1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Post 'Cannot Update' disappeared?

Discussion in 'Virus & Other Malware Removal' started by jud72, Mar 6, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. jud72

    jud72 Thread Starter

    Joined:
    Mar 23, 2010
    Messages:
    148
    My apologies for this new post but I just don't know what to do. My post 'Cannot Update' which I have been waiting patiently for an answer,has been going further and further down the list and has now disappeared altogether. The strange thing about it is, if I do a search for 'Cannot Update' it tells me it's in this 'Virus & Other Malware Removal' forum. Your help would be most appreciated.
     
  2. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,686
  3. jud72

    jud72 Thread Starter

    Joined:
    Mar 23, 2010
    Messages:
    148
    flavallee, I must be missing something being relatively new to this Forum You are correct in saying Phantom010 was assisting me and my last post was 26 Feb. 2012. That was when Phantom010 informed me that I would be better off contacting the Virus And Other Malware Removal Forum for extra help. That is exactly what I did and as I stated in my last post, I have had no response. I appreciate you spend a lot of your valuable time assisting people and for that I am truly grateful. I just could not understand why my post Cannot Update on this particular Forum had disappeared after getting no responses. As you will see from the attachment, they are the last two posts between Phantom010 and myself.
    If I am doing something wrong please tell me so I can rectify it.

    Very sincerely jud72
     

    Attached Files:

  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    Run the following and let me see the logs..

    Step 1
    Download aswMBR from Here
    If it asks to update during the process please allow this to happen.

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Ensure Quick scan is selected,then select Scan button to start the scan as illustrated below

      [​IMG]

      Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
    • Once the scan finishes click Save log to save the log to your Desktop.

      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

    Step 2

    Download [​IMG] OTL from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3
    Link 4
    • Double click on the icon [​IMG] to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top, make sure Stadard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in:

      Code:
      netsvcs
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      msconfig
      %SYSTEMDRIVE%\*.exe
      %LOCALAPPDATA%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      CREATERESTOREPOINT
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      
    • Click the [​IMG] button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    Let me see the following in your reply :-
    • aswMBR log
    • OTL scan log
    • Extras log
    • Attached MBR.zip file

    Kevin :)
     
  5. jud72

    jud72 Thread Starter

    Joined:
    Mar 23, 2010
    Messages:
    148
    Kevin, I truly hope I have executed your directions properly.
    ------------------------------------------------------------------------------------------
    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-07 14:40:25
    -----------------------------
    14:40:25.676 OS Version: Windows 6.0.6002 Service Pack 2
    14:40:25.676 Number of processors: 2 586 0xF0D
    14:40:25.677 ComputerName: NATHANLAP UserName: Larry
    14:40:27.262 Initialize success
    14:42:25.861 AVAST engine defs: 12030700
    14:44:47.657 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:44:47.662 Disk 0 Vendor: WDC_WD1600BEVT-60ZCT1 13.01A13 Size: 152627MB BusType: 3
    14:44:47.716 Disk 0 MBR read successfully
    14:44:47.721 Disk 0 MBR scan
    14:44:47.756 Disk 0 unknown MBR code
    14:44:47.762 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 142304 MB offset 63
    14:44:47.809 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10319 MB offset 291440640
    14:44:47.826 Disk 0 scanning sectors +312573952
    14:44:47.897 Disk 0 scanning C:\Windows\system32\drivers
    14:45:07.175 Service scanning
    14:45:23.096 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    14:45:44.163 Modules scanning
    14:45:51.830 Disk 0 trace - called modules:
    14:45:51.853 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
    14:45:51.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859c1400]
    14:45:51.865 3 CLASSPNP.SYS[805df8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85797b98]
    14:45:53.211 AVAST engine scan C:\Windows
    14:45:58.903 AVAST engine scan C:\Windows\system32
    14:51:10.365 AVAST engine scan C:\Windows\system32\drivers
    14:51:40.830 AVAST engine scan C:\Users\Larry
    15:18:06.183 AVAST engine scan C:\ProgramData
    15:28:17.456 Scan finished successfully
    15:31:14.963 Disk 0 MBR has been saved successfully to "C:\Users\Larry\Desktop\MBR.dat"
    15:31:15.151 The log file has been saved successfully to "C:\Users\Larry\Desktop\fixMBR.txt"





    OTL logfile created on: 07/03/2012 15:39:33 - Run 1
    OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Larry\Desktop\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.93 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 44.05% Memory free
    4.10 Gb Paging File | 2.74 Gb Available in Paging File | 66.72% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.97 Gb Total Space | 37.35 Gb Free Space | 26.88% Space Free | Partition Type: NTFS
    Drive D: | 10.08 Gb Total Space | 1.75 Gb Free Space | 17.37% Space Free | Partition Type: NTFS

    Computer Name: NATHANLAP | User Name: Larry | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/07 15:34:31 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\Desktop\OTL.exe
    PRC - [2012/03/07 14:23:06 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Larry\Desktop\Desktop\aswMBR.exe
    PRC - [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.) -- C:\Program Files\Maxthon3\Bin\Maxthon.exe
    PRC - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/01/02 16:14:02 | 000,325,728 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    PRC - [2011/08/25 10:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
    PRC - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/06/01 12:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/10/06 16:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
    PRC - [2007/12/17 13:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    PRC - [2007/01/11 13:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    PRC - [2000/06/29 08:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\Windows\System32\Crypserv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/30 00:41:44 | 001,977,328 | ---- | M] () -- C:\Program Files\Maxthon3\Core\Webkit\avcodec-53.dll
    MOD - [2012/01/30 00:41:44 | 000,284,656 | ---- | M] () -- C:\Program Files\Maxthon3\Core\Webkit\avformat-53.dll
    MOD - [2012/01/30 00:41:44 | 000,168,352 | ---- | M] () -- C:\Program Files\Maxthon3\Core\Webkit\avutil-51.dll
    MOD - [2012/01/30 00:41:40 | 006,277,280 | ---- | M] () -- C:\Program Files\Maxthon3\Core\Webkit\Npplugins\NPSWF32.dll
    MOD - [2012/01/30 00:41:36 | 000,103,848 | ---- | M] () -- C:\Program Files\Maxthon3\Bin\Maxzlib.dll
    MOD - [2012/01/08 19:50:36 | 000,573,100 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
    MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
    MOD - [2009/11/04 00:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
    MOD - [2009/01/18 17:15:14 | 000,120,832 | RHS- | M] () -- C:\Windows\System32\MPCDx.ax
    MOD - [2008/01/28 10:15:28 | 000,073,728 | ---- | M] () -- c:\Program Files\MyMorph\Mcmh.dll
    MOD - [2005/02/22 17:55:02 | 000,081,920 | RHS- | M] () -- C:\Windows\System32\aac_parser.ax


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
    SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/08/10 11:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2011/06/01 12:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
    SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2008/10/06 16:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
    SRV - [2008/02/03 19:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
    SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/17 13:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
    SRV - [2007/01/11 13:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
    SRV - [2000/06/29 08:45:10 | 000,052,224 | ---- | M] (Kenonic Controls Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | System | Stopped] -- -- (MpKsl2775598b)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
    DRV - File not found [Kernel | System | Stopped] -- -- (fcconsqh)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (esgiguard)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aswMBR)
    DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2010/11/26 18:02:28 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV - [2009/09/05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/01/20 06:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008/06/29 14:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2008/01/21 02:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2007/10/17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/19 00:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2006/11/03 22:45:48 | 000,178,913 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0260Vid.sys -- (V0260VID)
    DRV - [2002/06/20 16:45:42 | 000,020,128 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
    DRV - [2002/06/20 16:45:40 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
    DRV - [2002/06/20 16:45:36 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
    DRV - [2002/06/20 16:45:34 | 000,039,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
    DRV - [2000/02/03 19:53:12 | 000,024,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=brn1&s={searchTerms}&f=4
    IE - HKLM\..\URLSearchHook: {343db173-0e5a-4f2a-b7bb-71a49085d70e} - C:\Program Files\Online_Radio_1.1\tbOnli.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {a5342a22-51ef-4c3d-89b1-4ad16a70a6cb} - C:\Program Files\TalkTalk AOL News Toolbar\talktalkaolnewstb.dll (AOL LLC.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
    IE - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/?l=dis&o=APN10112&gct=hp
    IE - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://inboxtoolbar.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80245&lng=en
    IE - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/04 14:58:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2012/02/25 19:02:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/02/25 19:02:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/02/25 19:02:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\FreeYouTubeToMP3TURBOConverter\Firefox [2012/02/25 19:02:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/26 06:37:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/29 18:19:11 | 000,000,000 | ---D | M]

    [2012/01/27 08:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Extensions
    [2011/06/10 07:02:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/11/29 13:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
    [2009/04/22 17:31:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Extensions\[email protected]
    [2012/02/19 13:43:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\4rmj8wns.Default User\extensions
    [2012/02/19 13:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\gkwwk389.Laurence\extensions
    [2010/04/25 18:18:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\gkwwk389.Laurence\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/02/29 18:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\extensions
    [2012/02/25 19:00:49 | 000,000,000 | ---D | M] (TalkTalk AOL News Toolbar) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\extensions\{28f4e092-ca3b-4f0e-ab1e-e6d22b3bbca8}
    [2011/06/25 18:06:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(259)
    [2011/07/09 17:29:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(30)
    [2010/04/25 07:55:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(4)
    [2012/02/25 19:00:15 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
    [2011/11/27 07:20:07 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\extensions\ietab@ip(20).cn
    [2011/06/29 16:34:54 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\extensions\toolbar@alot(258).com
    [2010/11/29 13:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1acye6y6.default\extensions
    [2011/11/14 18:59:48 | 000,002,135 | ---- | M] () -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\4rmj8wns.Default User\searchplugins\GoogleFeed.xml
    [2012/03/02 11:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/02/25 19:00:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/03/18 06:55:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}(152)
    [2012/03/02 11:41:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2012/02/25 19:00:06 | 000,000,000 | ---D | M] (DealPly) -- C:\Program Files\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
    [2012/02/25 19:00:06 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
    [2012/02/20 18:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
    [2012/02/20 18:35:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2012/02/26 06:37:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/03/02 11:41:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/11/18 17:44:16 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
    [2012/02/26 06:37:28 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/02/26 06:37:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/26 06:37:28 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/02/26 06:37:28 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2011/12/26 12:12:06 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
    [2012/01/26 12:34:27 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
    [2012/02/26 06:37:28 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Online Radio 1.1 Toolbar) - {343db173-0e5a-4f2a-b7bb-71a49085d70e} - C:\Program Files\Online_Radio_1.1\tbOnli.dll (Conduit Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
    O2 - BHO: (TalkTalk AOL News Toolbar Loader) - {acd398d8-0875-4aab-8f62-1be965f51857} - C:\Program Files\TalkTalk AOL News Toolbar\talktalkaolnewstb.dll (AOL LLC.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Online Radio 1.1 Toolbar) - {343db173-0e5a-4f2a-b7bb-71a49085d70e} - C:\Program Files\Online_Radio_1.1\tbOnli.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (TalkTalk AOL News Toolbar) - {3561c277-e1a5-4696-aa84-c77aeea35962} - C:\Program Files\TalkTalk AOL News Toolbar\talktalkaolnewstb.dll (AOL LLC.)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
    O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (Online Radio 1.1 Toolbar) - {343DB173-0E5A-4F2A-B7BB-71A49085D70E} - C:\Program Files\Online_Radio_1.1\tbOnli.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (TalkTalk AOL News Toolbar) - {3561C277-E1A5-4696-AA84-C77AEEA35962} - C:\Program Files\TalkTalk AOL News Toolbar\talktalkaolnewstb.dll (AOL LLC.)
    O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000..\Run: [Cookienator] C:\Program Files\Cookienator\cookienator.exe (CodeFromThe70s.org)
    O4 - Startup: C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DATEwise3.lnk = C:\Program Files\BizWare Magic DATEwise\DATEwise3.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Download Video - {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files\FreeYouTubeToMP3TURBOConverter\ytmRunner.html File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64629E26-77BC-4FF9-A8B2-729FB9753BCA}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B936E51-37B9-4912-8FD5-27104EA3BC19}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
    O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{0fa10a73-743e-11de-8464-001f1660862f}\Shell - "" = AutoRun
    O33 - MountPoints2\{0fa10a73-743e-11de-8464-001f1660862f}\Shell\AutoRun\command - "" = F:\MediaManager.exe
    O33 - MountPoints2\{aab26a49-e6b0-11df-8059-001f1660862f}\Shell - "" = Autorun
    O33 - MountPoints2\{aab26a49-e6b0-11df-8059-001f1660862f}\Shell\verb\command - "" = C:\Windows\explorer.exe -- [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
    O33 - MountPoints2\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\Shell\AutoRun\command - "" = G:\MediaManager.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk - - File not found
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe - (AVM Software Inc.)
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips SA19xx Device Manager.lnk - C:\Program Files\Philips\GoGear SA19xx Device Manager\main.exe - (KeenHigh Tech.)
    MsConfig - StartUpFolder: C:^Users^Larry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - - File not found
    MsConfig - StartUpFolder: C:^Users^Larry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - - File not found
    MsConfig - StartUpFolder: C:^Users^Larry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WKCALREM.LNK - - File not found
    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: AMTDeviceService - hkey= - key= - File not found
    MsConfig - StartUpReg: APSDaemon - hkey= - key= - File not found
    MsConfig - StartUpReg: Creative WebCam Tray - hkey= - key= - C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
    MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - File not found
    MsConfig - StartUpReg: DivXUpdate - hkey= - key= - File not found
    MsConfig - StartUpReg: EPSON Stylus SX200 Series - hkey= - key= - File not found
    MsConfig - StartUpReg: Festoon - hkey= - key= - File not found
    MsConfig - StartUpReg: GhostWall - hkey= - key= - File not found
    MsConfig - StartUpReg: Google Update - hkey= - key= - File not found
    MsConfig - StartUpReg: HP Health Check Scheduler - hkey= - key= - File not found
    MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    MsConfig - StartUpReg: HPAdvisor - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
    MsConfig - StartUpReg: hpWirelessAssistant - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
    MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
    MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - File not found
    MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    MsConfig - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
    MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found
    MsConfig - StartUpReg: Rainlendar2 - hkey= - key= - File not found
    MsConfig - StartUpReg: SearchSettings - hkey= - key= - File not found
    MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    MsConfig - StartUpReg: SnapDraw-Free - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - File not found
    MsConfig - StartUpReg: swg - hkey= - key= - File not found
    MsConfig - StartUpReg: TkBellExe - hkey= - key= - File not found
    MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    MsConfig - StartUpReg: UpdateLBPShortCut - hkey= - key= - File not found
    MsConfig - StartUpReg: UpdateP2GoShortCut - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    MsConfig - StartUpReg: UpdatePDIRShortCut - hkey= - key= - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    MsConfig - StartUpReg: UpdatePSTShortCut - hkey= - key= - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    MsConfig - StartUpReg: VueMinder - hkey= - key= - File not found
    MsConfig - StartUpReg: WMBoot - hkey= - key= - C:\Program Files\Logitech\WingMan Profiler\ChekList.exe ()
    MsConfig - State: "startup" - 2

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/06 11:58:37 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\Reg sticks
    [2012/03/02 11:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/03/02 11:41:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2012/03/02 11:41:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2012/03/02 11:41:23 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2012/02/26 13:50:29 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Synaptics
    [2012/02/26 13:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
    [2012/02/26 13:37:22 | 055,375,144 | ---- | C] (Synaptics Incorporated) -- C:\Users\Larry\Desktop\Synaptics_v15_2_20_C_XP32_Vista32_Win7-32_Signed_Marketing_SGS94_UI-Scrybe.exe
    [2012/02/26 12:48:59 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\HTL
    [2012/02/26 07:27:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2012/02/25 21:38:42 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\Sheets
    [2012/02/25 20:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/25 20:26:54 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/02/25 13:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client(202)
    [2012/02/25 13:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/02/25 13:36:21 | 008,068,864 | ---- | C] (Microsoft Corporation) -- C:\Users\Larry\Desktop\mseinstall.exe
    [2012/02/25 09:22:33 | 000,000,000 | R--D | C] -- C:\Users\Larry\Desktop\4Sync
    [2012/02/25 09:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\4Sync
    [2012/02/25 09:11:33 | 004,619,584 | ---- | C] (New IT Solutions) -- C:\Users\Larry\Desktop\4Sync_1.0.2.exe
    [2012/02/23 19:40:43 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\FinalMediaPlayer
    [2012/02/23 19:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalMediaPlayer
    [2012/02/23 19:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\FinalMediaPlayer
    [2012/02/23 19:30:15 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
    [2012/02/21 14:23:55 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxthon(757)
    [2012/02/21 14:23:55 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxthon
    [2012/02/21 14:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Maxthon3(200)
    [2012/02/21 14:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Maxthon3
    [2012/02/21 14:21:43 | 026,059,584 | ---- | C] (Maxthon International ltd.) -- C:\Users\Larry\Desktop\mx3.3.4.4000.exe
    [2012/02/21 13:27:17 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Maxthon
    [2012/02/20 22:19:58 | 000,000,000 | ---D | C] -- C:\cfb1931a1ba86af1c8d17f42f940b14e
    [2012/02/19 14:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
    [2012/02/19 14:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader(203)
    [2012/02/19 14:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader(118)
    [2012/02/19 13:46:35 | 000,000,000 | ---D | C] -- C:\Download
    [2012/02/19 13:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2012/02/19 09:32:32 | 000,000,000 | ---D | C] -- C:\tmpDownload
    [2012/02/17 21:01:42 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\T3 Manuals
    [2012/02/17 08:18:09 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\AVG
    [2012/02/17 07:42:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2012/02/17 07:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2012/02/17 07:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2012/02/17 07:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012/02/15 18:05:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2(336)
    [2012/02/14 21:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up(4)
    [2010/10/15 15:19:46 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
    [2010/10/15 15:19:46 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
    [2010/10/15 15:19:46 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
    [2010/10/15 15:19:46 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/07 15:32:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/07 15:31:15 | 000,000,512 | ---- | M] () -- C:\Users\Larry\Desktop\MBR.dat
    [2012/03/07 14:28:31 | 000,000,512 | ---- | M] () -- C:\Users\Larry\Desktop\Documents\MBR.dat
    [2012/03/07 14:09:42 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/07 14:09:41 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/07 14:09:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/07 14:09:41 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
    [2012/03/07 14:09:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/07 14:09:27 | 2075,332,608 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/06 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
    [2012/03/06 06:56:16 | 000,000,189 | ---- | M] () -- C:\Users\Larry\Desktop\Canon.rtf
    [2012/03/05 18:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
    [2012/03/04 18:26:27 | 000,614,200 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/03/04 18:26:27 | 000,110,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/03/03 14:45:32 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLarry.job
    [2012/03/02 21:54:12 | 000,000,208 | ---- | M] () -- C:\Users\Larry\Desktop\Ricky van shelton.rtf
    [2012/03/02 19:59:12 | 000,000,195 | ---- | M] () -- C:\Users\Larry\Desktop\Canon support request.rtf
    [2012/03/02 11:41:14 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2012/03/02 11:41:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2012/03/02 11:41:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2012/03/02 11:41:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
    [2012/03/02 11:12:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/02/29 22:39:12 | 000,036,126 | ---- | M] () -- C:\Users\Larry\Desktop\MSRT.jpg
    [2012/02/27 19:03:25 | 000,027,297 | ---- | M] () -- C:\Users\Larry\Desktop\3K Cinema Arabian Nights.S790.STY
    [2012/02/27 18:59:38 | 000,000,678 | ---- | M] () -- C:\Users\Larry\Desktop\BLANK.MID
    [2012/02/27 18:59:06 | 009,547,428 | ---- | M] () -- C:\Users\Larry\Desktop\Variation On Lawrence of Arabia Theme.mp3
    [2012/02/27 05:46:59 | 000,052,506 | ---- | M] () -- C:\Users\Larry\Desktop\Page_106_CallMeFCantGetUsedToLosingYouC-TITUFB2ndEd.pdf
    [2012/02/26 16:03:33 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
    [2012/02/26 15:52:14 | 000,000,472 | ---- | M] () -- C:\Users\Larry\Desktop\Paul's address.rtf
    [2012/02/26 13:39:33 | 055,375,144 | ---- | M] (Synaptics Incorporated) -- C:\Users\Larry\Desktop\Synaptics_v15_2_20_C_XP32_Vista32_Win7-32_Signed_Marketing_SGS94_UI-Scrybe.exe
    [2012/02/26 12:57:32 | 000,337,133 | ---- | M] () -- C:\Users\Larry\Desktop\FSS.exe
    [2012/02/25 13:59:15 | 000,000,237 | ---- | M] () -- C:\Users\Larry\Desktop\Update error 25th Feb..rtf
    [2012/02/25 13:51:25 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/02/25 13:45:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/02/25 13:36:43 | 008,068,864 | ---- | M] (Microsoft Corporation) -- C:\Users\Larry\Desktop\mseinstall.exe
    [2012/02/25 12:50:52 | 000,000,194 | ---- | M] () -- C:\Users\Larry\Desktop\Password for 4shared.rtf
    [2012/02/25 09:11:44 | 004,619,584 | ---- | M] (New IT Solutions) -- C:\Users\Larry\Desktop\4Sync_1.0.2.exe
    [2012/02/25 08:47:49 | 000,526,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/02/24 15:02:30 | 000,097,553 | ---- | M] () -- C:\Users\Larry\AppData\Roaming\Switch.dmp
    [2012/02/23 19:40:43 | 000,000,884 | ---- | M] () -- C:\Users\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
    [2012/02/23 19:40:43 | 000,000,860 | ---- | M] () -- C:\Users\Larry\Desktop\FinalMediaPlayer.lnk
    [2012/02/23 19:38:44 | 000,001,106 | ---- | M] () -- C:\Users\Larry\Desktop\browser add-on.rtf
    [2012/02/23 19:30:16 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
    [2012/02/22 18:43:31 | 000,002,690 | ---- | M] () -- C:\Users\Larry\Desktop\Possible fix for updates.rtf
    [2012/02/21 15:51:53 | 000,000,879 | ---- | M] () -- C:\Users\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\Maxthon 3.lnk
    [2012/02/21 14:23:55 | 000,000,843 | ---- | M] () -- C:\Users\Larry\Desktop\Maxthon 3.lnk
    [2012/02/21 14:22:34 | 026,059,584 | ---- | M] (Maxthon International ltd.) -- C:\Users\Larry\Desktop\mx3.3.4.4000.exe
    [2012/02/21 01:30:55 | 000,001,356 | ---- | M] () -- C:\Users\Larry\AppData\Local\d3d9caps.dat
    [2012/02/19 14:31:01 | 008,635,208 | ---- | M] () -- C:\Users\Larry\Desktop\Documents\Herbie Hancock ~ I Thought It Was You.flv
    [2012/02/10 14:18:19 | 000,000,177 | ---- | M] () -- C:\Users\Larry\Desktop\Paul.rtf
    [2012/02/10 07:55:45 | 000,001,038 | ---- | M] () -- C:\Users\Larry\Desktop\Loading MP3 to Tyros 3.rtf
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/07 15:31:14 | 000,000,512 | ---- | C] () -- C:\Users\Larry\Desktop\MBR.dat
    [2012/03/07 14:28:31 | 000,000,512 | ---- | C] () -- C:\Users\Larry\Desktop\Documents\MBR.dat
    [2012/03/06 06:56:16 | 000,000,189 | ---- | C] () -- C:\Users\Larry\Desktop\Canon.rtf
    [2012/03/02 21:52:07 | 000,000,208 | ---- | C] () -- C:\Users\Larry\Desktop\Ricky van shelton.rtf
    [2012/03/02 19:59:12 | 000,000,195 | ---- | C] () -- C:\Users\Larry\Desktop\Canon support request.rtf
    [2012/02/29 22:39:11 | 000,036,126 | ---- | C] () -- C:\Users\Larry\Desktop\MSRT.jpg
    [2012/02/27 19:03:24 | 000,027,297 | ---- | C] () -- C:\Users\Larry\Desktop\3K Cinema Arabian Nights.S790.STY
    [2012/02/27 18:59:38 | 000,000,678 | ---- | C] () -- C:\Users\Larry\Desktop\BLANK.MID
    [2012/02/27 18:58:42 | 009,547,428 | ---- | C] () -- C:\Users\Larry\Desktop\Variation On Lawrence of Arabia Theme.mp3
    [2012/02/27 05:46:58 | 000,052,506 | ---- | C] () -- C:\Users\Larry\Desktop\Page_106_CallMeFCantGetUsedToLosingYouC-TITUFB2ndEd.pdf
    [2012/02/26 15:54:05 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2012/02/26 15:52:13 | 000,000,472 | ---- | C] () -- C:\Users\Larry\Desktop\Paul's address.rtf
    [2012/02/26 12:57:28 | 000,337,133 | ---- | C] () -- C:\Users\Larry\Desktop\FSS.exe
    [2012/02/25 13:59:15 | 000,000,237 | ---- | C] () -- C:\Users\Larry\Desktop\Update error 25th Feb..rtf
    [2012/02/25 13:50:51 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/02/25 12:50:52 | 000,000,194 | ---- | C] () -- C:\Users\Larry\Desktop\Password for 4shared.rtf
    [2012/02/24 15:02:28 | 000,097,553 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\Switch.dmp
    [2012/02/24 07:16:55 | 2075,332,608 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/23 19:40:46 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\Final Media Player Update Checker.job
    [2012/02/23 19:40:43 | 000,000,884 | ---- | C] () -- C:\Users\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\FinalMediaPlayer.lnk
    [2012/02/23 19:40:43 | 000,000,860 | ---- | C] () -- C:\Users\Larry\Desktop\FinalMediaPlayer.lnk
    [2012/02/23 19:38:43 | 000,001,106 | ---- | C] () -- C:\Users\Larry\Desktop\browser add-on.rtf
    [2012/02/22 18:43:30 | 000,002,690 | ---- | C] () -- C:\Users\Larry\Desktop\Possible fix for updates.rtf
    [2012/02/21 15:51:53 | 000,000,879 | ---- | C] () -- C:\Users\Larry\Application Data\Microsoft\Internet Explorer\Quick Launch\Maxthon 3.lnk
    [2012/02/21 14:23:55 | 000,000,843 | ---- | C] () -- C:\Users\Larry\Desktop\Maxthon 3.lnk
    [2012/02/19 14:28:35 | 008,635,208 | ---- | C] () -- C:\Users\Larry\Desktop\Documents\Herbie Hancock ~ I Thought It Was You.flv
    [2012/02/10 14:18:19 | 000,000,177 | ---- | C] () -- C:\Users\Larry\Desktop\Paul.rtf
    [2012/02/10 07:55:45 | 000,001,038 | ---- | C] () -- C:\Users\Larry\Desktop\Loading MP3 to Tyros 3.rtf
    [2012/01/04 19:05:12 | 000,010,554 | -HS- | C] () -- C:\Users\Larry\AppData\Local\cxd8o8j8hsar
    [2012/01/04 19:05:12 | 000,010,554 | -HS- | C] () -- C:\ProgramData\cxd8o8j8hsar
    [2011/12/28 19:41:52 | 000,025,944 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
    [2011/12/28 19:41:52 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
    [2011/11/22 12:43:53 | 000,000,125 | ---- | C] () -- C:\Windows\System32\lp3codec32win.dll
    [2011/07/11 17:19:51 | 000,000,175 | ---- | C] () -- C:\Windows\Datewise.INI
    [2011/04/12 17:49:40 | 000,134,144 | ---- | C] () -- C:\Windows\System32\ifdreset.exe
    [2011/03/26 13:07:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2011/02/11 17:35:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
    [2011/02/11 17:35:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
    [2011/02/08 08:43:12 | 000,001,849 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\GhostObjGAFix.xml
    [2011/02/04 20:17:27 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2011/02/04 08:46:47 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2011/02/04 08:46:47 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2011/02/03 06:50:42 | 000,000,027 | ---- | C] () -- C:\Windows\ukid.INI
    [2011/02/03 06:46:11 | 000,000,051 | ---- | C] () -- C:\Windows\Crypkey.ini
    [2011/02/03 06:45:28 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
    [2011/02/03 06:45:28 | 000,024,608 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
    [2011/02/03 06:45:28 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
    [2011/02/03 06:45:28 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
    [2010/11/09 13:37:47 | 000,000,008 | ---- | C] () -- C:\ProgramData\VGALCAJYWPP.SYS
    [2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
    [2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2010/06/25 14:37:20 | 000,057,344 | ---- | C] () -- C:\Windows\System32\IFORCE2.dll
    [2010/03/12 18:16:55 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

    ========== LOP Check ==========

    [2011/03/18 08:19:15 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\ATViewer
    [2012/02/25 19:02:40 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Audacity
    [2011/06/12 15:26:12 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Avant Downloader
    [2012/02/17 08:19:17 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\AVG
    [2010/03/11 21:57:06 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\avidemux
    [2009/04/22 17:36:50 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Azureus
    [2011/11/18 19:49:43 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Babylon
    [2010/04/27 18:04:20 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Canneverbe Limited
    [2011/03/02 17:54:21 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\COWON
    [2009/04/27 18:18:00 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\DassaultSystemes
    [2011/04/24 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\DeepBurner
    [2009/10/03 05:33:41 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Desktopicon
    [2009/05/13 17:58:19 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\DonationCoder
    [2012/02/19 13:40:01 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\DVDVideoSoft
    [2011/08/16 03:36:13 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/06/18 06:38:12 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\EssentialPIM
    [2012/03/04 14:58:28 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\FinalMediaPlayer
    [2009/06/11 07:02:05 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\foobar2000
    [2012/02/25 19:00:13 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Foxit
    [2010/11/27 07:43:46 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Free Audio Editor
    [2011/07/05 06:29:44 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\FreeYoutubeToMP3TURBOConverter
    [2010/09/19 11:55:31 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Get from YouTube
    [2010/09/19 11:59:37 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Import Audio from Video
    [2012/02/25 19:01:25 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\IObit
    [2012/03/04 14:58:28 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\IrfanView
    [2011/12/17 12:34:15 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\jososoft
    [2012/02/25 19:01:43 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\LibreOffice
    [2011/01/08 17:14:15 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Local
    [2009/07/10 14:44:39 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\MailWasherFree
    [2012/02/21 14:20:50 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Maxthon
    [2012/02/25 19:02:40 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Maxthon2
    [2011/07/15 07:21:47 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Maxthon3
    [2010/12/14 22:33:52 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mediAvatar
    [2012/02/25 19:00:15 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\muvee Technologies
    [2010/01/02 06:21:08 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\MxBoost
    [2011/02/14 08:21:17 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\MyMorph
    [2012/02/25 19:01:14 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Netscape
    [2012/02/25 19:02:47 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Notepad++
    [2012/02/25 19:01:17 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\OOo-dev
    [2012/02/25 19:00:51 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\OpenOffice.org
    [2012/02/25 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Opera
    [2011/02/10 07:39:02 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\OxelonMC
    [2011/11/26 15:39:18 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Paltalk
    [2010/07/14 06:34:51 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\PeerNetworking
    [2012/02/25 19:00:35 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\PIXEL-TECH
    [2011/11/28 18:01:05 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\RegistryKeys
    [2012/02/25 19:01:14 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Softland
    [2010/03/04 18:21:41 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\SoftMaker
    [2009/10/17 05:01:43 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Softplicity
    [2012/02/26 13:50:29 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Synaptics
    [2011/12/14 18:18:43 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\TeamViewer
    [2009/04/19 18:25:48 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Template
    [2011/06/10 07:02:26 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Thunderbird
    [2011/08/07 07:04:10 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Tific
    [2010/10/29 05:41:29 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Windows Live Writer
    [2009/06/09 18:29:04 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\WinPatrol
    [2010/11/29 15:50:00 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\ZumoCast
    [2012/03/07 14:09:41 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job
    [2012/03/06 18:00:00 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
    [2010/03/28 23:33:05 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job
    [2012/03/07 13:47:14 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/03/05 18:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %SYSTEMDRIVE%\*.exe >
    [2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

    < %LOCALAPPDATA%\*.exe >


    < MD5 for: EXPLORER.EXE >
    [2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2008/01/21 02:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2008/01/21 02:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
    [2008/01/21 02:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
    [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2008/01/21 02:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008/01/21 02:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2008/01/21 02:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/26 06:37:27 | 000,834,832 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/26 06:37:27 | 000,834,832 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/26 06:37:27 | 000,834,832 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/26 06:37:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/26 06:37:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/26 06:37:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/03/18 18:02:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/03/18 18:02:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/03/18 18:02:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/03/18 18:02:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/03/18 18:02:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\InstallInfo\\ReinstallCommand: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" -SetDefault [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\InstallInfo\\ShowIconsCommand: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" -SetDefault [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\InstallInfo\\HideIconsCommand: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" -SetDefault [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\Shell\open\command\\: C:\Program Files\Maxthon3\Bin\Maxthon.exe [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe"

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/26 06:37:27 | 000,834,832 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/26 06:37:27 | 000,834,832 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/26 06:37:27 | 000,834,832 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/26 06:37:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/26 06:37:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/26 06:37:31 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/03/18 18:02:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/03/18 18:02:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/03/18 18:02:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/03/18 18:02:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/03/18 18:02:56 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\InstallInfo\\ReinstallCommand: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" -SetDefault [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\InstallInfo\\ShowIconsCommand: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" -SetDefault [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\InstallInfo\\HideIconsCommand: "C:\Program Files\Maxthon3\Bin\Maxthon.exe" -SetDefault [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Maxthon3\Shell\open\command\\: C:\Program Files\Maxthon3\Bin\Maxthon.exe [2012/02/15 05:34:42 | 000,096,576 | ---- | M] (Maxthon International ltd.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe"

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Files - Unicode (All) ==========
    [2011/02/03 15:29:48 | 000,000,000 | ---D | M](C:\Windows\System32\?I???I?I?I?I?I?I) -- C:\Windows\System32\&#60028;&#298;&#20189;&#30656;&#59980;&#298;&#60016;&#298;&#60020;&#298;&#60012;&#298;&#60308;&#298;&#60324;&#298;
    [2011/02/03 15:29:48 | 000,000,000 | ---D | C](C:\Windows\System32\?I???I?I?I?I?I?I) -- C:\Windows\System32\&#60028;&#298;&#20189;&#30656;&#59980;&#298;&#60016;&#298;&#60020;&#298;&#60012;&#298;&#60308;&#298;&#60324;&#298;

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
    [C:\Windows\$NtUninstallKB62280$\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
    [C:\Windows\$NtUninstallKB62280$] -> -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
    [C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
    [C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
    [C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
    [C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
    [C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Users\Larry\Desktop\video-2011-11-27-18-51-13.avi:TOC.WMV
    @Alternate Data Stream - 64 bytes -> C:\Users\Larry\Desktop\Daniel.MPG:TOC.WMV
    @Alternate Data Stream - 64 bytes -> C:\Users\Larry\Desktop\carmen_cavallaro_-_manhattan__instrumental_.avi:TOC.WMV
    @Alternate Data Stream - 64 bytes -> C:\Users\Larry\Desktop\AMCE.avi:TOC.WMV
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:DF99298A

    < End of report >
     

    Attached Files:

    • MBR.zip
      File size:
      546 bytes
      Views:
      4
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    Run the following:

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important

      Before saving Combofix to the Desktop re-name to Gotcha.exe as below:

      [​IMG]

    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  7. jud72

    jud72 Thread Starter

    Joined:
    Mar 23, 2010
    Messages:
    148
    Keith, I have run Combo fix once before with no success, This time I left it running overnight (11 hours), the flashing cursor never moved.
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    Boot to Safe mode with Networking and try again...

    Re-boot, continuously tap the F8 key until you see the Windows Advanced Menu, from the options select Safe Mode with NW.
    Ensure that your security is OFF and try Combofix again. If you see no activity after 30 mins let me know...

    Kevin
     
  9. jud72

    jud72 Thread Starter

    Joined:
    Mar 23, 2010
    Messages:
    148
    Kevin, once again I did as you directed without success. I have attached screenshots.The shot of the Recycle bin error appeared after the first time I attempted to scan and I selected 'Yes' to empty it. This time I got the message again but this time I opened the Recycle bin, before I clicked 'Yes' to empty it...it shows empty. The third shot is when I open up>>>Computer>>>C Drive. Is it normal for Combo Fix to be in there albeit under a different name?
     

    Attached Files:

  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    Yes is normal to see Combofix re-named Gotcha on C:\

    Re-Run [​IMG] by double left click, Vista and Widows 7 users right click and select Run as Administrator.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      [2011/06/25 18:06:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(259)
      [2011/06/29 16:34:54 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions\toolbar@alot(258).com
      [2012/02/25 19:00:06 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
      [2012/02/20 18:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
      [2012/02/20 18:35:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
      O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
      O2 - BHO: (Online Radio 1.1 Toolbar) - {343db173-0e5a-4f2a-b7bb-71a49085d70e} - C:\Program Files\Online_Radio_1.1\tbOnli.dll (Conduit Ltd.)
      O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
      O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
      O3 - HKLM\..\Toolbar: (Online Radio 1.1 Toolbar) - {343db173-0e5a-4f2a-b7bb-71a49085d70e} - C:\Program Files\Online_Radio_1.1\tbOnli.dll (Conduit Ltd.)
      O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
      O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
      O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
      O3 - HKU\S-1-5-21-3710571124-2661178210-3455209878-1000\..\Toolbar\WebBrowser: (Online Radio 1.1 Toolbar) - {343DB173-0E5A-4F2A-B7BB-71A49085D70E} - C:\Program Files\Online_Radio_1.1\tbOnli.dll (Conduit Ltd.)
      O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found
      O33 - MountPoints2\{0fa10a73-743e-11de-8464-001f1660862f}\Shell - "" = AutoRun
      O33 - MountPoints2\{0fa10a73-743e-11de-8464-001f1660862f}\Shell\AutoRun\command - "" = F:\MediaManager.exe
      O33 - MountPoints2\{aab26a49-e6b0-11df-8059-001f1660862f}\Shell - "" = Autorun
      O33 - MountPoints2\{aab26a49-e6b0-11df-8059-001f1660862f}\Shell\verb\command - "" = C:\Windows\explorer.exe -- [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
      O33 - MountPoints2\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\Shell - "" = AutoRun
      O33 - MountPoints2\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\Shell\AutoRun\command - "" = G:\MediaManager.exe
      :Files
      ipconfig /flushdns /c
      C:\Users\Larry\AppData\Local\cxd8o8j8hsar
      C:\ProgramData\cxd8o8j8hsar
      C:\ProgramData\VGALCAJYWPP.SYS
      C:\Users\Larry\AppData\Roaming\Babylon
      :Commands
      [emptytemp]
      [CREATERESTOREPOINT]
      [Reboot]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log it produces in your next reply.

    Next,

    Run this online Quickscan by BitDefender, available here http://quickscan.bitdefender.com/# hit the Scan Now tab, when finished there is an option to "view report" do that, copy and paste to next reply....

    Let me see the following;

    • Log from OTL fix
    • Log from BitDefender quick scan...

    Kevin
     
  11. jud72

    jud72 Thread Starter

    Joined:
    Mar 23, 2010
    Messages:
    148
    Kevi, I want to make sure I am following your directions to the letter. Before I run a fresh scan with OTL, do I checkmark the items you advised me to check in your earlier post?
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    No this is different altogether, copy all of the text from the code box, paste that into the "Custom Scan/fix" box at the bottom after you open OTL.

    Then select the "Run Fix" tab at the top. Just follow the instruction in reply #10 exactly as they are written. then run BitDender quick online scan
     
  13. jud72

    jud72 Thread Starter

    Joined:
    Mar 23, 2010
    Messages:
    148
    Kevin, I just don't know what is going on. When I open OTL and copy/paste the text into the box, then click 'Run Fix', I get a very quick flash of a small box on the bottom right of my screen. It is so fast I can't read what it says. It looks to me it's some sort of security alert and it has a red bar across the top. The OTL freezes with a notification on the bar at the top 'Not Responding' My icons disappear off the Desktop and I am unable to close the programme even when I open Task manager and click 'End Now' I then have to close down using the power off button

    I have attached screenshot of OTL prior to me clicking 'Run Fix'.
     

    Attached Files:

    • OTL.jpg
      OTL.jpg
      File size:
      67.4 KB
      Views:
      1
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,163
    Re-boot into Safe Mode, ensure all security is OFF, run OTL again. If OK re-boot to Normal Mode and run BitDefender Online Scan
     
  15. jud72

    jud72 Thread Starter

    Joined:
    Mar 23, 2010
    Messages:
    148
    Kevin, I am keeping my fingers crossed. After I had run Bit Defender, I didn't get an option to view or save report, So I have attached a screenshot.



    All processes killed
    ========== OTL ==========
    Folder C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(259)\ not found.
    Folder C:\Users\Larry\AppData\Roaming\Mozilla\Firefox\Profiles\n7iv2ybk.default\ex tensions\toolbar@alot(258).com\ not found.
    Folder C:\Program Files\Mozilla Firefox\extensions\[email protected]\ not found.
    Folder C:\Program Files\Mozilla Firefox\distribution\extensions\ not found.
    Folder C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{343db173-0e5a-4f2a-b7bb-71a49085d70e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{343db173-0e5a-4f2a-b7bb-71a49085d70e}\ not found.
    File C:\Program Files\Online_Radio_1.1\tbOnli.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    File C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{343db173-0e5a-4f2a-b7bb-71a49085d70e} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{343db173-0e5a-4f2a-b7bb-71a49085d70e}\ not found.
    File C:\Program Files\Online_Radio_1.1\tbOnli.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    File C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    File C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
    Registry value HKEY_USERS\S-1-5-21-3710571124-2661178210-3455209878-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3710571124-2661178210-3455209878-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
    File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
    Registry value HKEY_USERS\S-1-5-21-3710571124-2661178210-3455209878-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{343DB173-0E5A-4F2A-B7BB-71A49085D70E} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{343DB173-0E5A-4F2A-B7BB-71A49085D70E}\ not found.
    File C:\Program Files\Online_Radio_1.1\tbOnli.dll not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fa10a73-743e-11de-8464-001f1660862f}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fa10a73-743e-11de-8464-001f1660862f}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fa10a73-743e-11de-8464-001f1660862f}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fa10a73-743e-11de-8464-001f1660862f}\ not found.
    File F:\MediaManager.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aab26a49-e6b0-11df-8059-001f1660862f}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aab26a49-e6b0-11df-8059-001f1660862f}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aab26a49-e6b0-11df-8059-001f1660862f}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aab26a49-e6b0-11df-8059-001f1660862f}\ not found.
    Item C:\Windows\explorer.exe is whitelisted and cannot be moved.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc2b3b5c-6ed6-11de-b9ec-001f1660862f}\ not found.
    File G:\MediaManager.exe not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Larry\Desktop\cmd.bat deleted successfully.
    C:\Users\Larry\Desktop\cmd.txt deleted successfully.
    File\Folder C:\Users\Larry\AppData\Local\cxd8o8j8hsar not found.
    File\Folder C:\ProgramData\cxd8o8j8hsar not found.
    File\Folder C:\ProgramData\VGALCAJYWPP.SYS not found.
    File\Folder C:\Users\Larry\AppData\Roaming\Babylon not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Desktop

    User: Larry
    ->Temp folder emptied: 9053520 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 19500479 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 853 bytes

    User: Public

    User: RRY-PC

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6752 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 27.00 mb



    OTL by OldTimer - Version 3.2.36.1 log created on 03092012_111209

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1044105