Jump to content

System Fix still present after full scan and reboot


LucyK

Recommended Posts

Good morning,

Our computer had been infected with the System Fix virus, being unable to open programs including IE, Firefox or Google Chrome - therefore, had been researching, and downloading removal programs on another computer.

After looking at similar websites, I downloaded and ran:

1. unhide.exe

2. tdskiller.exe

3. Malwarebytes Anti-Malware (I completed the full scan, then removed the infected files, the reboot as required)

My concern is that now that the computer has been rebooted, there is still a SystemFix icons on my desktop, in my quicklinks near the start menu, and the icon area near the time (right of the start menu).

I'm unsure what to do next, worried about re-activating anything.

I've also trying downloading dds.scr without success (unable to download at all on the infected computer, so downloaded on another and put on a usb, with the infected computer unable to open it, even when filename changed to scan.com - as suggested on bleepingcomputer.com)

Any ideas would be greatly appreciated.

Kind regards,

LucyK

Link to post
Share on other sites

Welcome to the forum.

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Welcome to the forum.

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Hi-

I am having exactly the same problem. I have enclosed my log files.

Thanks-

Link to post
Share on other sites

Thanks MrCharlie! The computer was reset yesterday, and the system fix program didn't reappear, however the Win32/Smadow.P infection was still there and deleted again.

Here are the reports:

OTL.txt:

OTL logfile created on: 12/26/2011 12:52:39 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = H:\Documents and Settings\p1\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.71% Memory free

3.85 Gb Paging File | 3.01 Gb Available in Paging File | 78.18% Paging File free

Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files

Drive C: | 298.08 Gb Total Space | 97.55 Gb Free Space | 32.72% Space Free | Partition Type: NTFS

Drive D: | 232.83 Gb Total Space | 83.51 Gb Free Space | 35.87% Space Free | Partition Type: FAT32

Drive E: | 1397.26 Gb Total Space | 1361.23 Gb Free Space | 97.42% Space Free | Partition Type: NTFS

Drive H: | 232.88 Gb Total Space | 100.43 Gb Free Space | 43.13% Space Free | Partition Type: NTFS

Drive K: | 931.51 Gb Total Space | 495.46 Gb Free Space | 53.19% Space Free | Partition Type: NTFS

Computer Name: COMPUTERA | User Name: p1 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/26 12:50:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\p1\My Documents\Downloads\OTL.exe

PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/06/02 07:44:15 | 001,546,640 | ---- | M] (Bandoo Media, inc) -- H:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe

PRC - [2011/05/26 01:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) -- H:\Program Files\Bandoo\Bandoo.exe

PRC - [2010/07/11 01:39:24 | 000,374,096 | ---- | M] (CA, Inc.) -- H:\Program Files\CA\CA Internet Security Suite\casc.exe

PRC - [2010/05/28 01:24:06 | 000,333,136 | ---- | M] (CA, Inc.) -- H:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

PRC - [2010/05/28 01:24:06 | 000,288,080 | ---- | M] (CA, Inc.) -- H:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe

PRC - [2010/05/28 01:24:06 | 000,271,696 | ---- | M] (CA, Inc.) -- H:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe

PRC - [2010/05/28 01:24:06 | 000,222,544 | ---- | M] (CA, Inc.) -- H:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

PRC - [2010/03/25 10:59:42 | 000,910,296 | ---- | M] (Mozilla Corporation) -- H:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/01/12 22:46:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2009/12/03 11:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- H:\Program Files\Epson Software\Event Manager\EEventManager.exe

PRC - [2009/11/11 23:03:51 | 000,259,312 | ---- | M] (CA, Inc.) -- H:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

PRC - [2009/11/11 23:03:51 | 000,128,240 | ---- | M] (Computer Associates International, Inc.) -- H:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe

PRC - [2009/09/14 17:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- H:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE

PRC - [2009/09/14 17:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- H:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE

PRC - [2009/08/27 00:53:11 | 000,021,744 | ---- | M] (CA) -- H:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOEApp.exe

PRC - [2009/08/27 00:53:11 | 000,014,064 | ---- | M] (CA) -- H:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe

PRC - [2009/08/12 04:37:32 | 000,636,144 | ---- | M] (CA, Inc.) -- H:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe

PRC - [2009/06/23 19:54:11 | 000,443,832 | ---- | M] (CallingID Ltd.) -- H:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Light\CAGlobalLight.exe

PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- H:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

PRC - [2008/12/12 12:37:28 | 000,154,104 | ---- | M] (CA) -- H:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe

PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

PRC - [2008/09/29 19:48:58 | 000,283,888 | ---- | M] (CA, Inc.) -- H:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

PRC - [2008/04/14 19:42:30 | 000,060,416 | ---- | M] (Microsoft Corporation) -- H:\Program Files\Outlook Express\msimn.exe

PRC - [2008/04/14 19:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe

PRC - [2008/01/28 13:55:10 | 001,413,120 | ---- | M] () -- H:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe

PRC - [2008/01/28 11:42:10 | 001,352,704 | ---- | M] () -- H:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe

PRC - [2008/01/24 13:53:16 | 000,613,376 | R--- | M] () -- H:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe

PRC - [2008/01/09 11:17:18 | 000,627,200 | ---- | M] () -- H:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe

PRC - [2007/12/04 11:47:38 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) -- H:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe

PRC - [2007/06/13 05:54:28 | 000,516,096 | ---- | M] (Marvell) -- H:\Program Files\Marvell\61xx\tray\zRaidTray.exe

PRC - [2007/06/13 05:54:12 | 000,061,440 | ---- | M] () -- H:\Program Files\Marvell\61xx\svc\mvraidsvc.exe

PRC - [2007/02/20 12:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- H:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

PRC - [2006/02/01 17:45:54 | 000,098,304 | ---- | M] (Nero AG) -- H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2002/12/17 11:43:16 | 000,045,056 | ---- | M] () -- H:\WINDOWS\system32\InstallHardware.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/25 01:50:17 | 006,277,280 | ---- | M] () -- H:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2011/05/26 01:55:28 | 001,524,112 | ---- | M] () -- H:\WINDOWS\system32\bandoolmx.dll

MOD - [2010/03/25 10:59:42 | 001,014,744 | ---- | M] () -- H:\Program Files\Mozilla Firefox\js3250.dll

MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009/08/27 00:53:11 | 000,992,496 | ---- | M] () -- H:\Program Files\ISSThirdParty\libetpki_openssl_crypto.dll

MOD - [2009/08/27 00:53:11 | 000,066,800 | ---- | M] () -- H:\Program Files\ISSThirdParty\DKIM.dll

MOD - [2008/04/14 19:42:00 | 000,014,336 | ---- | M] () -- H:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/14 19:41:52 | 000,059,904 | ---- | M] () -- H:\WINDOWS\system32\devenum.dll

MOD - [2008/01/28 13:55:10 | 001,413,120 | ---- | M] () -- H:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe

MOD - [2008/01/28 11:42:10 | 001,352,704 | ---- | M] () -- H:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe

MOD - [2008/01/24 13:53:16 | 000,613,376 | R--- | M] () -- H:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe

MOD - [2008/01/17 19:46:20 | 000,053,248 | R--- | M] () -- H:\Program Files\ASUS\AASP\1.00.59\cpuutil.dll

MOD - [2008/01/16 21:08:46 | 000,208,896 | ---- | M] () -- H:\Program Files\ASUS\Ai Suite\AiNap\AiNap.dll

MOD - [2008/01/09 11:17:18 | 000,627,200 | ---- | M] () -- H:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe

MOD - [2008/01/08 14:36:10 | 000,187,904 | R--- | M] () -- H:\Program Files\ASUS\AASP\1.00.59\aasp.dll

MOD - [2008/01/07 21:38:50 | 000,409,088 | ---- | M] () -- H:\Program Files\ASUS\Ai Suite\EnergySaving\AnimationView.dll

MOD - [2007/06/13 05:54:12 | 000,061,440 | ---- | M] () -- H:\Program Files\Marvell\61xx\svc\mvraidsvc.exe

MOD - [2007/04/03 08:19:22 | 000,355,112 | ---- | M] () -- H:\WINDOWS\system32\msjetoledb40.dll

MOD - [2006/10/01 21:49:16 | 000,389,120 | ---- | M] () -- H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeXMP.dll

MOD - [2006/01/10 19:50:20 | 000,024,576 | R--- | M] () -- H:\WINDOWS\system32\AsIO.dll

MOD - [2005/06/22 20:39:56 | 000,204,851 | R--- | M] () -- H:\Program Files\ASUS\AASP\1.00.59\PowerDll.dll

MOD - [2002/12/17 11:43:16 | 000,045,056 | ---- | M] () -- H:\WINDOWS\system32\InstallHardware.exe

MOD - [2002/10/16 04:21:28 | 000,319,488 | ---- | M] () -- H:\WINDOWS\system32\MultLang.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- H:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011/05/26 01:54:58 | 001,617,296 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- H:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)

SRV - [2010/05/28 01:24:06 | 000,288,080 | ---- | M] (CA, Inc.) [Auto | Running] -- H:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)

SRV - [2010/05/28 01:24:06 | 000,222,544 | ---- | M] (CA, Inc.) [On_Demand | Running] -- H:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)

SRV - [2010/01/12 22:46:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/11/11 23:03:51 | 000,259,312 | ---- | M] (CA, Inc.) [On_Demand | Running] -- H:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)

SRV - [2009/11/11 23:03:51 | 000,128,240 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- H:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)

SRV - [2009/09/14 17:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- H:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)

SRV - [2009/09/14 17:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- H:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)

SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- H:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)

SRV - [2008/12/12 12:37:28 | 000,154,104 | ---- | M] (CA) [Auto | Running] -- H:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)

SRV - [2008/09/29 19:48:58 | 000,283,888 | ---- | M] (CA, Inc.) [Auto | Running] -- H:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)

SRV - [2007/12/04 11:47:38 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- H:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)

SRV - [2007/06/13 05:54:12 | 000,061,440 | ---- | M] () [On_Demand | Running] -- H:\Program Files\Marvell\61xx\svc\mvraidsvc.exe -- (Marvell RAID)

SRV - [2007/05/23 11:17:02 | 000,020,539 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- H:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe -- (MRUWebService)

SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- H:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)

========== Driver Services (SafeList) ==========

DRV - [2010/06/04 03:03:17 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- H:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE)

DRV - [2010/06/04 03:03:17 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT)

DRV - [2009/10/30 01:37:38 | 000,161,008 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- H:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT)

DRV - [2009/10/30 01:37:38 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- H:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT)

DRV - [2009/10/30 01:37:38 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- H:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT)

DRV - [2009/10/30 01:37:38 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- H:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC)

DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2009/06/25 15:10:12 | 000,145,912 | ---- | M] (CA) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)

DRV - [2009/06/25 15:10:10 | 000,108,024 | ---- | M] (CA) [Kernel | Boot | Running] -- H:\WINDOWS\System32\DRIVERS\kmxstart.sys -- (KmxStart)

DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\MPE.sys -- (MPE)

DRV - [2007/12/17 20:14:05 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2007/11/01 19:56:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)

DRV - [2007/06/15 18:52:02 | 000,143,256 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- H:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)

DRV - [2007/03/27 06:21:06 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2006/12/12 12:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)

DRV - [2005/12/21 10:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)

DRV - [2005/12/21 10:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)

DRV - [2005/12/21 10:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)

DRV - [2004/08/14 05:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-789336058-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1060933

IE - HKU\S-1-5-21-343818398-789336058-1801674531-1003\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - H:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-343818398-789336058-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-789336058-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q="

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.ninemsn.com.au/"

FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.5.0.12

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: H:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: H:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: H:\Documents and Settings\p1\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: H:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: H:\Documents and Settings\p1\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: H:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox [2009/08/27 00:53:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: H:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2009/08/27 00:53:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2011/10/08 18:16:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins [2011/10/08 01:07:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: H:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox [2009/08/27 00:53:41 | 000,000,000 | ---D | M]

[2011/06/18 02:27:49 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\p1\Application Data\Mozilla\Extensions

[2009/03/08 23:37:51 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\p1\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2011/12/25 19:09:02 | 000,000,000 | ---D | M] (No name found) -- H:\Documents and Settings\p1\Application Data\Mozilla\Firefox\Profiles\rfb61774.default\extensions

[2011/08/23 10:46:15 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- H:\Documents and Settings\p1\Application Data\Mozilla\Firefox\Profiles\rfb61774.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

[2009/09/02 10:55:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- H:\Documents and Settings\p1\Application Data\Mozilla\Firefox\Profiles\rfb61774.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/11/12 13:30:08 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- H:\Documents and Settings\p1\Application Data\Mozilla\Firefox\Profiles\rfb61774.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}

[2010/07/31 21:39:08 | 000,000,000 | ---D | M] (DownloadHelper) -- H:\Documents and Settings\p1\Application Data\Mozilla\Firefox\Profiles\rfb61774.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/08/23 10:46:15 | 000,000,000 | ---D | M] ("YouTube Video Download Wizard") -- H:\Documents and Settings\p1\Application Data\Mozilla\Firefox\Profiles\rfb61774.default\extensions\ytvdw@pgport.com

[2010/10/15 10:01:58 | 000,010,025 | ---- | M] () -- H:\Documents and Settings\p1\Application Data\Mozilla\Firefox\Profiles\rfb61774.default\searchplugins\mywebsearch.xml

[2011/06/18 02:27:31 | 000,002,501 | ---- | M] () -- H:\Documents and Settings\p1\Application Data\Mozilla\Firefox\Profiles\rfb61774.default\searchplugins\SearchResults.xml

[2011/12/25 19:09:02 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\extensions

[2010/01/29 23:26:17 | 002,445,312 | ---- | M] (DNAML Pty Ltd) -- H:\Program Files\mozilla firefox\plugins\npdbplug.dll

[2010/03/20 10:38:57 | 000,001,538 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2010/03/20 10:38:57 | 000,000,947 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2008/06/19 18:53:24 | 000,000,912 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\conduit.xml

[2010/03/20 10:38:57 | 000,000,769 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2011/06/18 02:27:31 | 000,002,501 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

[2010/03/20 10:38:57 | 000,001,135 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = H:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = H:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = H:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = H:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = H:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Platform SE 6 U12 (Enabled) = H:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U12 (Enabled) = H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = H:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: DNL Reader (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npdbplug.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = H:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = H:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = H:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Facebook Plugin (Enabled) = H:\Documents and Settings\p1\Application Data\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = H:\Documents and Settings\p1\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Google Earth Plugin (Enabled) = H:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = H:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = H:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = H:\Documents and Settings\p1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\

CHR - Extension: Google Search = H:\Documents and Settings\p1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Gmail = H:\Documents and Settings\p1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

Hosts file not found

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - H:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()

O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - H:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - Reg Error: Value error. File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - H:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - H:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - H:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - H:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)

O2 - BHO: (CA Toolbar Helper) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - H:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)

O3 - HKLM\..\Toolbar: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - H:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)

O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - H:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - Reg Error: Value error. File not found

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - H:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - H:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - H:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-343818398-789336058-1801674531-1003\..\Toolbar\WebBrowser: (CA Toolbar) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - H:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll (CallingID Ltd.)

O3 - HKU\S-1-5-21-343818398-789336058-1801674531-1003\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - H:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-343818398-789336058-1801674531-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] H:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe_ID0EYTHM] H:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ai Nap] H:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()

O4 - HKLM..\Run: [Alcmtr] H:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [ASUS Energy Saving] H:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe ()

O4 - HKLM..\Run: [capfasem] H:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)

O4 - HKLM..\Run: [capfupgrade] H:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)

O4 - HKLM..\Run: [CAPPActiveProtection] H:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe (CA, Inc.)

O4 - HKLM..\Run: [CAVRID] H:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)

O4 - HKLM..\Run: [cctray] H:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)

O4 - HKLM..\Run: [Cpu Level Up help] H:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()

O4 - HKLM..\Run: [CPU Power Monitor] H:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()

O4 - HKLM..\Run: [DATAMNGR] H:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [EEventManager] H:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [EPSON Stylus CX3700 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [installHardware] H:\WINDOWS\system32\InstallHardware.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] H:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NWEReboot] File not found

O4 - HKLM..\Run: [nwiz] H:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QOELOADER] H:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe (CA)

O4 - HKLM..\Run: [sBqDkHtcpJbcHA.exe] H:\Documents and Settings\All Users\Application Data\sBqDkHtcpJbcHA.exe File not found

O4 - HKLM..\Run: [uSB2Check] H:\WINDOWS\System32\PCLECoInst.dll (Pinnacle Systems)

O4 - HKLM..\Run: [uSBToolTip] H:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)

O4 - HKU\S-1-5-21-343818398-789336058-1801674531-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-343818398-789336058-1801674531-1003..\Run: [EPSON TX120 NX120 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGP.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found

O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found

O4 - Startup: H:\Documents and Settings\p1\Start Menu\Programs\Startup\MarvellTrayStartup.lnk = H:\Program Files\Marvell\61xx\tray\RaidTray.bat ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-343818398-789336058-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-343818398-789336058-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-343818398-789336058-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O8 - Extra context menu item: Append to existing PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)

O15 - HKU\S-1-5-21-343818398-789336058-1801674531-1003\..Trusted Ranges: Marvell ([http] in Local intranet)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D13DB574-0778-476C-9A06-85FDA65FDCDA}: DhcpNameServer = 192.168.1.254

O20 - AppInit_DLLs: (h:\progra~1\wi371a~1\datamngr\datamngr.dll) -h:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (h:\progra~1\wi371a~1\datamngr\iebho.dll) -h:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (umxsbxexw.dll) -H:\WINDOWS\System32\UmxSbxExw.dll (CA)

O20 - AppInit_DLLs: (h:\progra~1\bandoo\bndhook.dll) -h:\Program Files\Bandoo\BndHook.dll (Discordia Limited)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -H:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) -H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-343818398-789336058-1801674531-1003 Winlogon: Shell - (H:\Documents and Settings\p1\Local Settings\Application Data\c817b66f\X) -H:\Documents and Settings\p1\Local Settings\Application Data\c817b66f\X ()

O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - H:\WINDOWS\System32\UmxWNP.dll (CA)

O24 - Desktop Components:0 () - file:///H:/DOCUME~1/p1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

O24 - Desktop Components:1 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: H:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: H:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - H:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/05/07 19:03:54 | 000,000,036 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/04/24 01:12:17 | 000,000,067 | ---- | M] () - K:\Autorun.inf -- [ NTFS ]

O33 - MountPoints2\{e79b4a6a-9f9a-11de-aa0d-001fc6852801}\Shell - "" = AutoRun

O33 - MountPoints2\{e79b4a6a-9f9a-11de-aa0d-001fc6852801}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{e79b4a6a-9f9a-11de-aa0d-001fc6852801}\Shell\AutoRun\command - "" = H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\Recycled\deskinf.pif

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/23 21:58:55 | 000,000,000 | ---D | C] -- H:\Documents and Settings\p1\Local Settings\Application Data\PCHealth

[2011/12/23 20:20:02 | 000,000,000 | ---D | C] -- H:\Documents and Settings\p1\Application Data\Malwarebytes

[2011/12/23 20:19:54 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/12/23 20:19:53 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/12/23 20:19:50 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbam.sys

[2011/12/23 20:19:49 | 000,000,000 | ---D | C] -- H:\Program Files\Malwarebytes' Anti-Malware

[2011/12/23 01:36:01 | 000,000,000 | R--D | C] -- H:\Documents and Settings\p1\Recent

[2011/12/22 23:50:17 | 000,000,000 | ---D | C] -- H:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/12/22 23:50:16 | 000,000,000 | ---D | C] -- H:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/12/22 23:40:44 | 000,000,000 | ---D | C] -- H:\Documents and Settings\p1\Application Data\Vyah

[2011/12/22 23:40:44 | 000,000,000 | ---D | C] -- H:\Documents and Settings\p1\Application Data\Qaov

[2011/12/22 23:25:48 | 000,000,000 | -HSD | C] -- H:\Documents and Settings\p1\Local Settings\Application Data\c817b66f

[2011/12/22 22:41:32 | 000,000,000 | ---D | C] -- H:\Documents and Settings\p1\Desktop\New Folder - video

[2011/12/22 21:16:07 | 000,000,000 | ---D | C] -- H:\Documents and Settings\p1\Desktop\Dan's wedding video

[2011/12/22 20:24:32 | 000,000,000 | ---D | C] -- H:\Documents and Settings\p1\Desktop\Nick Jane century

[2011/12/18 09:21:45 | 000,000,000 | ---D | C] -- H:\Documents and Settings\p1\Desktop\16122011 - U16 v Mont Albert

[2011/12/18 09:08:42 | 000,000,000 | ---D | C] -- H:\Documents and Settings\p1\Desktop\17122011 - 2nd XI v Old Carey

[2011/12/06 22:37:49 | 000,000,000 | ---D | C] -- H:\Documents and Settings\p1\Desktop\25112011 - U16A

[2011/11/28 00:11:58 | 000,000,000 | ---D | C] -- H:\Documents and Settings\p1\Local Settings\Application Data\Facebook

[2011/11/27 13:58:21 | 000,000,000 | ---D | C] -- H:\Documents and Settings\p1\Desktop\Chris Petrie's birthday brunch

[2010/02/13 11:35:03 | 000,941,064 | ---- | C] (Inbox.com, Inc. ) -- H:\Program Files\VideosSetup.exe

[2010/02/11 18:55:40 | 001,341,176 | ---- | C] (CA) -- H:\Program Files\issdm_ca_en.exe

[2010/01/14 19:07:52 | 077,976,864 | ---- | C] (Apple Inc.) -- H:\Program Files\iTunesSetup(2).exe

[2010/01/08 16:56:30 | 000,318,904 | ---- | C] (Microsoft Corporation) -- H:\Program Files\wmpfirefoxplugin.exe

[2009/12/02 21:15:53 | 001,925,024 | ---- | C] (Adobe Systems Incorporated) -- H:\Program Files\install_flash_player.exe

[2009/08/27 00:45:31 | 035,812,552 | ---- | C] (CA, Inc.) -- H:\Program Files\aspamwi_en_32.exe

[2009/08/27 00:42:17 | 000,361,536 | ---- | C] (CA Inc.) -- H:\Program Files\aspamwi_ca_32_en.exe

[2009/06/26 00:15:45 | 001,312,384 | ---- | C] (Indigo Rose Corporation http://www.indigorose.com) -- H:\Program Files\sampletoolkit.exe

[2009/04/24 09:44:47 | 028,868,320 | ---- | C] (Microsoft Corporation) -- H:\Program Files\FileFormatConverters.exe

[2009/04/03 01:09:39 | 000,766,080 | ---- | C] (Ahead Software AG

im Stoeckmaedle 6

76307 Karlsbad, Germany

e-mail: info@nero.com) -- H:\Program Files\EasyWriteReader.exe

[2009/03/03 21:40:01 | 001,216,536 | ---- | C] (CA) -- H:\Program Files\issdm_ca_64_en.exe

[2008/12/23 01:16:39 | 000,329,728 | ---- | C] (Microsoft Corporation) -- H:\Program Files\netsetup.exe

[2007/10/14 20:35:00 | 000,040,960 | ---- | C] ( ) -- H:\WINDOWS\OMNIUNS.EXE

[6 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

[2 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/26 12:20:03 | 000,000,986 | ---- | M] () -- H:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-789336058-1801674531-1003UA.job

[2011/12/26 12:15:00 | 000,000,878 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/26 07:35:13 | 000,441,046 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat

[2011/12/26 07:35:13 | 000,070,484 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat

[2011/12/26 07:31:22 | 000,000,236 | ---- | M] () -- H:\WINDOWS\System32\61xx.xml

[2011/12/26 07:31:21 | 000,000,009 | ---- | M] () -- H:\WINDOWS\mvraidver.dat

[2011/12/26 07:30:40 | 000,000,004 | ---- | M] () -- H:\WINDOWS\Twain001.Mtx

[2011/12/26 07:30:22 | 000,000,260 | ---- | M] () -- H:\WINDOWS\tasks\WGASetup.job

[2011/12/26 07:30:21 | 000,000,156 | ---- | M] () -- H:\WINDOWS\Twunk001.MTX

[2011/12/26 07:29:51 | 000,000,874 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/26 07:29:51 | 000,000,236 | ---- | M] () -- H:\WINDOWS\tasks\OGALogon.job

[2011/12/26 07:29:50 | 000,000,432 | ---- | M] () -- H:\WINDOWS\tasks\RegCure Program Check.job

[2011/12/26 07:29:34 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat

[2011/12/26 00:20:48 | 000,000,116 | ---- | M] () -- H:\WINDOWS\NeroDigital.ini

[2011/12/26 00:17:00 | 000,000,964 | ---- | M] () -- H:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-789336058-1801674531-1003Core.job

[2011/12/25 22:58:58 | 000,002,206 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl

[2011/12/25 22:51:54 | 000,475,204 | ---- | M] () -- H:\Documents and Settings\p1\Desktop\lucy07.1.jpg

[2011/12/25 18:00:00 | 000,000,438 | ---- | M] () -- H:\WINDOWS\tasks\ParetoLogic Registration3.job

[2011/12/25 12:56:27 | 000,399,835 | ---- | M] () -- H:\Documents and Settings\p1\Desktop\lucy07.jpg

[2011/12/25 12:55:26 | 002,624,214 | ---- | M] () -- H:\Documents and Settings\p1\Desktop\lucy070.jpg

[2011/12/25 11:23:43 | 000,018,944 | ---- | M] () -- H:\Documents and Settings\p1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/24 14:06:42 | 000,000,512 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\OIXQyeSIk6p27r

[2011/12/24 12:58:47 | 000,000,320 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\~OIXQyeSIk6p27r

[2011/12/24 12:58:47 | 000,000,224 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\~OIXQyeSIk6p27rr

[2011/12/24 11:25:34 | 000,006,554 | ---- | M] () -- H:\WINDOWS\DNAPrinters.ini

[2011/12/23 01:31:13 | 000,000,062 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\OIXQyeSIk6p27r.lic

[2011/12/22 17:51:17 | 000,000,366 | ---- | M] () -- H:\WINDOWS\tasks\RegCure.job

[2011/12/22 02:19:00 | 000,000,370 | ---- | M] () -- H:\WINDOWS\tasks\PC Health Advisor Defrag.job

[2011/12/21 00:43:03 | 000,000,412 | ---- | M] () -- H:\WINDOWS\tasks\ParetoLogic Update Version3.job

[2011/12/19 22:18:01 | 000,000,284 | ---- | M] () -- H:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/12/17 11:57:05 | 000,190,437 | ---- | M] () -- H:\Documents and Settings\p1\Desktop\39 Heather Ave, Keilor East.htm

[2011/12/16 19:35:30 | 000,115,331 | ---- | M] () -- H:\Documents and Settings\p1\Desktop\LIQOUR LICENCE.pdf

[2011/12/16 14:18:32 | 000,001,860 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2011/12/15 08:20:49 | 001,571,520 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT

[2011/12/15 03:26:31 | 000,001,393 | ---- | M] () -- H:\WINDOWS\imsins.BAK

[2011/12/04 14:47:47 | 000,002,137 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\iTunes.lnk

[6 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

[2 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/25 22:51:52 | 000,475,204 | ---- | C] () -- H:\Documents and Settings\p1\Desktop\lucy07.1.jpg

[2011/12/25 12:56:25 | 000,399,835 | ---- | C] () -- H:\Documents and Settings\p1\Desktop\lucy07.jpg

[2011/12/25 11:23:39 | 002,624,214 | ---- | C] () -- H:\Documents and Settings\p1\Desktop\lucy070.jpg

[2011/12/23 01:31:13 | 000,000,062 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\OIXQyeSIk6p27r.lic

[2011/12/22 23:42:20 | 000,000,320 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\~OIXQyeSIk6p27r

[2011/12/22 23:42:20 | 000,000,224 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\~OIXQyeSIk6p27rr

[2011/12/22 23:32:47 | 000,000,512 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\OIXQyeSIk6p27r

[2011/12/17 11:57:05 | 000,190,437 | ---- | C] () -- H:\Documents and Settings\p1\Desktop\39 Heather Ave, Keilor East.htm

[2011/12/16 19:35:30 | 000,115,331 | ---- | C] () -- H:\Documents and Settings\p1\Desktop\LIQOUR LICENCE.pdf

[2011/11/28 00:12:01 | 000,000,986 | ---- | C] () -- H:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-789336058-1801674531-1003UA.job

[2011/11/28 00:12:01 | 000,000,964 | ---- | C] () -- H:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-789336058-1801674531-1003Core.job

[2011/09/19 02:12:08 | 000,000,740 | ---- | C] () -- H:\WINDOWS\eReg.dat

[2011/07/17 19:35:37 | 000,363,520 | ---- | C] () -- H:\WINDOWS\System32\PsisDecd.dll

[2011/07/03 23:53:54 | 000,000,034 | ---- | C] () -- H:\WINDOWS\cdplayer.ini

[2011/06/18 02:29:37 | 001,524,112 | ---- | C] () -- H:\WINDOWS\System32\bandoolmx.dll

[2011/05/31 11:04:12 | 000,000,000 | ---- | C] () -- H:\WINDOWS\EEventManager.INI

[2010/07/11 16:27:42 | 000,061,472 | ---- | C] () -- H:\WINDOWS\System32\mlfcache.dat

[2010/01/29 23:26:18 | 001,025,688 | ---- | C] () -- H:\WINDOWS\dbplugin.exe

[2010/01/29 23:26:18 | 000,241,744 | ---- | C] () -- H:\WINDOWS\System32\DNLEng.dll

[2010/01/29 23:25:25 | 001,137,320 | ---- | C] () -- H:\Program Files\dnlsetup.exe

[2010/01/12 23:01:22 | 002,463,976 | ---- | C] () -- H:\WINDOWS\System32\NPSWF32.dll

[2009/12/27 15:38:52 | 000,000,074 | ---- | C] () -- H:\WINDOWS\MPLAYER.INI

[2009/11/25 15:51:54 | 008,486,872 | ---- | C] () -- H:\Program Files\FCTBSetup(2).exe

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- H:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- H:\WINDOWS\System32\OGAEXEC.exe

[2009/07/09 22:47:19 | 000,006,554 | ---- | C] () -- H:\WINDOWS\DNAPrinters.ini

[2009/04/08 01:06:02 | 002,931,168 | ---- | C] () -- H:\Program Files\FCSetup.exe

[2009/04/08 00:42:50 | 000,000,396 | ---- | C] () -- H:\WINDOWS\wininit.ini

[2009/03/11 08:27:02 | 000,092,240 | ---- | C] () -- H:\WINDOWS\System32\EPPICPrinterDB.dat

[2009/03/11 08:27:02 | 000,001,146 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_DU.dat

[2009/03/11 08:27:02 | 000,001,136 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_ES.dat

[2009/03/11 08:27:02 | 000,001,129 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_CF.dat

[2009/03/11 08:27:02 | 000,001,120 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_IT.dat

[2009/03/11 08:27:02 | 000,001,107 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_GE.dat

[2009/03/11 08:27:02 | 000,001,104 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_EN.dat

[2009/03/11 08:27:02 | 000,000,099 | ---- | C] () -- H:\WINDOWS\System32\PICSDK.ini

[2009/03/11 08:27:01 | 000,026,154 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern1.dat

[2009/03/11 08:27:01 | 000,024,903 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern3.dat

[2009/03/11 08:27:01 | 000,021,390 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern5.dat

[2009/03/11 08:27:01 | 000,020,148 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern2.dat

[2009/03/11 08:27:01 | 000,011,811 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern4.dat

[2009/03/11 08:27:01 | 000,004,943 | ---- | C] () -- H:\WINDOWS\System32\EPPICPattern6.dat

[2009/03/11 08:27:01 | 000,001,139 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_PT.dat

[2009/03/11 08:27:01 | 000,001,139 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_BP.dat

[2009/03/11 08:27:01 | 000,001,129 | ---- | C] () -- H:\WINDOWS\System32\EPPICPresetData_FR.dat

[2009/03/10 17:02:21 | 000,000,025 | ---- | C] () -- H:\WINDOWS\CDE CX3700EC.ini

[2009/03/04 19:41:16 | 000,001,172 | ---- | C] () -- H:\WINDOWS\mozver.dat

[2009/02/25 09:13:55 | 000,000,664 | ---- | C] () -- H:\WINDOWS\System32\d3d9caps.dat

[2008/11/02 14:59:50 | 000,524,288 | ---- | C] () -- H:\WINDOWS\System32\drivers\CnxE2FS.bin

[2008/11/02 14:51:22 | 002,741,380 | ---- | C] () -- H:\WINDOWS\System32\drivers\CnxE2Fw.bin

[2008/09/27 00:08:46 | 000,319,488 | ---- | C] () -- H:\WINDOWS\System32\MultLang.dll

[2008/09/27 00:08:46 | 000,304,956 | ---- | C] () -- H:\WINDOWS\System32\fw-usb.bin

[2008/09/27 00:08:46 | 000,204,800 | ---- | C] () -- H:\WINDOWS\System32\WaitMsg.exe

[2008/09/27 00:08:46 | 000,110,592 | ---- | C] () -- H:\WINDOWS\System32\Utility.exe

[2008/09/27 00:08:46 | 000,106,496 | ---- | C] () -- H:\WINDOWS\System32\Cleanup.exe

[2008/09/27 00:08:46 | 000,090,112 | ---- | C] () -- H:\WINDOWS\System32\AMEUninst2000.exe

[2008/09/27 00:08:46 | 000,081,920 | ---- | C] () -- H:\WINDOWS\System32\NotifyPhoneBook.exe

[2008/09/27 00:08:46 | 000,065,536 | ---- | C] () -- H:\WINDOWS\System32\RasXP.exe

[2008/09/27 00:08:46 | 000,045,056 | ---- | C] () -- H:\WINDOWS\System32\InstallHardware.exe

[2008/09/27 00:08:46 | 000,045,056 | ---- | C] () -- H:\WINDOWS\System32\GainSettings.exe

[2008/09/27 00:08:46 | 000,036,864 | ---- | C] () -- H:\WINDOWS\System32\Ras2000.exe

[2008/09/27 00:08:46 | 000,036,864 | ---- | C] () -- H:\WINDOWS\System32\CustomizeNdisParams.exe

[2008/09/27 00:08:46 | 000,036,864 | ---- | C] () -- H:\WINDOWS\System32\AMEInstall.exe

[2008/09/27 00:08:46 | 000,032,768 | ---- | C] () -- H:\WINDOWS\System32\SetIpConfig2000Xp.exe

[2008/09/27 00:08:46 | 000,032,768 | ---- | C] () -- H:\WINDOWS\System32\RemDial.exe

[2008/09/27 00:08:46 | 000,028,672 | ---- | C] () -- H:\WINDOWS\System32\RShort2k.exe

[2008/09/27 00:08:46 | 000,028,672 | ---- | C] () -- H:\WINDOWS\System32\RemoveElan.exe

[2008/09/27 00:08:46 | 000,028,672 | ---- | C] () -- H:\WINDOWS\System32\PnpFix.exe

[2008/09/27 00:08:46 | 000,028,672 | ---- | C] () -- H:\WINDOWS\System32\AMELaunchUninst.exe

[2008/09/27 00:08:46 | 000,024,576 | ---- | C] () -- H:\WINDOWS\System32\RenCSA.exe

[2008/09/27 00:08:46 | 000,024,576 | ---- | C] () -- H:\WINDOWS\System32\DelCSA.exe

[2008/09/27 00:08:46 | 000,024,576 | ---- | C] () -- H:\WINDOWS\System32\AMECSARemove.exe

[2008/09/27 00:08:46 | 000,004,408 | ---- | C] () -- H:\WINDOWS\System32\FileList.ini

[2008/09/27 00:08:46 | 000,003,066 | ---- | C] () -- H:\WINDOWS\System32\AmeCfg.ini

[2008/09/27 00:08:46 | 000,001,208 | ---- | C] () -- H:\WINDOWS\System32\INIT-USB.BIN

[2008/09/27 00:08:46 | 000,000,313 | ---- | C] () -- H:\WINDOWS\System32\Gains.ini

[2008/09/27 00:08:46 | 000,000,101 | ---- | C] () -- H:\WINDOWS\System32\WipCfg.ini

[2008/09/27 00:08:46 | 000,000,050 | ---- | C] () -- H:\WINDOWS\System32\DSLSetup.ini

[2008/09/21 01:52:34 | 000,018,944 | ---- | C] () -- H:\Documents and Settings\p1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/09/21 01:52:34 | 000,000,116 | ---- | C] () -- H:\WINDOWS\NeroDigital.ini

[2008/09/21 00:58:54 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI

[2008/09/21 00:57:42 | 001,571,520 | ---- | C] () -- H:\WINDOWS\System32\FNTCACHE.DAT

[2008/09/20 19:41:30 | 000,000,000 | ---- | C] () -- H:\WINDOWS\nsreg.dat

[2008/09/20 17:15:30 | 000,016,384 | ---- | C] () -- H:\WINDOWS\System32\FileOps.exe

[2008/09/20 17:02:30 | 000,000,376 | ---- | C] () -- H:\WINDOWS\ODBC.INI

[2008/09/20 16:47:53 | 000,765,952 | ---- | C] () -- H:\WINDOWS\System32\xvidcore.dll

[2008/09/20 16:08:19 | 000,024,576 | R--- | C] () -- H:\WINDOWS\System32\AsIO.dll

[2008/09/20 16:08:19 | 000,012,400 | R--- | C] () -- H:\WINDOWS\System32\drivers\AsIO.sys

[2008/09/20 16:08:17 | 000,011,832 | ---- | C] () -- H:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2008/09/20 16:08:17 | 000,010,216 | ---- | C] () -- H:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2008/09/20 15:57:18 | 000,000,009 | ---- | C] () -- H:\WINDOWS\mvraidver.dat

[2008/09/20 15:50:55 | 000,049,152 | R--- | C] () -- H:\WINDOWS\System32\ChCfg.exe

[2008/09/20 15:42:26 | 000,016,253 | ---- | C] () -- H:\WINDOWS\Ascd_log.ini

[2008/09/20 15:42:01 | 000,015,953 | ---- | C] () -- H:\WINDOWS\Ascd_tmp.ini

[2008/09/20 15:42:00 | 000,005,810 | R--- | C] () -- H:\WINDOWS\System32\drivers\ASACPI.sys

[2008/09/20 15:41:50 | 000,010,288 | ---- | C] () -- H:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008/09/20 15:15:36 | 000,002,048 | --S- | C] () -- H:\WINDOWS\bootstat.dat

[2008/09/20 15:11:09 | 000,021,640 | ---- | C] () -- H:\WINDOWS\System32\emptyregdb.dat

[2008/04/14 19:55:28 | 000,001,804 | ---- | C] () -- H:\WINDOWS\System32\Dcache.bin

[2007/06/29 03:43:00 | 001,703,936 | ---- | C] () -- H:\WINDOWS\System32\nvwdmcpl.dll

[2007/06/29 03:43:00 | 001,626,112 | ---- | C] () -- H:\WINDOWS\System32\nwiz.exe

[2007/06/29 03:43:00 | 001,474,560 | ---- | C] () -- H:\WINDOWS\System32\nview.dll

[2007/06/29 03:43:00 | 001,339,392 | ---- | C] () -- H:\WINDOWS\System32\nvdspsch.exe

[2007/06/29 03:43:00 | 001,019,904 | ---- | C] () -- H:\WINDOWS\System32\nvwimg.dll

[2007/06/29 03:43:00 | 001,018,772 | ---- | C] () -- H:\WINDOWS\System32\nvucode.bin

[2007/06/29 03:43:00 | 000,466,944 | ---- | C] () -- H:\WINDOWS\System32\nvshell.dll

[2007/06/29 03:43:00 | 000,442,368 | ---- | C] () -- H:\WINDOWS\System32\nvappbar.exe

[2007/06/29 03:43:00 | 000,425,984 | ---- | C] () -- H:\WINDOWS\System32\keystone.exe

[2007/06/29 03:43:00 | 000,286,720 | ---- | C] () -- H:\WINDOWS\System32\nvnt4cpl.dll

[2007/05/23 11:17:30 | 000,047,395 | ---- | C] () -- H:\WINDOWS\php.ini

[2007/04/26 12:21:36 | 000,000,236 | ---- | C] () -- H:\WINDOWS\zraidtray.ini

[2006/12/31 21:57:08 | 000,004,569 | ---- | C] () -- H:\WINDOWS\System32\secupd.dat

[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- H:\WINDOWS\System32\OUTLPERF.INI

[2001/08/23 22:00:00 | 013,107,200 | ---- | C] () -- H:\WINDOWS\System32\oembios.bin

[2001/08/23 22:00:00 | 000,673,088 | ---- | C] () -- H:\WINDOWS\System32\mlang.dat

[2001/08/23 22:00:00 | 000,441,046 | ---- | C] () -- H:\WINDOWS\System32\perfh009.dat

[2001/08/23 22:00:00 | 000,272,128 | ---- | C] () -- H:\WINDOWS\System32\perfi009.dat

[2001/08/23 22:00:00 | 000,218,003 | ---- | C] () -- H:\WINDOWS\System32\dssec.dat

[2001/08/23 22:00:00 | 000,070,484 | ---- | C] () -- H:\WINDOWS\System32\perfc009.dat

[2001/08/23 22:00:00 | 000,046,258 | ---- | C] () -- H:\WINDOWS\System32\mib.bin

[2001/08/23 22:00:00 | 000,028,626 | ---- | C] () -- H:\WINDOWS\System32\perfd009.dat

[2001/08/23 22:00:00 | 000,004,463 | ---- | C] () -- H:\WINDOWS\System32\oembios.dat

[2001/08/23 22:00:00 | 000,000,741 | ---- | C] () -- H:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/06/18 02:29:50 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Bandoo

[2011/06/18 15:35:29 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\boost_interprocess

[2009/08/12 04:37:44 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\CA

[2011/10/23 18:54:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Emotum

[2011/05/25 21:15:31 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\EPSON

[2010/10/28 23:22:27 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\ParetoLogic

[2011/07/17 19:29:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Pinnacle

[2011/07/17 19:29:35 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Pinnacle Studio HD

[2011/07/17 19:25:12 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Pinnacle Studio Plus

[2009/01/15 22:59:58 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\PIXELA

[2010/10/28 23:03:07 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\ReviverSoft

[2011/03/25 16:41:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Solero

[2011/07/17 19:25:12 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Studio 14

[2009/07/06 02:31:34 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\TEMP

[2011/05/25 21:13:21 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\UDL

[2009/06/19 23:51:31 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2010/07/01 16:04:40 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2008/11/02 21:06:21 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}

[2010/01/13 18:32:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/06/19 01:30:58 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2011/06/18 16:12:54 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\Bandoo

[2010/01/09 22:55:16 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\Bidgood Svcs

[2011/12/26 12:58:12 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\CallingID

[2011/11/12 13:30:04 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\Complitly

[2011/10/13 22:34:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\CoreFTP

[2010/10/28 23:22:38 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\DriverCure

[2011/05/26 15:52:44 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\EPSON

[2010/06/13 22:25:09 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\Facebook

[2011/07/03 23:58:55 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\FreeAudioPack

[2009/08/27 00:49:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\GetRightToGo

[2009/10/07 13:56:58 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\LG Electronics

[2009/10/01 07:17:34 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\LimeWire

[2010/10/28 23:22:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\ParetoLogic

[2011/11/12 13:37:50 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\PriceGong

[2011/12/23 21:59:42 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\Qaov

[2011/06/22 21:46:30 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\searchquband

[2011/06/22 21:46:47 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\searchqutoolbar

[2008/11/02 21:06:33 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\uniblue

[2011/12/24 09:58:50 | 000,000,000 | ---D | M] -- H:\Documents and Settings\p1\Application Data\Vyah

[2011/12/26 00:17:00 | 000,000,964 | ---- | M] () -- H:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-789336058-1801674531-1003Core.job

[2011/12/26 12:20:03 | 000,000,986 | ---- | M] () -- H:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-789336058-1801674531-1003UA.job

[2011/12/26 07:29:51 | 000,000,236 | ---- | M] () -- H:\WINDOWS\Tasks\OGALogon.job

[2011/12/25 18:00:00 | 000,000,438 | ---- | M] () -- H:\WINDOWS\Tasks\ParetoLogic Registration3.job

[2011/12/21 00:43:03 | 000,000,412 | ---- | M] () -- H:\WINDOWS\Tasks\ParetoLogic Update Version3.job

[2011/12/22 02:19:00 | 000,000,370 | ---- | M] () -- H:\WINDOWS\Tasks\PC Health Advisor Defrag.job

[2011/12/26 07:29:50 | 000,000,432 | ---- | M] () -- H:\WINDOWS\Tasks\RegCure Program Check.job

[2011/12/22 17:51:17 | 000,000,366 | ---- | M] () -- H:\WINDOWS\Tasks\RegCure.job

[2011/12/26 07:30:22 | 000,000,260 | ---- | M] () -- H:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

and Extras:

OTL Extras logfile created on: 12/26/2011 12:52:39 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = H:\Documents and Settings\p1\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.71% Memory free

3.85 Gb Paging File | 3.01 Gb Available in Paging File | 78.18% Paging File free

Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files

Drive C: | 298.08 Gb Total Space | 97.55 Gb Free Space | 32.72% Space Free | Partition Type: NTFS

Drive D: | 232.83 Gb Total Space | 83.51 Gb Free Space | 35.87% Space Free | Partition Type: FAT32

Drive E: | 1397.26 Gb Total Space | 1361.23 Gb Free Space | 97.42% Space Free | Partition Type: NTFS

Drive H: | 232.88 Gb Total Space | 100.43 Gb Free Space | 43.13% Space Free | Partition Type: NTFS

Drive K: | 931.51 Gb Total Space | 495.46 Gb Free Space | 53.19% Space Free | Partition Type: NTFS

Computer Name: COMPUTERA | User Name: p1 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- H:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

.js [@ = jsfile] -- H:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "H:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "H:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

jsfile [open] -- "H:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1" (Macromedia, Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server

"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server

"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server

"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"H:\Program Files\MSN Messenger\livecall.exe" = H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"H:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe" = H:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe:*:Disabled:Apache HTTP Server -- (Apache Software Foundation)

"H:\Program Files\MSN Messenger\livecall.exe" = H:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"H:\Program Files\LimeWire\LimeWire.exe" = H:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire

"H:\WINDOWS\system32\drivers\svchost.exe" = H:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:Light Alloy - multimedia player

"H:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = H:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)

"J:\iPod\iTunes.exe" = J:\iPod\iTunes.exe:*:Enabled:iTunes

"H:\Program Files\Epson Software\Event Manager\EEventManager.exe" = H:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)

"H:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe" = H:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)

"H:\Program Files\Pinnacle\Studio 14\Programs\RM.exe" = H:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)

"H:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe" = H:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)

"H:\Program Files\Pinnacle\Studio 14\Programs\umi.exe" = H:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)

"H:\Program Files\Google\Google Earth\client\googleearth.exe" = H:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"D:\Drivers\SpeedTouch\STHIW\STSetup.exe" = D:\Drivers\SpeedTouch\STHIW\STSetup.exe:*:Enabled:SpeedTouch Home Install Wizard

"H:\Program Files\Google\Google Earth\plugin\geplugin.exe" = H:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

"H:\Documents and Settings\p1\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = H:\Documents and Settings\p1\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)

"H:\WINDOWS\explorer.exe" = H:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2

"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3

"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs

"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{090A04DD-318B-4D37-8D67-233C38AB42F6}" = Send to SmugMug

"{0A8C7880-F199-4807-ABD4-6E695B71A3D7}" = e-tax 2009

"{1367D815-EC9F-4e2f-9FB9-E40A075AD19B}" = DNAMigrator

"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets

"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server

"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953

"{1F698102-5739-441E-96F0-74F4EA540F06}" = Atheros Ethernet Utility

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2

"{2681A52E-FCFA-4982-A030-7B652BDD346C}" = CA Personal Firewall

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 12

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder

"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2

"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content

"{4C93C363-414E-11D4-9756-00C04F8EEB39}" = Macromedia Flash 5

"{4FB984CB-4CE4-4104-A554-D04CEFE3D690}" = Epson Easy Photo Print 2

"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate

"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3

"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com

"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver

"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.® L1 Gigabit Ethernet Driver

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{751910E3-ECF1-44D0-BF3F-2936A4424514}" = ImageMixer3

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{7A66C7E3-5212-1A19-70A7-1F0FBA691033}" = Nero 7 Premium

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{7D268154-7A31-40F2-9779-7A250914BB39}" = The Sims House Party

"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3

"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager

"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14

"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{AEAD18F3-6481-4ef4-96B5-A24D5ADAC30D}" = CA Anti-Spyware

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup

"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3

"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0

"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs

"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{BEBED42E-0BF4-11D5-928C-0060677630C4}" = NB1200 ADSL USB Modem

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3

"{CDB98E2F-7B2A-42C2-B718-F1F6B31586DF}" = CA Website Inspector

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3

"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection

"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II

"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint

"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010

"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3

"{FFD25152-1916-4744-BAAF-F2D2EBF38284}" = LG SyncManager

"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint

"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.4 Professional

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2

"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection

"Bandoo" = Bandoo

"BlazePhoto 2.0_is1" = BlazePhoto 2.0

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Conexant USB Network" = ADSL USB Modem Network Adapter

"Core FTP LE 2.1" = Core FTP LE 2.1

"EPSON Printer and Utilities" = EPSON Printer Software

"EPSON Scanner" = EPSON Scan

"EPSON TX120 NX120 Series" = EPSON TX120 NX120 Series Printer Uninstall

"EPSON TX120 NX120 Series Manual" = EPSON TX120 NX120 Series Manual

"eTrust Suite Personal" = CA Internet Security Suite

"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.95

"Freecorder Toolbar" = Freecorder Toolbar

"Freecorder4.0" = Freecorder 4.0 Application

"FTW" = Family Tree Maker

"Google Chrome" = Google Chrome

"ie8" = Windows Internet Explorer 8

"KLiteCodecPack_is1" = K-Lite Codec Pack 3.01 Basic

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile - PREVIEW

"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)

"MRW!UninstallKey" = InCD EasyWrite Reader (Ahead Software)

"mv61xxDriver" = marvell 61xx

"mv61xxMRU" = Marvell MRU

"Network Play System (Patching)" = Network Play System (Patching)

"NVIDIA Drivers" = NVIDIA Drivers

"OVT Scanner" = Uninstall OVT Scanner

"Picture Resize_is1" = Free Picture Resize Starter 4.5

"RegCure" = RegCure

"Searchqu 406 MediaBar" = Windows iLivid Toolbar

"Solero Music Viewer_is1" = Solero Music Viewer 8.0.32.2

"stax-Pinnacle_is1" = SureThing Express Labeler

"StreetsOfSimCityv1" = Streets of SimCity

"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009

"VETWIN32Vp5" = CA Anti-Virus

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 12/23/2011 5:40:25 AM | Computer Name = COMPUTERA | Source = Application Hang | ID = 1002

Description = Hanging application mbam.exe, version 1.51.0.1118, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2011 5:40:25 AM | Computer Name = COMPUTERA | Source = Application Hang | ID = 1002

Description = Hanging application mbam.exe, version 1.51.0.1118, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2011 6:20:03 PM | Computer Name = COMPUTERA | Source = Google Update | ID = 20

Description =

Error - 12/24/2011 3:20:04 PM | Computer Name = COMPUTERA | Source = Google Update | ID = 20

Description =

Error - 12/24/2011 8:32:53 PM | Computer Name = COMPUTERA | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 1.9.2.3727, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 12/25/2011 3:20:03 AM | Computer Name = COMPUTERA | Source = Google Update | ID = 20

Description =

Error - 12/25/2011 6:20:03 AM | Computer Name = COMPUTERA | Source = Google Update | ID = 20

Description =

Error - 12/25/2011 9:20:03 AM | Computer Name = COMPUTERA | Source = Google Update | ID = 20

Description =

Error - 12/25/2011 9:20:03 PM | Computer Name = COMPUTERA | Source = Google Update | ID = 20

Description =

Error - 12/25/2011 9:52:24 PM | Computer Name = COMPUTERA | Source = Application Hang | ID = 1002

Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 12/23/2011 5:11:41 AM | Computer Name = COMPUTERA | Source = Service Control Manager | ID = 7034

Description = The Windows Installer service terminated unexpectedly. It has done

this 2 time(s).

Error - 12/23/2011 5:12:05 AM | Computer Name = COMPUTERA | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Microsoft .NET Framework 3.5 SP1 Update for Windows Server

2003 and Windows XP x86 (KB982168).

Error - 12/23/2011 5:12:05 AM | Computer Name = COMPUTERA | Source = Windows Update Agent | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 and

3.5 SP1 on Windows Server 2003 and Windows XP x86 (KB2418241).

Error - 12/23/2011 5:22:13 AM | Computer Name = COMPUTERA | Source = Service Control Manager | ID = 7000

Description = The MBAMSwissArmy service failed to start due to the following error:

%%2

Error - 12/23/2011 7:42:45 AM | Computer Name = COMPUTERA | Source = EventLog | ID = 6004

Description = A driver packet received from the I/O subsystem was invalid. The

data is the packet.

Error - 12/23/2011 7:12:25 PM | Computer Name = COMPUTERA | Source = Service Control Manager | ID = 7024

Description = The Routing and Remote Access service terminated with service-specific

error 340 (0x154).

Error - 12/23/2011 9:49:15 PM | Computer Name = COMPUTERA | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring

the volume.

Error - 12/23/2011 9:50:55 PM | Computer Name = COMPUTERA | Source = Service Control Manager | ID = 7024

Description = The Routing and Remote Access service terminated with service-specific

error 340 (0x154).

Error - 12/25/2011 8:00:42 AM | Computer Name = COMPUTERA | Source = Service Control Manager | ID = 7024

Description = The Routing and Remote Access service terminated with service-specific

error 340 (0x154).

Error - 12/25/2011 4:31:28 PM | Computer Name = COMPUTERA | Source = Service Control Manager | ID = 7024

Description = The Routing and Remote Access service terminated with service-specific

error 340 (0x154).

< End of report >

Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - Reg Error: Value error. File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [NWEReboot] File not found
    O4 - HKLM..\Run: [sBqDkHtcpJbcHA.exe] H:\Documents and Settings\All Users\Application Data\sBqDkHtcpJbcHA.exe File not found
    O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
    O20 - HKU\S-1-5-21-343818398-789336058-1801674531-1003 Winlogon: Shell - (H:\Documents and Settings\p1\Local Settings\Application Data\c817b66f\X) -H:\Documents and Settings\p1\Local Settings\Application Data\c817b66f\X ()
    [2011/12/22 23:40:44 | 000,000,000 | ---D | C] -- H:\Documents and Settings\p1\Application Data\Vyah
    [2011/12/22 23:40:44 | 000,000,000 | ---D | C] -- H:\Documents and Settings\p1\Application Data\Qaov
    [2011/12/22 23:25:48 | 000,000,000 | -HSD | C] -- H:\Documents and Settings\p1\Local Settings\Application Data\c817b66f
    [2011/12/24 14:06:42 | 000,000,512 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\OIXQyeSIk6p27r
    [2011/12/24 12:58:47 | 000,000,320 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\~OIXQyeSIk6p27r
    [2011/12/24 12:58:47 | 000,000,224 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\~OIXQyeSIk6p27rr
    [2011/12/23 01:31:13 | 000,000,062 | ---- | M] () -- H:\Documents and Settings\All Users\Application Data\OIXQyeSIk6p27r.lic
    [2011/12/23 01:31:13 | 000,000,062 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\OIXQyeSIk6p27r.lic
    [2011/12/22 23:42:20 | 000,000,320 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\~OIXQyeSIk6p27r
    [2011/12/22 23:42:20 | 000,000,224 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\~OIXQyeSIk6p27rr
    [2011/12/22 23:32:47 | 000,000,512 | ---- | C] () -- H:\Documents and Settings\All Users\Application Data\OIXQyeSIk6p27r
    :Commands
    [createrestorepoint]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sBqDkHtcpJbcHA.exe deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.

Registry value HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:H:\Documents and Settings\p1\Local Settings\Application Data\c817b66f\X deleted successfully.

File \Documents and Settings\p1\Local Settings\Application Data\c817b66f\X) -H:\Documents and Settings\p1\Local Settings\Application Data\c817b66f\X not found.

H:\Documents and Settings\p1\Application Data\Vyah folder moved successfully.

H:\Documents and Settings\p1\Application Data\Qaov folder moved successfully.

H:\Documents and Settings\p1\Local Settings\Application Data\c817b66f\U folder moved successfully.

H:\Documents and Settings\p1\Local Settings\Application Data\c817b66f folder moved successfully.

H:\Documents and Settings\All Users\Application Data\OIXQyeSIk6p27r moved successfully.

H:\Documents and Settings\All Users\Application Data\~OIXQyeSIk6p27r moved successfully.

H:\Documents and Settings\All Users\Application Data\~OIXQyeSIk6p27rr moved successfully.

H:\Documents and Settings\All Users\Application Data\OIXQyeSIk6p27r.lic moved successfully.

File H:\Documents and Settings\All Users\Application Data\OIXQyeSIk6p27r.lic not found.

File H:\Documents and Settings\All Users\Application Data\~OIXQyeSIk6p27r not found.

File H:\Documents and Settings\All Users\Application Data\~OIXQyeSIk6p27rr not found.

File H:\Documents and Settings\All Users\Application Data\OIXQyeSIk6p27r not found.

========== COMMANDS ==========

Error starting restore point: System Restore is disabled.

Error closing restore point: System Restore is disabled.

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 572416 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41044 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41044 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 60546238 bytes

->Flash cache emptied: 6018 bytes

User: p1

->Temp folder emptied: 5118566915 bytes

->Temporary Internet Files folder emptied: 10044279 bytes

->Java cache emptied: 119529899 bytes

->FireFox cache emptied: 87753859 bytes

->Google Chrome cache emptied: 139574790 bytes

->Flash cache emptied: 3428357 bytes

User: Phil

->Temp folder emptied: 588805 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 5014578 bytes

->Flash cache emptied: 624 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 4804088 bytes

%systemroot%\System32 .tmp files removed: 1172480 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 95261915 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 20877862405 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 403527 bytes

Total Files Cleaned = 25,297.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12282011_185546

Files\Folders moved on Reboot...

File\Folder H:\Documents and Settings\p1\Local Settings\Temp\~DF6C66.tmp not found!

File\Folder H:\Documents and Settings\p1\Local Settings\Temp\~DF9520.tmp not found!

File\Folder H:\Documents and Settings\p1\Local Settings\Temp\~DF9F24.tmp not found!

File\Folder H:\Documents and Settings\p1\Local Settings\Temp\~DFDE0B.tmp not found!

File\Folder H:\Documents and Settings\p1\Local Settings\Temp\~DFE275.tmp not found!

File\Folder H:\Documents and Settings\p1\Local Settings\Temporary Internet Files\Content.Word\~WRF0001.tmp not found!

File\Folder H:\Documents and Settings\p1\Local Settings\Temporary Internet Files\Content.Word\~WRS0000.tmp not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.