v15_2_20_C_XP32_Vista32_Win7-32_Signed_Marketing_SGS94_UI-Scrybe.exe
[2012/02/26 12:48:59 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\HTL
[2012/02/26 07:27:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/02/25 21:38:42 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\Sheets
[2012/02/25 20:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/25 20:26:54 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/25 13:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client(202)
[2012/02/25 13:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/25 13:36:21 | 008,068,864 | ---- | C] (Microsoft Corporation) -- C:\Users\Larry\Desktop\mseinstall.exe
[2012/02/25 09:22:33 | 000,000,000 | R--D | C] -- C:\Users\Larry\Desktop\4Sync
[2012/02/25 09:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\4Sync
[2012/02/25 09:11:33 | 004,619,584 | ---- | C] (New IT Solutions) -- C:\Users\Larry\Desktop\4Sync_1.0.2.exe
[2012/02/23 19:40:43 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\FinalMediaPlayer
[2012/02/23 19:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalMediaPlayer
[2012/02/23 19:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\FinalMediaPlayer
[2012/02/23 19:30:15 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[2012/02/21 14:23:55 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxthon(757)
[2012/02/21 14:23:55 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxthon
[2012/02/21 14:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Maxthon3(200)
[2012/02/21 14:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Maxthon3
[2012/02/21 14:21:43 | 026,059,584 | ---- | C] (Maxthon International ltd.) -- C:\Users\Larry\Desktop\mx3.3.4.4000.exe
[2012/02/21 13:27:17 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Maxthon
[2012/02/20 22:19:58 | 000,000,000 | ---D | C] -- C:\cfb1931a1ba86af1c8d17f42f940b14e
[2012/02/19 14:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/02/19 14:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader(203)
[2012/02/19 14:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader(118)
[2012/02/19 13:46:35 | 000,000,000 | ---D | C] -- C:\Download
[2012/02/19 13:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/02/19 09:32:32 | 000,000,000 | ---D | C] -- C:\tmpDownload
[2012/02/17 21:01:42 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\T3 Manuals
[2012/02/17 08:18:09 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\AVG
[2012/02/17 07:42:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/02/17 07:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/17 07:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/02/17 07:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/15 18:05:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2(336)
[2012/02/14 21:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up(4)
[2010/10/15 15:19:46 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2010/10/15 15:19:46 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2010/10/15 15:19:46 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2010/10/15 15:19:46 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/07 15:32:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/07 15:31:15 | 000,000,512 | ---- | M] () -- C:\Users\Larry\Desktop\MBR.dat
[2012/03/07 14:28:31 | 000,000,512 | ---- | M] () -- C:\Users\Larry\Desktop\Documents\MBR.dat
[2012/03/07 14:09:42 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 14:09:41 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 14:09:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/07 14:09:41 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012/03/07 14:09:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/07 14:09:27 | 2075,332,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/06 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/03/06 06:56:16 | 000,000,189 | ---- | M] () -- C:\Users\Larry\Desktop\Canon.rtf
[2012/03/05 18:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2012/03/04 18:26:27 | 000,614,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/04 18:26:27 | 000,110,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/03 14:45:32 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLarry.job
[2012/03/02 21:54:12 | 000,000,208 | ---- | M] () -- C:\Users\Larry\Desktop\Ricky van shelton.rtf
[2012/03/02 19:59:12 | 000,000,195 | ---- | M] () -- C:\Users\Larry\Desktop\Canon support request.rtf
[2012/03/02 11:41:14 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/02 11:41:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/02 11:41:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/02 11:41:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/03/02 11:12:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/29 22:39:12 | 000,036,126 | ---- | M] () -- C:\Users\Larry\Desktop\MSRT.jpg
[2012/02/27 19:03:25 | 000,027,297 | ---- | M] () -- C:\Users\Larry\Desktop\3K Cinema Arabian Nights.S790.STY
[2012/02/27 18:59:38 | 000,000,678 | ---- | M] () -- C:\Users\Larry\Desktop\BLANK.MID
[2012/02/27 18:59:06 | 009,547,428 | ---- | M] () -- C:\Users\Larry\Desktop\Variation On Lawrence of Arabia Theme.mp3
[2012/02/27 05:46:59 | 000,052,506 | ---- | M] () -- C:\Users\Larry\Desktop\Page_106_CallMeFCantGetUsedToLosingYouC-TITUFB2ndEd.pdf
[2012/02/26 16:03:33 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/02/26 15:52:14 | 000,000,472 | ---- | M] () -- C:\Users\Larry\Desktop\Paul's address.rtf
[2012/02/26 13:39:33 | 055,375,144 | ---- | M] (Synaptics Incorporated) -- C:\Users\Larry\Desktop\Synaptics_v15_2_20_C_XP32_Vista32_Win7-32_Signed_Marketing_SGS94_UI-Scrybe.exe
[2012/02/26 12:57:32 | 000,337,133 | ---- | M] () -- C:\Users\Larry\Desktop\FSS.exe
[2012/02/25 13:59:15 | 000,000,237 | ---- | M] () -- C:\Users\Larry\Desktop\Update error 25th Feb..rtf
[2012/02/25 13:51:25 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/02/25 13:45:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/25 13:36:43 | 008,068,864 | ---- | M] (Microsoft Corporation) -- C:\Users\Larry\Desktop\mseinstall.exe
[2012/02/25 12:50:52 | 000,000,194 | ---- | M] () -- C:\Users\Larry\Desktop\Password for 4shared.rtf
[2012/02/25 09:11:44 | 004,619,584 | ---- | M] (New IT Solutions) -- C:\Users\Larry\Desktop\4Sync_1.0.2.exe
[2012/02/25 08:47:49 | 000,526,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/24 15:02:30 | 000,097,553 | ---- | M] () -- C:\Users\Larry\AppData\Roaming\Switch.dmp
[2012/02/23 19:40:43 | 000,000,884 | ---- | M] () -- C:\Users\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
[2012/02/23 19:40:43 | 000,000,860 | ---- | M] () -- C:\Users\Larry\Desktop\FinalMediaPlayer.lnk
[2012/02/23 19:38:44 | 000,001,106 | ---- | M] () -- C:\Users\Larry\Desktop\browser add-on.rtf
[2012/02/23 19:30:16 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[2012/02/22 18:43:31 | 000,002,690 | ---- | M] () -- C:\Users\Larry\Desktop\Possible fix for updates.rtf
[2012/02/21 15:51:53 | 000,000,879 | ---- | M] () -- C:\Users\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\Maxthon 3.lnk
[2012/02/21 14:23:55 | 000,000,843 | ---- | M] () -- C:\Users\Larry\Desktop\Maxthon 3.lnk
[2012/02/21 14:22:34 | 026,059,584 | ---- | M] (Maxthon International ltd.) -- C:\Users\Larry\Desktop\mx3.3.4.4000.exe
[2012/02/21 01:30:55 | 000,001,356 | ---- | M] () -- C:\Users\Larry\AppData\Local\d3d9caps.dat
[2012/02/19 14:31:01 | 008,635,208 | ---- | M] () -- C:\Users\Larry\Desktop\Documents\Herbie Hancock ~ I Thought It Was You.flv
[2012/02/10 14:18:19 | 000,000,177 | ---- | M] () -- C:\Users\Larry\Desktop\Paul.rtf
[2012/02/10 07:55:45 | 000,001,038 | ---- | M] () -- C:\Users\Larry\Desktop\Loading MP3 to Tyros 3.rtf
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/07 15:31:14 | 000,000,512 | ---- | C] () -- C:\Users\Larry\Desktop\MBR.dat
[2012/03/07 14:28:31 | 000,000,512 | ---- | C] () -- C:\Users\Larry\Desktop\Documents\MBR.dat
[2012/03/06 06:56:16 | 000,000,189 | ---- | C] () -- C:\Users\Larry\Desktop\Canon.rtf
[2012/03/02 21:52:07 | 000,000,208 | ---- | C] () -- C:\Users\Larry\Desktop\Ricky van shelton.rtf
[2012/03/02 19:59:12 | 000,000,195 | ---- | C] () -- C:\Users\Larry\Desktop\Canon support request.rtf
[2012/02/29 22:39:11 | 000,036,126 | ---- | C] () -- C:\Users\Larry\Desktop\MSRT.jpg
[2012/02/27 19:03:24 | 000,027,297 | ---- | C] () -- C:\Users\Larry\Desktop\3K Cinema Arabian Nights.S790.STY
[2012/02/27 18:59:38 | 000,000,678 | ---- | C] () -- C:\Users\Larry\Desktop\BLANK.MID
[2012/02/27 18:58:42 | 009,547,428 | ---- | C] () -- C:\Users\Larry\Desktop\Variation On Lawrence of Arabia Theme.mp3
[2012/02/27 05:46:58 | 000,052,506 | ---- | C] () -- C:\Users\Larry\Desktop\Page_106_CallMeFCantGetUsedToLosingYouC-TITUFB2ndEd.pdf
[2012/02/26 15:54:05 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/02/26 15:52:13 | 000,000,472 | ---- | C] () -- C:\Users\Larry\Desktop\Paul's address.rtf
[2012/02/26 12:57:28 | 000,337,133 | ---- | C] () -- C:\Users\Larry\Desktop\FSS.exe
[2012/02/25 13:59:15 | 000,000,237 | ---- | C] () -- C:\Users\Larry\Desktop\Update error 25th Feb..rtf
[2012/02/25 13:50:51 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/02/25 12:50:52 | 000,000,194 | ---- | C] () -- C:\Users\Larry\Desktop\Password for 4shared.rtf
[2012/02/24 15:02:28 | 000,097,553 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\Switch.dmp
[2012/02/24 07:16:55 | 2075,332,608 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/23 19:40:46 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012/02/23 19:40:43 | 000,000,884 | ---- | C] () -- C:\Users\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
[2012/02/23 19:40:43 | 000,000,860 | ---- | C] () -- C:\Users\Larry\Desktop\FinalMediaPlayer.lnk
[2012/02/23 19:38:43 | 000,001,106 | ---- | C] () -- C:\Users\Larry\Desktop\browser add-on.rtf
[2012/02/22 18:43:30 | 000,002,690 | ---- | C] () -- C:\Users\Larry\Desktop\Possible fix for updates.rtf
[2012/02/21 15:51:53 | 000,000,879 | ---- | C] () -- C:\Users\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\Maxthon 3.lnk
[2012/02/21 14:23:55 | 000,000,843 | ---- | C] () -- C:\Users\Larry\Desktop\Maxthon 3.lnk
[2012/02/19 14:28:35 | 008,635,208 | ---- | C] () -- C:\Users\Larry\Desktop\Documents\Herbie Hancock ~ I Thought It Was You.flv
[2012/02/10 14:18:19 | 000,000,177 | ---- | C] () -- C:\Users\Larry\Desktop\Paul.rtf
[2012/02/10 07:55:45 | 000,001,038 | ---- | C] () -- C:\Users\Larry\Desktop\Loading MP3 to Tyros 3.rtf
[2012/01/04 19:05:12 | 000,010,554 | -HS- | C] () -- C:\Users\Larry\AppData\Local\cxd8o8j8hsar
[2012/01/04 19:05:12 | 000,010,554 | -HS- | C] () -- C:\ProgramData\cxd8o8j8hsar
[2011/12/28 19:41:52 | 000,025,944 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/12/28 19:41:52 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/11/22 12:43:53 | 000,000,125 | ---- | C] () -- C:\Windows\System32\lp3codec32win.dll
[2011/07/11 17:19:51 | 000,000,175 | ---- | C] () -- C:\Windows\Datewise.INI
[2011/04/12 17:49:40 | 000,134,144 | ---- | C] () -- C:\Windows\System32\ifdreset.exe
[2011/03/26 13:07:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 17:35:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2011/02/11 17:35:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2011/02/08 08:43:12 | 000,001,849 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\GhostObjGAFix.xml
[2011/02/04 20:17:27 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011/02/04 08:46:47 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/04 08:46:47 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/02/03 06:50:42 | 000,000,027 | ---- | C] () -- C:\Windows\ukid.INI
[2011/02/03 06:46:11 | 000,000,051 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/02/03 06:45:28 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2011/02/03 06:45:28 | 000,024,608 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011/02/03 06:45:28 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2011/02/03 06:45:28 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010/11/09 13:37:47 | 000,000,008 | ---- | C] () -- C:\ProgramData\VGALCAJYWPP.SYS
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/06/25 14:37:20 | 000,057,344 | ---- | C] () -- C:\Windows\System32\IFORCE2.dll
[2010/03/12 18:16:55 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== LOP Check ==========

[2011/03/18 08:19:15 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\ATViewer
[2012/02/25 19:02:40 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Audacity
[2011/06/12 15:26:12 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Avant Downloader
[2012/02/17 08:19:17 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\AVG
[2010/03/11 21:57:06 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\avidemux
[2009/04/22 17:36:50 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Azureus
[2011/11/18 19:49:43 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Babylon
[2010/04/27 18:04:20 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Canneverbe Limited
[2011/03/02 17:54:21 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\COWON
[2009/04/27 18:18:00 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\DassaultSystemes
[2011/04/24 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\DeepBurner
[2009/10/03 05:33:41 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Desktopicon
[2009/05/13 17:58:19 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\DonationCoder
[2012/02/19 13:40:01 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\DVDVideoSoft
[2011/08/16 03:36:13 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/18 06:38:12 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\EssentialPIM
[2012/03/04 14:58:28 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\FinalMediaPlayer
[2009/06/11 07:02:05 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\foobar2000
[2012/02/25 19:00:13 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Foxit
[2010/11/27 07:43:46 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Free Audio Editor
[2011/07/05 06:29:44 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\FreeYoutubeToMP3TURBOConverter
[2010/09/19 11:55:31 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Get from YouTube
[2010/09/19 11:59:37 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Import Audio from Video
[2012/02/25 19:01:25 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\IObit
[2012/03/04 14:58:28 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\IrfanView
[2011/12/17 12:34:15 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\jososoft
[2012/02/25 19:01:43 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\LibreOffice
[2011/01/08 17:14:15 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Local
[2009/07/10 14:44:39 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\MailWasherFree
[2012/02/21 14:20:50 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Maxthon
[2012/02/25 19:02:40 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Maxthon2
[2011/07/15 07:21:47 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Maxthon3
[2010/12/14 22:33:52 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mediAvatar
[2012/02/25 19:00:15 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\muvee Technologies
[2010/01/02 06:21:08 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\MxBoost
[2011/02/14 08:21:17 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\MyMorph
[2012/02/25 19:01:14 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Netscape
[2012/02/25 19:02:47 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Notepad++
[2012/02/25 19:01:17 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\OOo-dev
[2012/02/25 19:00:51 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\OpenOffice.org
[2012/02/25 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Opera
[2011/02/10 07:39:02 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\OxelonMC
[2011/11/26 15:39:18 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Paltalk
[2010/07/14 06:34:51 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\PeerNetworking
[2012/02/25 19:00:35 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\PIXEL-TECH
[2011/11/28 18:01:05 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\RegistryKeys
[2012/02/25 19:01:14 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Softland
[2010/03/04 18:21:41 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\SoftMaker
[2009/10/17 05:01:43 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Softplicity
[2012/02/26 13:50:29 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Synaptics
[2011/12/14 18:18:43 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\TeamViewer
[2009/04/19 18:25:48 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Template
[2011/06/10 07:02:26 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Thunderbird
[2011/08/07 07:04:10 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Tific
[2010/10/29 05:41:29 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Windows Live Writer
[2009/06/09 18:29:04 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\WinPatrol
[2010/11/29 15:50:00 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\ZumoCast
[2012/03/07 14:09:41 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
[2012/03/06 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2010/03/28 23:33:05 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
[2012/03/07 13:47:14 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/05 18:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %LOCALAPPDATA%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 02:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 02:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 02:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 02:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 02:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 02:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallIn fo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/26 06:37:27 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallIn fo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/26 06:37:27 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallIn fo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/26 06:37:27 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\ope n\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/26 06:37:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\pro perties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/26 06:37:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\saf emode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/26 06:37:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/03/18 18:02:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/03/18 18:02:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/03/18 18:02:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\na om\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/03/18 18:02:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\op en\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/03/18 18:02:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\InstallInfo\ \ReinstallCommand: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" -SetDefault [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\InstallInfo\ \ShowIconsCommand: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" -SetDefault [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\InstallInfo\ \HideIconsCommand: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" -SetDefault [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\Shell\open\c ommand\\: C:\Program Files\Maxthon3\Bin\Maxthon.exe [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo \\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo \\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo \\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\ command\\: "C:\Program Files\Opera\Opera.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallIn fo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/26 06:37:27 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallIn fo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/26 06:37:27 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallIn fo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/26 06:37:27 | 000,834,832 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\ope n\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/26 06:37:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\pro perties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/26 06:37:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\saf emode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/26 06:37:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/03/18 18:02:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/03/18 18:02:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/03/18 18:02:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\na om\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/03/18 18:02:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\op en\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/03/18 18:02:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\InstallInfo\ \ReinstallCommand: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" -SetDefault [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\InstallInfo\ \ShowIconsCommand: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" -SetDefault [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\InstallInfo\ \HideIconsCommand: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" -SetDefault [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\Shell\open\c ommand\\: C:\Program Files\Maxthon3\Bin\Maxthon.exe [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo \\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo \\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo \\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\ command\\: "C:\Program Files\Opera\Opera.exe"

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2011/02/03 15:29:48 | 000,000,000 | ---D | M](C:\Windows\System32\?I???I?I?I?I?I?I) -- C:\Windows\System32\Ī仝矀ĪĪĪĪĪĪ
[2011/02/03 15:29:48 | 000,000,000 | ---D | C](C:\Windows\System32\?I???I?I?I?I?I?I) -- C:\Windows\System32\Ī仝矀ĪĪĪĪĪĪ

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Network Shortcuts -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Printer Shortcuts -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Recent -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ SendTo -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Start Menu -> Junction
[C:\Windows\$NtUninstallKB62280$\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Templates -> Junction
[C:\Windows\$NtUninstallKB62280$] -> -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Larry\Desktop\video-2011-11-27-18-51-13.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Larry\Desktop\Daniel.MPG:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Larry\Desktop\carmen_cavallaro_-_manhattan__instrumental_.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Larry\Desktop\AMCE.avi:TOC.WMV
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TempF99298A

< End of report >
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,213 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
07-Mar-2012, 03:30 PM #6
Run the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Ensure that Combofix is saved directly to the Desktop <--- Very important

    Before saving Combofix to the Desktop re-name to Gotcha.exe as below:



  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
jud72's Avatar
jud72 jud72 is offline
Computer Specs
Member with 124 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Intermediate
08-Mar-2012, 02:57 AM #7
Keith, I have run Combo fix once before with no success, This time I left it running overnight (11 hours), the flashing cursor never moved.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,213 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
08-Mar-2012, 03:05 AM #8
Boot to Safe mode with Networking and try again...

Re-boot, continuously tap the F8 key until you see the Windows Advanced Menu, from the options select Safe Mode with NW.
Ensure that your security is OFF and try Combofix again. If you see no activity after 30 mins let me know...

Kevin
jud72's Avatar
jud72 jud72 is offline
Computer Specs
Member with 124 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Intermediate
08-Mar-2012, 07:28 AM #9
Re Cannot Update Disappeared
Kevin, once again I did as you directed without success. I have attached screenshots.The shot of the Recycle bin error appeared after the first time I attempted to scan and I selected 'Yes' to empty it. This time I got the message again but this time I opened the Recycle bin, before I clicked 'Yes' to empty it...it shows empty. The third shot is when I open up>>>Computer>>>C Drive. Is it normal for Combo Fix to be in there albeit under a different name?
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,213 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
08-Mar-2012, 12:07 PM #10
Yes is normal to see Combofix re-named Gotcha on C:\

Re-Run by double left click, Vista and Widows 7 users right click and select Run as Administrator.
  • Under the box at the bottom, paste in the following

    Code:
    :OTL
    [2011/06/25 18:06:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(259)
    [2011/06/29 16:34:54 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions\toolbar@alot(258).com
    [2012/02/25 19:00:06 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com
    [2012/02/20 18:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
    [2012/02/20 18:35:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Online Radio 1.1 Toolbar) - {343db173-0e5a-4f2a-b7bb-71a49085d70e} - C:\Program Files\Online_Radio_1.1\tbOnli.dll (Conduit Ltd.)
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Online Radio 1.1 Toolbar) - {343db173-0e5a-4f2a-b7bb-71a49085d70e} - C:\Program Files\Online_Radio_1.1\tbOnli.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
    O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (Online Radio 1.1 Toolbar) - {343DB173-0E5A-4F2A-B7BB-71A49085D70E} - C:\Program Files\Online_Radio_1.1\tbOnli.dll (Conduit Ltd.)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
    O33 - MountPoints2\{0fa10a73-743e-11de-8464-001f1660862f}\Shell - "" = AutoRun
    O33 - MountPoints2\{0fa10a73-743e-11de-8464-001f1660862f}\Shell\AutoRun\command - "" = F:\MediaManager.exe
    O33 - MountPoints2\{aab26a49-e6b0-11df-8059-001f1660862f}\Shell - "" = Autorun
    O33 - MountPoints2\{aab26a49-e6b0-11df-8059-001f1660862f}\Shell\verb\command - "" = C:\Windows\explorer.exe -- [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\Shell\AutoRun\command - "" = G:\MediaManager.exe
    :Files
    ipconfig /flushdns /c
    C:\Users\Larry\AppData\Local\cxd8o8j8hsar
    C:\ProgramData\cxd8o8j8hsar
    C:\ProgramData\VGALCAJYWPP.SYS
    C:\Users\Larry\AppData\Roaming\Babylon
    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Next,

Run this online Quickscan by BitDefender, available here http://quickscan.bitdefender.com/# hit the Scan Now tab, when finished there is an option to "view report" do that, copy and paste to next reply....

Let me see the following;
  • Log from OTL fix
  • Log from BitDefender quick scan...

Kevin
jud72's Avatar
jud72 jud72 is offline
Computer Specs
Member with 124 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Intermediate
08-Mar-2012, 01:27 PM #11
Cannot Update disappeared
Kevi, I want to make sure I am following your directions to the letter. Before I run a fresh scan with OTL, do I checkmark the items you advised me to check in your earlier post?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,213 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
08-Mar-2012, 04:51 PM #12
No this is different altogether, copy all of the text from the code box, paste that into the "Custom Scan/fix" box at the bottom after you open OTL.

Then select the "Run Fix" tab at the top. Just follow the instruction in reply #10 exactly as they are written. then run BitDender quick online scan
jud72's Avatar
jud72 jud72 is offline
Computer Specs
Member with 124 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Intermediate
09-Mar-2012, 03:46 AM #13
Kevin, I just don't know what is going on. When I open OTL and copy/paste the text into the box, then click 'Run Fix', I get a very quick flash of a small box on the bottom right of my screen. It is so fast I can't read what it says. It looks to me it's some sort of security alert and it has a red bar across the top. The OTL freezes with a notification on the bar at the top 'Not Responding' My icons disappear off the Desktop and I am unable to close the programme even when I open Task manager and click 'End Now' I then have to close down using the power off button

I have attached screenshot of OTL prior to me clicking 'Run Fix'.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,213 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
09-Mar-2012, 05:03 AM #14
Re-boot into Safe Mode, ensure all security is OFF, run OTL again. If OK re-boot to Normal Mode and run BitDefender Online Scan
jud72's Avatar
jud72 jud72 is offline
Computer Specs
Member with 124 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Intermediate
09-Mar-2012, 07:22 AM #15
Cannot Update disappeared
Kevin, I am keeping my fingers crossed. After I had run Bit Defender, I didn't get an option to view or save report, So I have attached a screenshot.



All processes killed
========== OTL ==========
Folder C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(259)\ not found.
Folder C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions\toolbar@alot(258).com\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com\ not found.
Folder C:\Program Files\Mozilla Firefox\distribution\extensions\ not found.
Folder C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{343db173-0e5a-4f2a-b7bb-71a49085d70e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{343db173-0e5a-4f2a-b7bb-71a49085d70e}\ not found.
File C:\Program Files\Online_Radio_1.1\tbOnli.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{343db173-0e5a-4f2a-b7bb-71a49085d70e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{343db173-0e5a-4f2a-b7bb-71a49085d70e}\ not found.
File C:\Program Files\Online_Radio_1.1\tbOnli.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\S-1-5-21-3710571124-2661178210-3455209878-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
Registry value HKEY_USERS\S-1-5-21-3710571124-2661178210-3455209878-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_USERS\S-1-5-21-3710571124-2661178210-3455209878-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{343DB173-0E5A-4F2A-B7BB-71A49085D70E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{343DB173-0E5A-4F2A-B7BB-71A49085D70E}\ not found.
File C:\Program Files\Online_Radio_1.1\tbOnli.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0fa10a73-743e-11de-8464-001f1660862f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fa10a73-743e-11de-8464-001f1660862f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{0fa10a73-743e-11de-8464-001f1660862f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fa10a73-743e-11de-8464-001f1660862f}\ not found.
File F:\MediaManager.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{aab26a49-e6b0-11df-8059-001f1660862f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aab26a49-e6b0-11df-8059-001f1660862f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{aab26a49-e6b0-11df-8059-001f1660862f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aab26a49-e6b0-11df-8059-001f1660862f}\ not found.
Item C:\Windows\explorer.exe is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\ not found.
File G:\MediaManager.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Larry\Desktop\cmd.bat deleted successfully.
C:\Users\Larry\Desktop\cmd.txt deleted successfully.
File\Folder C:\Users\Larry\AppData\Local\cxd8o8j8hsar not found.
File\Folder C:\ProgramData\cxd8o8j8hsar not found.
File\Folder C:\ProgramData\VGALCAJYWPP.SYS not found.
File\Folder C:\Users\Larry\AppData\Roaming\Babylon not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Desktop

User: Larry
->Temp folder emptied: 9053520 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19500479 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 853 bytes

User: Public

User: RRY-PC

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6752 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 27.00 mb



OTL by OldTimer - Version 3.2.36.1 log created on 03092012_111209

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑