Locked up my files...and other stuff

[colin0100]

Greetings, and I have great confidence. You people are amazing, just reading through the forums.

Anyway, earlier today I ran the two progs and collected the two files....then somehow mucked up the post. I think I am now clear.

Here goes:

28 June. Avira picked up and quaranted 2 things:

EXP/PIDIEF.AIK.1

EXP/JS.PDFKA.KKK

Damage:

I can not see any files created prior to the attack. Files created after the attack and saved to my thumb drive are OK.

Getting Malwarebytes blocking outgoing traffic to bad site.. 206.(wasn't fast enough to get the full URL )

To get into the internet I use the link in the malwarebytes s/w to the Malwarebytes site and move around from there.

I can get the task bar to display.

PC is not stable, and I need to reboot sometimes when it freezes.

Malwarebytes does not update successfully. Files are those downloaded before the attack: 28 June.

Computer is getting progressivly worse I THINK ....anyway, I am! :-(

Action to date:

Malwarebytes full scan

Ran June 2012 of MRT.exe

CHKDSK repair

MS Defender caught 2 : TR/spy.Zbot.76.13 and 76.14 (persitent: just now caught by Avira and removed 30 June 1130pm)

Ran Dell extended H/w test on main drive

LOaded the original Windows disc in Repair mode (gave me XP sp2)

Looking forward to working with you all

Thanks

Colin

dds.txt

attach.txt

[Maniac]

Hello Colin! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time. My suggestion is to uninstall Avira Free Antivirus and to keep Microsoft Security Essentials.

Also, please uninstall Ask Toolbar.

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• aswMBR log
  
• a new fresh DDS log file

[colin0100]

Thanks:

I disables the ASK toolbar.

I have left Avirs on: Security essentials will not turn on: Error 0x800705b4 time out.

Malwarebytes will not update:

Program Error updating (5,0,MBAMF FileIO:write file.

Downloaded aswWBR Version 0.9.9.1665 but it will not run. Tries to get it going with 'run as' and unchecked that 'security' button: still will not run. Task bar doesn't show any activity under the 'applications' tab.

Here are the logs:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.2180

Run by COLIN at 9:50:22 on 2012-07-01

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1311 [GMT 10:00]

.

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\GEARSec.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL =

hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf

8

uDefault_Search_URL = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program

files\orbitdownloader\orbitcth.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program

files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} -

c:\program files\ask.com\GenericAskToolbar.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program

files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson

web-to-page\EPSON Web-To-Page.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program

files\orbitdownloader\GrabPro.dll

TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} -

c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [EPSON Stylus Photo R230 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIP.EXE

/P30 "EPSON Stylus Photo R230 Series" /O6 "USB002" /M "Stylus Photo R230"

mRun: [NWEReboot]

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe"

/starttray

mRun: [<NO NAME>]

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\colin\startm~1\programs\startup\adobeg~1.lnk - c:\program

files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program

files\orbitdownloader\orbitdm.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckCont

rol.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} -

hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -

hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -

hxxps://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340

975846937

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?114013943

6593

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} -

hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{67C731C6-C643-46BD-8865-2DA9C21374CD} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8FAD4249-41A8-413E-8C32-51D6B0666FB6} : NameServer = 61.8.0.113,210.23.129.34

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program

files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} -

c:\progra~1\wifd1f~1\MpShHook.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2003-6-4 123957]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-19 36000]

R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2003-6-4 46900]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe

[2011-10-19 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe

[2011-10-19 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-19 83392]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe

[2010-12-1 654408]

R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program

files\pcpitstop\PCPitstopScheduleService.exe [2011-11-26 86016]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-29 22344]

S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys

[2012-3-20 171064]

S2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe

[2011-10-19 465360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe

[2009-7-23 133104]

S2 SZASSIST;SecretZone Assist Service;"c:\program files\clarus\samsung

secretzone\szassistsvc.exe" --> c:\program files\clarus\samsung secretzone\SZAssistSVC.exe [?]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 glauiad;D-Link DSL-302G Modem;c:\windows\system32\drivers\glauiad.sys [2006-1-13 29603]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe

[2009-7-23 133104]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it

center\Matsvc.exe [2011-6-13 267568]

S3 mdf16;mdf16;\??\c:\program files\clarus\samsung secretzone\mdf16.sys --> c:\program

files\clarus\samsung secretzone\mdf16.sys [?]

S3 mvd22;mvd22;\??\c:\program files\clarus\samsung secretzone\mvd22.sys --> c:\program

files\clarus\samsung secretzone\mvd22.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]

.

=============== File Associations ===============

.

regfile=regedit.exe "%1" %*

scrfile="%1" %*

.

=============== Created Last 30 ================

.

2012-06-29 12:16:59 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll

2012-06-29 12:15:58 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll

2012-06-29 12:14:59 57856 -c--a-w- c:\windows\system32\dllcache\esuimgd.dll

2012-06-29 12:13:55 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll

2012-06-29 12:09:47 -------- d-s---w- c:\windows\Downloaded Program Files

2012-06-29 12:09:14 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2012-06-29 12:09:14 16384 ----a-w- c:\program files\internet explorer\connection

wizard\isignup.exe

2012-06-29 11:48:43 608594 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-06-29 11:48:25 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2012-06-29 11:48:25 13312 ----a-w- c:\windows\system32\irclass.dll

2012-06-29 11:48:24 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2012-06-29 11:48:24 24661 ----a-w- c:\windows\system32\spxcoins.dll

2012-06-29 11:48:09 13753 ----a-r- c:\windows\SET13F.tmp

2012-06-29 11:48:07 1086058 ----a-r- c:\windows\SET133.tmp

2012-06-29 11:48:05 1042903 ----a-r- c:\windows\SET130.tmp

2012-06-29 09:56:37 -------- d-----w- c:\program files\common files\SpeedMaxPc

2012-06-29 09:56:33 -------- d-----w- c:\program files\SpeedMaxPc

2012-06-29 09:56:33 -------- d-----w- c:\documents and settings\all

users\application data\SpeedMaxPc

2012-06-29 03:06:32 -------- d-----w- c:\windows\system32\MpEngineStore

2012-06-28 12:39:28 6762896 ---h--w- c:\documents and settings\all users\application

data\microsoft\microsoft antimalware\definition

updates\{bf6011fe-02f8-49f5-bc2f-4de76ad67413}\mpengine.dll

2012-06-28 12:35:38 -------- d--h--w- c:\program files\Microsoft Security

Client

2012-06-28 12:28:10 -------- d--h--w- c:\documents and settings\colin\local

settings\application data\FixItCenter

2012-06-26 16:21:10 56200 ---ha-w- c:\documents and settings\all users\application

data\microsoft\windows defender\definition

updates\{ddd32bdf-4f2b-428a-8a02-5ade919ac233}\offreg.dll

2012-06-26 16:17:46 6762896 ---h--w- c:\documents and settings\all users\application

data\microsoft\windows defender\definition

updates\{ddd32bdf-4f2b-428a-8a02-5ade919ac233}\mpengine.dll

2012-06-26 03:59:00 -------- d--h--w- c:\documents and

settings\colin\application data\HandBrake

2012-06-19 09:15:30 17396768 ---ha-w- c:\program files\mpas-fe.exe

.

==================== Find3M ====================

.

2012-06-02 05:19:44 22040 ---ha-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 05:19:38 15384 ---ha-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 05:19:34 15384 ---ha-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 05:19:30 17944 ---ha-w- c:\windows\system32\wuaueng.dll.mui

2012-05-26 06:57:52 73 ---ha-w- c:\windows\system32\ssprs.dll

2012-05-09 03:47:56 83392 ---ha-w- c:\windows\system32\drivers\avgntflt.sys

2012-04-26 07:05:03 87608 ---ha-w- c:\documents and settings\colin\application

data\inst.exe

2012-04-26 07:05:03 47360 ---ha-w- c:\documents and settings\colin\application

data\pcouffin.sys

2012-04-04 05:56:40 22344 ---ha-w- c:\windows\system32\drivers\mbam.sys

2008-12-12 16:07:02 7930904 ---ha-w- c:\program files\dap9.exe

2008-12-09 01:28:00 2167968 ---ha-w- c:\program files\OrbitDownloaderSetup.exe

2008-07-10 09:55:36 383755 ---ha-w- c:\program files\download-VobSub_2.23.exe

2008-06-23 23:31:04 5992404 ---ha-w- c:\program files\Portable GetRight 6.3e.exe

2007-12-05 07:43:01 9347192 ---ha-w- c:\program files\agentenu420-1118.exe

2006-02-27 08:15:14 217329 ---ha-w- c:\program files\gspot221.exe

2006-01-17 06:15:01 20921040 ---ha-w- c:\program files\AdbeRdr705_enu_full.exe

2006-01-17 05:55:18 11477288 ---ha-w- c:\program files\DivXPlay.exe

2005-12-06 02:00:46 74448 ---ha-w- c:\program files\DSETUP.dll

2005-12-06 02:00:46 484560 ---ha-w- c:\program files\DXSETUP.exe

2005-12-06 02:00:46 2247888 ---ha-w- c:\program files\dsetup32.dll

.

============= FINISH: 9:57:35.78 ===============

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.2180

Run by COLIN at 9:50:22 on 2012-07-01

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1311 [GMT 10:00]

.

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\GEARSec.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [EPSON Stylus Photo R230 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB002" /M "Stylus Photo R230"

mRun: [NWEReboot]

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [<NO NAME>]

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\colin\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxps://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340975846937

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140139436593

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{67C731C6-C643-46BD-8865-2DA9C21374CD} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8FAD4249-41A8-413E-8C32-51D6B0666FB6} : NameServer = 61.8.0.113,210.23.129.34

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2003-6-4 123957]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-19 36000]

R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2003-6-4 46900]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-19 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-19 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-19 83392]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-1 654408]

R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-11-26 86016]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-29 22344]

S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

S2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-19 465360]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104]

S2 SZASSIST;SecretZone Assist Service;"c:\program files\clarus\samsung secretzone\szassistsvc.exe" --> c:\program files\clarus\samsung secretzone\SZAssistSVC.exe [?]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 glauiad;D-Link DSL-302G Modem;c:\windows\system32\drivers\glauiad.sys [2006-1-13 29603]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

S3 mdf16;mdf16;\??\c:\program files\clarus\samsung secretzone\mdf16.sys --> c:\program files\clarus\samsung secretzone\mdf16.sys [?]

S3 mvd22;mvd22;\??\c:\program files\clarus\samsung secretzone\mvd22.sys --> c:\program files\clarus\samsung secretzone\mvd22.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

regfile=regedit.exe "%1" %*

scrfile="%1" %*

.

=============== Created Last 30 ================

.

2012-06-29 12:16:59 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll

2012-06-29 12:15:58 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll

2012-06-29 12:14:59 57856 -c--a-w- c:\windows\system32\dllcache\esuimgd.dll

2012-06-29 12:13:55 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll

2012-06-29 12:09:47 -------- d-s---w- c:\windows\Downloaded Program Files

2012-06-29 12:09:14 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2012-06-29 12:09:14 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe

2012-06-29 11:48:43 608594 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2012-06-29 11:48:25 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2012-06-29 11:48:25 13312 ----a-w- c:\windows\system32\irclass.dll

2012-06-29 11:48:24 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2012-06-29 11:48:24 24661 ----a-w- c:\windows\system32\spxcoins.dll

2012-06-29 11:48:09 13753 ----a-r- c:\windows\SET13F.tmp

2012-06-29 11:48:07 1086058 ----a-r- c:\windows\SET133.tmp

2012-06-29 11:48:05 1042903 ----a-r- c:\windows\SET130.tmp

2012-06-29 09:56:37 -------- d-----w- c:\program files\common files\SpeedMaxPc

2012-06-29 09:56:33 -------- d-----w- c:\program files\SpeedMaxPc

2012-06-29 09:56:33 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc

2012-06-29 03:06:32 -------- d-----w- c:\windows\system32\MpEngineStore

2012-06-28 12:39:28 6762896 ---h--w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bf6011fe-02f8-49f5-bc2f-4de76ad67413}\mpengine.dll

2012-06-28 12:35:38 -------- d--h--w- c:\program files\Microsoft Security Client

2012-06-28 12:28:10 -------- d--h--w- c:\documents and settings\colin\local settings\application data\FixItCenter

2012-06-26 16:21:10 56200 ---ha-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{ddd32bdf-4f2b-428a-8a02-5ade919ac233}\offreg.dll

2012-06-26 16:17:46 6762896 ---h--w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{ddd32bdf-4f2b-428a-8a02-5ade919ac233}\mpengine.dll

2012-06-26 03:59:00 -------- d--h--w- c:\documents and settings\colin\application data\HandBrake

2012-06-19 09:15:30 17396768 ---ha-w- c:\program files\mpas-fe.exe

.

==================== Find3M ====================

.

2012-06-02 05:19:44 22040 ---ha-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 05:19:38 15384 ---ha-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 05:19:34 15384 ---ha-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 05:19:30 17944 ---ha-w- c:\windows\system32\wuaueng.dll.mui

2012-05-26 06:57:52 73 ---ha-w- c:\windows\system32\ssprs.dll

2012-05-09 03:47:56 83392 ---ha-w- c:\windows\system32\drivers\avgntflt.sys

2012-04-26 07:05:03 87608 ---ha-w- c:\documents and settings\colin\application data\inst.exe

2012-04-26 07:05:03 47360 ---ha-w- c:\documents and settings\colin\application data\pcouffin.sys

2012-04-04 05:56:40 22344 ---ha-w- c:\windows\system32\drivers\mbam.sys

2008-12-12 16:07:02 7930904 ---ha-w- c:\program files\dap9.exe

2008-12-09 01:28:00 2167968 ---ha-w- c:\program files\OrbitDownloaderSetup.exe

2008-07-10 09:55:36 383755 ---ha-w- c:\program files\download-VobSub_2.23.exe

2008-06-23 23:31:04 5992404 ---ha-w- c:\program files\Portable GetRight 6.3e.exe

2007-12-05 07:43:01 9347192 ---ha-w- c:\program files\agentenu420-1118.exe

2006-02-27 08:15:14 217329 ---ha-w- c:\program files\gspot221.exe

2006-01-17 06:15:01 20921040 ---ha-w- c:\program files\AdbeRdr705_enu_full.exe

2006-01-17 05:55:18 11477288 ---ha-w- c:\program files\DivXPlay.exe

2005-12-06 02:00:46 74448 ---ha-w- c:\program files\DSETUP.dll

2005-12-06 02:00:46 484560 ---ha-w- c:\program files\DXSETUP.exe

2005-12-06 02:00:46 2247888 ---ha-w- c:\program files\dsetup32.dll

.

============= FINISH: 9:57:35.78 ===============

[Maniac]

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[colin0100]

download ok, :t runs, but no resulys 0100 hrs here , must sleep

log id creseated.It's200 hrs here..musy go dleep..thnskj

[Maniac]

Try again in Safe Mode with Networking:

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx

[colin0100]

Maniac,

I was very tired last night.....but today managed to run.Could not get in to 'safe' made. I chose 'safe mode with network' and the screen displayed a lot of lines of data such as:

multi disc partition (2) WINDOWS\system32\drivers\NDIS.sys.

I had to turn the PC off and did a normal boot.

Downloaded the ComboFix again and it ran....took a while...went through I think 50 stages, is now frozen on a message that it is creating a log file.

(Sending this message via another PC.)

It deleted a number of files and a couple of folders.

Maniac, what is next....

Thanks again for your assistance.

Colin

[colin0100]

Maniac, re the message above,

ComboFix is still not doing anything : BUT THE CURSOR is blinking....

Regards

Colin

[Maniac]

Please check for C:\ComboFix.txt and let me know.

[colin0100]

went to my PC...it was frozen, had to turn off/on.

got to C:\ : 2 folders : ComboFix, would not open. Q00box (?) would not open and a file Boot.bak.

That's all I can see on C drive.

[Maniac]

Okay, change the strategy.

Boot in Normal mode and then:

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
    

[colin0100]

On my laptop now

My PC:

On C dri there were 2 folders: ComboFix and Qoobox, no files in these folders. There waa a Book.bak.

Now can not get to the internet in the way I have in the past (via Malwarebytes site.

PC seems to be be frozen..I can log in to my user account, but then nothing respondes.

When I did a tun off/on the Avira did an update.

My PC is getting worse with all this Maniac, whatto do???

Thanmks Colin

[Maniac]

Do you have USB flash drive on hand?

[colin0100]

yes.

[colin0100]

IN ANTICIPATION. WILL DO THIS VIA MY fLASH DRIVE

[Maniac]

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[colin0100]

OTL Extras logfile created on: 2/07/2012 11:54:02 PM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = F:\

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.71% Memory free

3.85 Gb Paging File | 2.69 Gb Available in Paging File | 69.82% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.77 Gb Total Space | 45.54 Gb Free Space | 19.57% Space Free | Partition Type: NTFS

Drive D: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 3.73 Gb Total Space | 3.67 Gb Free Space | 98.43% Space Free | Partition Type: FAT32

Drive G: | 931.51 Gb Total Space | 229.54 Gb Free Space | 24.64% Space Free | Partition Type: NTFS

Drive H: | 931.51 Gb Total Space | 20.95 Gb Free Space | 2.25% Space Free | Partition Type: NTFS

Computer Name: NEW-TOY | User Name: COLIN | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"enablefirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"27649:UDP" = 27649:UDP:*:Disabled:TorrentPort

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"enablefirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Call

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Disabled:Download Accelerator Plus (DAP)

"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Disabled:Ad-Aware

"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost

"C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE" = C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Disabled:SUPERAntiSpyware Alternate Start

"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Disabled:SUPERAntiSpyware Professional

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)

"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}" = iTunes

"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN

"{10F755FD-ED31-4ABF-8720-49A399C52297}" = calibre

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1DF4AC80-F76B-42AE-A263-15D2313D4472}" = EPSON Easy Photo Print

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{22C0B7CF-4BAD-4FD6-9085-FC2E1A6D5861}" = D-Link DSL-302G Ethernet Diagnostics and USB Driver

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK

"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6

"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM

"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition

"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot

"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC

"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57922B53-02D4-4DFC-AC24-A3519DC1F49A}" =

"{5A272FB7-EBCA-4F8C-8FCE-309A430BF3AF}" = ATI Catalyst Control Center

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{62369F2F77534556AEF4C58152E3BDE5}" =

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.4.8.123

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software

"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0

"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT

"{8D538DFC-1E7A-45F0-9C7B-D8B6629CC2DC}" = PowerQuest Drive Image 7.0

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer

"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C8732C3-32DE-4569-9E90-30040D76DABC}" = Navman NavDesk 2008

"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp

"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3BE07E3-73B2-11D4-ABB6-004095009CCE}" = Morph Man 2000 Trial

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht

"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures

"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO

"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0

"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center

"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER

"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU

"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.1.10.208

"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR

"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim

"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7

"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support

"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager

"{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87}" = SpeedMaxPc

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools

"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP

"{F90DA605-4E92-11D4-A319-00104BCAB4AB}" =

"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0

"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD

"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD

"AddressBook" =

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0

"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)

"All ATI Software" = ATI - Software Uninstall Utility

"ATI Display Driver" = ATI Display Driver

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)

"Autodesk Express Viewer" = Autodesk Express Viewer

"Avira AntiVir Desktop" = Avira Free Antivirus

"AviSynth" = AviSynth 2.5

"Branding" =

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem

"Connection Manager" =

"Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07

"Digital Editions" = Adobe Digital Editions

"DirectAnimation" =

"DirectDrawEx" =

"DVD Shrink_is1" = DVD Shrink 3.2

"DXM_Runtime" =

"EPSON Printer and Utilities" = EPSON Printer Software

"ESPR230 User's Guide" = ESPR230 User's Guide

"FLVPlayer" = FLV Player 1.3.3

"Fontcore" =

"Google Desktop" = Google Desktop Search

"Google Updater" = Google Updater

"GSpot" = GSpot Codec Information Appliance

"HijackThis" = HijackThis 2.0.2

"ICW" =

"IE4Data" =

"IE5BAKEX" =

"IEData" =

"ImgBurn" = ImgBurn

"InstallShield Uninstall Information" =

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"Kiran's Typing Tutor_is1" = Kiran's Typing Tutor 1.0

"LHTTSENG" = L&H TTS3000 British English

"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MasterSplitter" = MasterSplitter Program

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Client" = Microsoft Security Essentials

"MobileOptionPack" =

"Monkey's Audio_is1" = Monkey's Audio

"MSI30a-KB884016" =

"MSI30-Beta1" =

"MSI30-Beta2" =

"MSI30-KB884016" =

"MSI30-RC1" =

"MSI30-RC2" =

"MSI31-Beta" =

"MSI31-RC1" =

"MSN Music Assistant" = MSN Music Assistant

"Orbit_is1" = Orbit Downloader

"PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0

"PCHealth" =

"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8

"PROSet" = Intel® PRO Network Connections Drivers

"QuickPar" = QuickPar 0.9

"ScenalyzerLive" = ScenalyzerLive (remove)

"SchedulingAgent" =

"VLC media player" = VLC media player 1.1.11

"VobSub" = VobSub v2.23 (Remove Only)

"Windows Live Safety scanner" = Windows Live Safety scanner

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"WinX Free DVD Ripper_is1" = WinX Free DVD Ripper 4.5.11

"WinZip" = WinZip

"WMCSetup" =

"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

"Zip Repair Pro_is1" = Zip Repair Pro

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 30/06/2012 8:55:53 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting

module mshtml.dll, version 6.0.2900.2180, fault address 0x0005d45f.

Error - 30/06/2012 8:58:34 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting

module mshtml.dll, version 6.0.2900.2180, fault address 0x00107555.

Error - 30/06/2012 8:58:59 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 1/07/2012 10:56:59 AM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting

module mshtml.dll, version 6.0.2900.2180, fault address 0x000d62c1.

Error - 1/07/2012 11:05:56 AM | Computer Name = NEW-TOY | Source = Application Hang | ID = 1002

Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/07/2012 8:40:22 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting

module , version 0.0.0.0, fault address 0x00000000.

Error - 1/07/2012 8:42:31 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting

module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358.

Error - 1/07/2012 8:44:17 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting

module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358.

Error - 1/07/2012 8:45:53 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting

module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358.

Error - 1/07/2012 8:46:58 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting

module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358.

Error - 1/07/2012 8:48:54 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting

module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358.

Error - 1/07/2012 8:58:40 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

[ System Events ]

Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%834 Error Code: 0x8007007f Error description: The specified procedure could not

be found. Reason: %%842

Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x8007007f Error description: The specified procedure could not

be found. Reason: %%842

Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%834 Error Code: 0x8007007f Error description: The specified procedure could not

be found. Reason: %%837

Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x8007007f Error description: The specified procedure could not

be found. Reason: %%837

Error - 2/07/2012 9:43:07 AM | Computer Name = NEW-TOY | Source = Print | ID = 19

Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer

share name Printer.

Error - 2/07/2012 9:43:11 AM | Computer Name = NEW-TOY | Source = NIC1394 | ID = 5002

Description = 1394 Net Adapter : Has determined that the adapter is not functioning

properly.

Error - 2/07/2012 9:43:21 AM | Computer Name = NEW-TOY | Source = Service Control Manager | ID = 7024

Description = The V2i Protector service terminated with service-specific error 2147746132

(0x80040154).

Error - 2/07/2012 9:43:21 AM | Computer Name = NEW-TOY | Source = Service Control Manager | ID = 7001

Description = The Windows Media Player Network Sharing Service service depends on

the Universal Plug and Play Device Host service which failed to start because of

the following error: %%0

Error - 2/07/2012 9:43:32 AM | Computer Name = NEW-TOY | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

MpFilter

Error - 2/07/2012 9:53:08 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.129.601.0 Update Source: %%859 Update Stage:

%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current

Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070005 Error

description: Access is denied.

< End of report >

[colin0100]

nEED DTO GO SLEEP NOW.tHAKS mANIAC, LOVE YOU

[colin0100]

OTL Extras logfile created on: 2/07/2012 11:54:02 PM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = F:\

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.71% Memory free

3.85 Gb Paging File | 2.69 Gb Available in Paging File | 69.82% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.77 Gb Total Space | 45.54 Gb Free Space | 19.57% Space Free | Partition Type: NTFS

Drive D: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 3.73 Gb Total Space | 3.67 Gb Free Space | 98.43% Space Free | Partition Type: FAT32

Drive G: | 931.51 Gb Total Space | 229.54 Gb Free Space | 24.64% Space Free | Partition Type: NTFS

Drive H: | 931.51 Gb Total Space | 20.95 Gb Free Space | 2.25% Space Free | Partition Type: NTFS

Computer Name: NEW-TOY | User Name: COLIN | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"enablefirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"27649:UDP" = 27649:UDP:*:Disabled:TorrentPort

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"enablefirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Call

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Disabled:Download Accelerator Plus (DAP)

"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Disabled:Ad-Aware

"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost

"C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE" = C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Disabled:SUPERAntiSpyware Alternate Start

"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Disabled:SUPERAntiSpyware Professional

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)

"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}" = iTunes

"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN

"{10F755FD-ED31-4ABF-8720-49A399C52297}" = calibre

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1DF4AC80-F76B-42AE-A263-15D2313D4472}" = EPSON Easy Photo Print

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{22C0B7CF-4BAD-4FD6-9085-FC2E1A6D5861}" = D-Link DSL-302G Ethernet Diagnostics and USB Driver

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK

"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6

"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM

"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition

"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot

"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC

"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57922B53-02D4-4DFC-AC24-A3519DC1F49A}" =

"{5A272FB7-EBCA-4F8C-8FCE-309A430BF3AF}" = ATI Catalyst Control Center

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{62369F2F77534556AEF4C58152E3BDE5}" =

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.4.8.123

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software

"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0

"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT

"{8D538DFC-1E7A-45F0-9C7B-D8B6629CC2DC}" = PowerQuest Drive Image 7.0

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer

"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C8732C3-32DE-4569-9E90-30040D76DABC}" = Navman NavDesk 2008

"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp

"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3BE07E3-73B2-11D4-ABB6-004095009CCE}" = Morph Man 2000 Trial

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht

"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures

"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO

"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0

"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center

"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER

"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU

"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.1.10.208

"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR

"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim

"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7

"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support

"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager

"{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87}" = SpeedMaxPc

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}" = mobile PhoneTools

"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP

"{F90DA605-4E92-11D4-A319-00104BCAB4AB}" =

"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0

"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD

"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD

"AddressBook" =

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0

"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)

"All ATI Software" = ATI - Software Uninstall Utility

"ATI Display Driver" = ATI Display Driver

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)

"Autodesk Express Viewer" = Autodesk Express Viewer

"Avira AntiVir Desktop" = Avira Free Antivirus

"AviSynth" = AviSynth 2.5

"Branding" =

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem

"Connection Manager" =

"Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07

"Digital Editions" = Adobe Digital Editions

"DirectAnimation" =

"DirectDrawEx" =

"DVD Shrink_is1" = DVD Shrink 3.2

"DXM_Runtime" =

"EPSON Printer and Utilities" = EPSON Printer Software

"ESPR230 User's Guide" = ESPR230 User's Guide

"FLVPlayer" = FLV Player 1.3.3

"Fontcore" =

"Google Desktop" = Google Desktop Search

"Google Updater" = Google Updater

"GSpot" = GSpot Codec Information Appliance

"HijackThis" = HijackThis 2.0.2

"ICW" =

"IE4Data" =

"IE5BAKEX" =

"IEData" =

"ImgBurn" = ImgBurn

"InstallShield Uninstall Information" =

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"Kiran's Typing Tutor_is1" = Kiran's Typing Tutor 1.0

"LHTTSENG" = L&H TTS3000 British English

"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MasterSplitter" = MasterSplitter Program

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Client" = Microsoft Security Essentials

"MobileOptionPack" =

"Monkey's Audio_is1" = Monkey's Audio

"MSI30a-KB884016" =

"MSI30-Beta1" =

"MSI30-Beta2" =

"MSI30-KB884016" =

"MSI30-RC1" =

"MSI30-RC2" =

"MSI31-Beta" =

"MSI31-RC1" =

"MSN Music Assistant" = MSN Music Assistant

"Orbit_is1" = Orbit Downloader

"PC Pitstop Optimize3_is1" = PC Pitstop Optimize3 3.0

"PCHealth" =

"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8

"PROSet" = Intel® PRO Network Connections Drivers

"QuickPar" = QuickPar 0.9

"ScenalyzerLive" = ScenalyzerLive (remove)

"SchedulingAgent" =

"VLC media player" = VLC media player 1.1.11

"VobSub" = VobSub v2.23 (Remove Only)

"Windows Live Safety scanner" = Windows Live Safety scanner

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"WinX Free DVD Ripper_is1" = WinX Free DVD Ripper 4.5.11

"WinZip" = WinZip

"WMCSetup" =

"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

"Zip Repair Pro_is1" = Zip Repair Pro

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 30/06/2012 8:55:53 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting

module mshtml.dll, version 6.0.2900.2180, fault address 0x0005d45f.

Error - 30/06/2012 8:58:34 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting

module mshtml.dll, version 6.0.2900.2180, fault address 0x00107555.

Error - 30/06/2012 8:58:59 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 1/07/2012 10:56:59 AM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting

module mshtml.dll, version 6.0.2900.2180, fault address 0x000d62c1.

Error - 1/07/2012 11:05:56 AM | Computer Name = NEW-TOY | Source = Application Hang | ID = 1002

Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/07/2012 8:40:22 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting

module , version 0.0.0.0, fault address 0x00000000.

Error - 1/07/2012 8:42:31 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting

module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358.

Error - 1/07/2012 8:44:17 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting

module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358.

Error - 1/07/2012 8:45:53 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting

module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358.

Error - 1/07/2012 8:46:58 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting

module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358.

Error - 1/07/2012 8:48:54 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting

module shlwapi.dll, version 6.0.2900.2180, fault address 0x00007358.

Error - 1/07/2012 8:58:40 PM | Computer Name = NEW-TOY | Source = Application Error | ID = 1000

Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module

dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

[ System Events ]

Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%834 Error Code: 0x8007007f Error description: The specified procedure could not

be found. Reason: %%842

Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x8007007f Error description: The specified procedure could not

be found. Reason: %%842

Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%834 Error Code: 0x8007007f Error description: The specified procedure could not

be found. Reason: %%837

Error - 2/07/2012 9:42:59 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 3002

Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:

%%835 Error Code: 0x8007007f Error description: The specified procedure could not

be found. Reason: %%837

Error - 2/07/2012 9:43:07 AM | Computer Name = NEW-TOY | Source = Print | ID = 19

Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer

share name Printer.

Error - 2/07/2012 9:43:11 AM | Computer Name = NEW-TOY | Source = NIC1394 | ID = 5002

Description = 1394 Net Adapter : Has determined that the adapter is not functioning

properly.

Error - 2/07/2012 9:43:21 AM | Computer Name = NEW-TOY | Source = Service Control Manager | ID = 7024

Description = The V2i Protector service terminated with service-specific error 2147746132

(0x80040154).

Error - 2/07/2012 9:43:21 AM | Computer Name = NEW-TOY | Source = Service Control Manager | ID = 7001

Description = The Windows Media Player Network Sharing Service service depends on

the Universal Plug and Play Device Host service which failed to start because of

the following error: %%0

Error - 2/07/2012 9:43:32 AM | Computer Name = NEW-TOY | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

MpFilter

Error - 2/07/2012 9:53:08 AM | Computer Name = NEW-TOY | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.129.601.0 Update Source: %%859 Update Stage:

%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current

Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80070005 Error

description: Access is denied.

< End of report >

[Maniac]

I did not understand why I only post content Extras.txt . Please continue with my last instructions.

Take your time!

[colin0100]

My PC justed crfased....will connect tomorrow..sleeping now,

Thaks mate....

Need to go to bed.....agan..tomorrow.

regards

Colin

[Maniac]

It's okay.

[colin0100]

I can not get in to 'recovery console'.

Let me explain:

1. Using the original WINDOWS cd:-

WINDOWS setup.

Loads files

SETUP is loading WINDOWS...

I pressed 'R'

WIDOWS XP Home edition setup

Microsoft Recovery Console

Which WINDOWS installation would you like to log onto?

I selected c:\WINDOWS

against the prompt of C:\WINDOWS> I typed 'notepad'

Didn't open.

2. Boot using F8.

WINDOWS Advanced Option Menu

safe mode etc. did not see the menu you referred to ie repair your computer.

I returned to Operating system choices.

Please select operating system to start; I chose:

Microsoft WINDOWS Recovery Console

( There was a note under this prompt that said:-

Do not select this [debugger enabled]

( my first attempt I did not select it because of that....but this time I did.)

Display was:

Starting Windows recovery console

a line of characters appeared along the bottom of the screen and nothing more happened.

Left it like that for about an hour then turned it off.

3. When I boot up normally there is a black box on the screen with a command prompt-

c:\WINDOWS\system32>

(my USB memory stick is drive 'F')

At the command prompt I type 'dir' I get the content ..

'cd' does nothing.

cd f: shows F:\ immediatly followed by c:\WINDOWS\system32>

In the reboot at a command prompt I tried to get to 'F' and it tells me that there is not an 'f'

Similarly it can't see my H and G external hard discs.

In 'my computer' it shows all of my drives and can see the files in 'f' of course.

I have run the tool, but not in the way that you required.

Thanks....I can not get in to 'recovery console'.

Let me explain:

1. Using the original WINDOWS cd:-

WINDOWS setup.

Loads files

SETUP is loading WINDOWS...

I pressed 'R'

WIDOWS XP Home edition setup

Microsoft Recovery Console

Which WINDOWS installation would you like to log onto?

I selected c:\WINDOWS

against the prompt of C:\WINDOWS> I typed 'notepad'

Didn't open.

2. Boot using F8.

WINDOWS Advanced Option Menu

safe mode etc. did not see the menu you referred to ie repair your computer.

I returned to Operating system choices.

Please select operating system to start; I chose:

Microsoft WINDOWS Recovery Console

( There was a note under this prompt that said:-

Do not select this [debugger enabled]

( my first attempt I did not select it because of that....but this time I did.)

Display was:

Starting Windows recovery console

a line of characters appeared along the bottom of the screen and nothing more happened.

Left it like that for about an hour then turned it off.

3. When I boot up normally there is a black box on the screen with a command prompt-

c:\WINDOWS\system32>

(my USB memory stick is drive 'F')

At the command prompt I type 'dir' I get the content ..

'cd' does nothing.

cd f: shows F:\ immediatly followed by c:\WINDOWS\system32>

In the reboot at a command prompt I tried to get to 'F' and it tells me that there is not an 'f'

Similarly it can't see my H and G external hard discs.

In 'my computer' it shows all of my drives and can see the files in 'f' of course.

I have run the tool, but not in the way that you required.

Thanks....

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 01-07-2012

Ran by COLIN at 03-07-2012 11:13:36

Running from F:\

Service Pack 2 (X86) OS Language: English(US)

Attention: Could not load system hive.

Error: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

============ One Month Created Files and Folders ==============

2012-07-03 09:30 - 2012-07-03 11:13 - 00000000 ____D C:\FRST

2012-07-02 10:33 - 2012-07-02 10:33 - 00000000 RASHD C:\cmdcons

2012-07-02 10:33 - 2012-06-29 22:06 - 00000211 ____A C:\Boot.bak

2012-07-02 10:33 - 2004-08-03 23:00 - 00260272 _RASH C:\cmldr

2012-07-02 10:26 - 2011-06-26 16:45 - 00256000 ____A C:\Windows\PEV.exe

2012-07-02 10:26 - 2010-11-08 03:20 - 00208896 ____A C:\Windows\MBR.exe

2012-07-02 10:26 - 2009-04-20 14:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-07-02 10:26 - 2000-08-31 10:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-07-02 10:26 - 2000-08-31 10:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-07-02 10:26 - 2000-08-31 10:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe

2012-07-02 10:26 - 2000-08-31 10:00 - 00098816 ____A C:\Windows\sed.exe

2012-07-02 10:26 - 2000-08-31 10:00 - 00080412 ____A C:\Windows\grep.exe

2012-07-02 10:26 - 2000-08-31 10:00 - 00068096 ____A C:\Windows\zip.exe

2012-07-02 10:25 - 2012-07-02 11:23 - 00000000 ___SD C:\ComboFix

2012-07-02 00:34 - 2012-07-02 00:37 - 00000000 ____D C:\Qoobox

2012-07-02 00:33 - 2012-07-02 00:33 - 00000000 ____D C:\Windows\erdnt

2012-06-30 07:45 - 2012-06-30 07:45 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG

2012-06-30 07:45 - 2012-06-30 07:45 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG

2012-06-30 07:44 - 2012-06-30 07:44 - 00001024 ___AH C:\Windows\System32\config\TempKey.LOG

2012-06-30 07:44 - 2012-06-30 07:44 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG

2012-06-30 07:44 - 2012-06-29 22:12 - 00001024 ___AH C:\Windows\System32\config\userdiff.LOG

2012-06-29 23:19 - 2012-06-29 23:19 - 00001448 ____A C:\Windows\COM+.log

2012-06-29 22:17 - 2004-08-04 22:00 - 00571392 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintlgnt.ime

2012-06-29 22:17 - 2004-08-04 22:00 - 00456704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smtpsvc.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00455168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintsetp.exe

2012-06-29 22:17 - 2004-08-04 22:00 - 00426041 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\voicepad.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00358400 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpincl.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00259072 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpcl.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00236544 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smi2smir.exe

2012-06-29 22:17 - 2004-08-04 22:00 - 00188416 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpsmir.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00185344 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\thawbrkr.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winzm.ime

2012-06-29 22:17 - 2004-08-04 22:00 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winsp.ime

2012-06-29 22:17 - 2004-08-04 22:00 - 00156672 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winpy.ime

2012-06-29 22:17 - 2004-08-04 22:00 - 00143422 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\softkey.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00101376 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\srusbusd.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00086073 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\voicesub.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00079360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winar30.ime

2012-06-29 22:17 - 2004-08-04 22:00 - 00076288 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\uniime.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00069120 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\wingb.ime

2012-06-29 22:17 - 2004-08-04 22:00 - 00065536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\winime.ime

2012-06-29 22:17 - 2004-08-04 22:00 - 00065024 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\unicdime.ime

2012-06-29 22:17 - 2004-08-04 22:00 - 00048256 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\w32.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00044032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tintlphr.exe

2012-06-29 22:17 - 2004-08-04 22:00 - 00041600 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\weitekp9.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00040448 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpthrd.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00038912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm9aw.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00032768 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmp.exe

2012-06-29 22:17 - 2004-08-04 22:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smb6w.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sma3w.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00031232 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\weitekp9.sys

2012-06-29 22:17 - 2004-08-04 22:00 - 00030208 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm87w.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00030208 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm81w.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00029184 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8cw.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00028288 ___AC C:\Windows\System32\dllcache\xjis.nls

2012-06-29 22:17 - 2004-08-04 22:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm93w.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00026624 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm92w.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm90w.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8dw.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm8aw.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm89w.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00025088 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\sm59w.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00021896 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdipx.sys

2012-06-29 22:17 - 2004-08-04 22:00 - 00019464 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdspx.sys

2012-06-29 22:17 - 2004-08-04 22:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smierrsm.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tsprof.exe

2012-06-29 22:17 - 2004-08-04 22:00 - 00013192 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tdasync.sys

2012-06-29 22:17 - 2004-08-04 22:00 - 00010240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tmigrate.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00010240 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpstup.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00008704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmptrap.exe

2012-06-29 22:17 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\snmpmib.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smimsgif.dll

2012-06-29 22:17 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\smierrsy.dll

2012-06-29 22:17 - 2001-08-17 22:36 - 00012288 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_smtpctrs.dll

2012-06-29 22:17 - 2001-08-17 22:36 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_snprfdll.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 01875968 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msir3jp.lex

2012-06-29 22:16 - 2004-08-04 22:00 - 00482304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlgnt.ime

2012-06-29 22:16 - 2004-08-04 22:00 - 00229439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\multibox.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00175104 ___AC C:\Windows\System32\dllcache\pintlcsa.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00131584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxviceo.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00111104 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mtstocom.exe

2012-06-29 22:16 - 2004-08-04 22:00 - 00098304 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\msir3jp.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00092416 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mga.sys

2012-06-29 22:16 - 2004-08-04 22:00 - 00092032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mga.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00083748 ___AC C:\Windows\System32\dllcache\prcp.nls

2012-06-29 22:16 - 2004-08-04 22:00 - 00083748 ___AC C:\Windows\System32\dllcache\prc.nls

2012-06-29 22:16 - 2004-08-04 22:00 - 00079872 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia330.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00079872 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia001.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00079360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\phon.ime

2012-06-29 22:16 - 2004-08-04 22:00 - 00077824 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\quick.ime

2012-06-29 22:16 - 2004-08-04 22:00 - 00070144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlphr.exe

2012-06-29 22:16 - 2004-08-04 22:00 - 00067584 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmigrate.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00053760 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pintlcsd.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00036927 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs411.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00026624 ___AC (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rw330ext.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\romanime.ime

2012-06-29 22:16 - 2004-08-04 22:00 - 00024576 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\rw001ext.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00020736 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ramdisk.sys

2012-06-29 22:16 - 2004-08-04 22:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\simptcp.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\quser.exe

2012-06-29 22:16 - 2004-08-04 22:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs404.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00015360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs804.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00014848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\register.exe

2012-06-29 22:16 - 2004-08-04 22:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\padrs412.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00011264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxmcro.dll

2012-06-29 22:16 - 2004-08-04 22:00 - 00009728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\query.exe

2012-06-29 22:16 - 2004-08-04 22:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\migregdb.exe

2012-06-29 22:16 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\pmxgl.dll

2012-06-29 22:16 - 2001-08-17 22:36 - 00057856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_scripto.dll

2012-06-29 22:16 - 2001-08-17 22:36 - 00038912 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_ntfsdrv.dll

2012-06-29 22:16 - 2001-08-17 22:36 - 00026112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_seos.dll

2012-06-29 22:16 - 2001-08-17 22:36 - 00023040 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_regtrace.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 13463552 ___AC C:\Windows\System32\dllcache\hwxjpn.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 10129408 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hwxkor.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 10096640 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hwxcht.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 01158818 ___AC C:\Windows\System32\dllcache\korwbrkr.lex

2012-06-29 22:15 - 2004-08-04 22:00 - 00811064 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjp81k.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00716856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpcus.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00562176 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsst.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00471102 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imskdic.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00452096 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsapi.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00400384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsxp32.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00397312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxstiff.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00368696 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpcic.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00340023 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjp81.ime

2012-06-29 22:15 - 2004-08-04 22:00 - 00315452 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imskf.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00311359 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imepadsv.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00307257 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdct.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00285184 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscomex.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00274489 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjputyc.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00267776 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxssvc.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00262200 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjputy.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00246272 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxst30.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00233527 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjprw.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00229376 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscover.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00208952 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpmig.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00196665 ___AC C:\Windows\System32\dllcache\imjpinst.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00192512 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxswzrd.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00155705 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdsvr.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00154112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsui.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00143360 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsclnt.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00134339 ___AC C:\Windows\System32\dllcache\imekr.lex

2012-06-29 22:15 - 2004-08-04 22:00 - 00132608 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsclntr.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00111104 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscfgwz.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00108827 ___AC C:\Windows\System32\dllcache\hanja.lex

2012-06-29 22:15 - 2004-08-04 22:00 - 00106496 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrcic.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00102463 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imepadsm.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00102456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imlang.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00101888 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\evntagnt.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00094720 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekr61.ime

2012-06-29 22:15 - 2004-08-04 22:00 - 00092160 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\evntwin.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00086016 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrmbx.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00081976 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdct.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00072192 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxscom.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00070656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\korwbrkr.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00059904 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imkrinst.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00059392 ___AC C:\Windows\System32\dllcache\imscinst.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00057398 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpdadm.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00055296 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsevent.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00047066 ___AC C:\Windows\System32\dllcache\ksc.nls

2012-06-29 22:15 - 2004-08-04 22:00 - 00045109 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imjpuex.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00044032 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\imekrmig.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00039936 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hostmib.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00036864 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\hanjadic.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00035328 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\iprip.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00033792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lmmib2.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00031744 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsroute.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00027136 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsdrv.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00024064 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\evntcmd.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00023552 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsmon.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00023552 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsext32.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00022528 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lpdsvc.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\lprmon.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00018432 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\jupiw.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00014848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\flattemp.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00011264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxssend.exe

2012-06-29 22:15 - 2004-08-04 22:00 - 00009216 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnecat.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00008704 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsperf.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00007680 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnecnt.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdnec95.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdibm02.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00007168 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\f3ahvoas.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdlk41a.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fxsres.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth3.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth2.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdlk41j.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinpun.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdax2.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd106n.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101a.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbd101.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00006144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\ftlx041e.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdvntc.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdusa.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdurdu.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth1.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdth0.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdsyr2.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdsyr1.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdintel.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdintam.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinmar.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinkan.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinhin.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdinguj.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdindev.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdheb.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdfa.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbddiv2.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbddiv1.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbda3.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbda2.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbda1.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005120 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdgeo.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005120 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdarmw.dll

2012-06-29 22:15 - 2004-08-04 22:00 - 00005120 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\kbdarme.dll

2012-06-29 22:15 - 2003-03-24 16:52 - 00094208 ___AC C:\Windows\System32\dllcache\fpencode.dll

2012-06-29 22:15 - 2003-03-24 16:52 - 00024632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpadmcgi.exe

2012-06-29 22:15 - 2003-03-24 16:52 - 00020541 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpadmdll.dll

2012-06-29 22:15 - 2001-08-17 22:36 - 00065536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_mailmsg.dll

2012-06-29 22:15 - 2001-08-17 22:36 - 00043520 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_fcachdll.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 01677824 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chsbrkr.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00838144 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtbrkr.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00480256 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintsetp.exe

2012-06-29 22:14 - 2004-08-04 22:00 - 00331264 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\aqueue.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00218112 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\c_g18030.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00198656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintime.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00195618 ___AC C:\Windows\System32\dllcache\c_10002.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00189986 ___AC C:\Windows\System32\dllcache\c_1361.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00187938 ___AC C:\Windows\System32\dllcache\c_20005.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00186402 ___AC C:\Windows\System32\dllcache\c_20001.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00185378 ___AC C:\Windows\System32\dllcache\c_20003.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00180770 ___AC C:\Windows\System32\dllcache\c_20932.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00180258 ___AC C:\Windows\System32\dllcache\c_20004.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00180258 ___AC C:\Windows\System32\dllcache\c_20000.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00177698 ___AC C:\Windows\System32\dllcache\c_20949.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00177698 ___AC C:\Windows\System32\dllcache\c_10003.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_20936.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_20002.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00173602 ___AC C:\Windows\System32\dllcache\c_10008.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00173568 ___AC C:\Windows\System32\dllcache\chtskf.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00162850 ___AC C:\Windows\System32\dllcache\c_10001.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00097792 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtmbx.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00082172 ___AC C:\Windows\System32\dllcache\bopomofo.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00078848 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\dayi.ime

2012-06-29 22:14 - 2004-08-04 22:00 - 00078336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chajei.ime

2012-06-29 22:14 - 2004-08-04 22:00 - 00066728 ___AC C:\Windows\System32\dllcache\big5.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_864.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_862.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_858.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066594 ___AC C:\Windows\System32\dllcache\c_720.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_870.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_708.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_28596.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_21027.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_21025.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20924.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20880.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20871.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20838.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20833.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20424.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20423.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20420.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20297.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20290.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20285.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20284.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20280.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20278.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20277.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20273.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20269.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20108.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20107.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20106.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_20105.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1149.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1148.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1147.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1146.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1145.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1144.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1143.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1142.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1141.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1140.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_1047.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_10021.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_10005.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00066082 ___AC C:\Windows\System32\dllcache\c_10004.nls

2012-06-29 22:14 - 2004-08-04 22:00 - 00057856 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esuimgd.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00057399 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cplexe.exe

2012-06-29 22:14 - 2004-08-04 22:00 - 00056320 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chtskdic.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00054528 ___AC (Philips Semiconductors GmbH) C:\Windows\System32\dllcache\cap7146.sys

2012-06-29 22:14 - 2004-08-04 22:00 - 00045056 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esunid.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00031744 ___AC (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esucmd.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00025856 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\et4000.sys

2012-06-29 22:14 - 2004-08-04 22:00 - 00021504 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cintlgnt.ime

2012-06-29 22:14 - 2004-08-04 22:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0804.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0412.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0411.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt040d.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0404.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00019456 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\agt0401.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00018944 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cprofile.exe

2012-06-29 22:14 - 2004-08-04 22:00 - 00015872 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chgport.exe

2012-06-29 22:14 - 2004-08-04 22:00 - 00014336 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chgusr.exe

2012-06-29 22:14 - 2004-08-04 22:00 - 00013312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\chglogon.exe

2012-06-29 22:14 - 2004-08-04 22:00 - 00010752 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\c_iscii.dll

2012-06-29 22:14 - 2004-08-04 22:00 - 00009728 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\change.exe

2012-06-29 22:14 - 2004-08-04 22:00 - 00006656 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\c_is2022.dll

2012-06-29 22:14 - 2001-08-17 22:36 - 00045056 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_aqadmin.dll

2012-06-29 22:13 - 2004-05-13 00:39 - 00876653 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4awel.dll

2012-06-29 22:13 - 2004-05-13 00:39 - 00598071 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpmmc.dll

2012-06-29 22:13 - 2004-05-13 00:39 - 00184435 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4amsft.dll

2012-06-29 22:13 - 2003-03-24 16:52 - 00208896 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpmmcsat.dll

2012-06-29 22:13 - 2003-03-24 16:52 - 00188494 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpcount.exe

2012-06-29 22:13 - 2003-03-24 16:52 - 00188480 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\cfgwiz.exe

2012-06-29 22:13 - 2003-03-24 16:52 - 00147513 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4apws.dll

2012-06-29 22:13 - 2003-03-24 16:52 - 00109328 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp98swin.exe

2012-06-29 22:13 - 2003-03-24 16:52 - 00102509 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4atxt.dll

2012-06-29 22:13 - 2003-03-24 16:52 - 00082035 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4anscp.dll

2012-06-29 22:13 - 2003-03-24 16:52 - 00049212 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4awebs.dll

2012-06-29 22:13 - 2003-03-24 16:52 - 00049210 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4areg.dll

2012-06-29 22:13 - 2003-03-24 16:52 - 00041020 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4avnb.dll

2012-06-29 22:13 - 2003-03-24 16:52 - 00032827 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tcptest.exe

2012-06-29 22:13 - 2003-03-24 16:52 - 00032826 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp4avss.dll

2012-06-29 22:13 - 2003-03-24 16:52 - 00020541 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpexedll.dll

2012-06-29 22:13 - 2003-03-24 16:52 - 00020540 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\author.dll

2012-06-29 22:13 - 2003-03-24 16:52 - 00020540 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\admin.dll

2012-06-29 22:13 - 2003-03-24 16:52 - 00020538 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fpremadm.exe

2012-06-29 22:13 - 2003-03-24 16:52 - 00020536 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\shtml.dll

2012-06-29 22:13 - 2003-03-24 16:52 - 00016439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\author.exe

2012-06-29 22:13 - 2003-03-24 16:52 - 00016439 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\admin.exe

2012-06-29 22:13 - 2003-03-24 16:52 - 00016437 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\shtml.exe

2012-06-29 22:13 - 2003-03-24 16:52 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\tcptsat.dll

2012-06-29 22:13 - 2003-03-24 16:52 - 00014608 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\fp98sadm.exe

2012-06-29 22:13 - 2001-08-17 22:36 - 00005632 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_adsiisex.dll

2012-06-29 22:12 - 2012-06-29 22:12 - 00001024 ___AH C:\Windows\System32\config\userdifr.LOG

2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\WindowsShell.Manifest

2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\System32\wuaucpl.cpl.manifest

2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\System32\sapi.cpl.manifest

2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\System32\ncpa.cpl.manifest

2012-06-29 22:09 - 2012-06-29 22:09 - 00000488 __RAH C:\Windows\System32\logonui.exe.manifest

2012-06-29 22:09 - 2004-08-04 22:00 - 00016384 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\isignup.exe

2012-06-29 22:08 - 2012-06-29 22:08 - 00001041 ____A C:\Windows\sessmgr.setup.log

2012-06-29 22:07 - 2012-06-29 22:27 - 00002098 ____A C:\Windows\wmsetup.log

2012-06-29 22:06 - 2012-06-29 22:06 - 00000200 ____A C:\Windows\cmsetacl.log

2012-06-29 21:48 - 2012-06-29 22:32 - 00608594 ____A C:\Windows\System32\PerfStringBackup.TMP

2012-06-29 21:48 - 2012-06-29 22:23 - 00020827 ____A C:\Windows\comsetup.log

2012-06-29 21:48 - 2012-06-29 22:19 - 00011207 ____A C:\Windows\ntdtcsetup.log

2012-06-29 21:48 - 2012-06-29 22:19 - 00009049 ____A C:\Windows\tsoc.log

2012-06-29 21:48 - 2012-06-29 22:19 - 00004382 ____A C:\Windows\imsins.log

2012-06-29 21:48 - 2012-06-29 22:19 - 00000885 ____A C:\Windows\ocmsn.log

2012-06-29 21:48 - 2012-06-29 22:19 - 00000708 ____A C:\Windows\iis6.log

2012-06-29 21:48 - 2012-06-29 22:08 - 00014685 ____A C:\Windows\ocgen.log

2012-06-29 21:48 - 2012-06-29 22:08 - 00014480 ____A C:\Windows\FaxSetup.log

2012-06-29 21:48 - 2012-06-29 22:08 - 00000927 ____A C:\Windows\msgsocm.log

2012-06-29 21:48 - 2012-06-29 22:05 - 00001494 ____A C:\Windows\regopt.log

2012-06-29 21:48 - 2005-03-23 06:48 - 00007710 ___AC C:\Windows\System32\dllcache\OEMBIOS.CAT

2012-06-29 21:48 - 2004-08-04 22:00 - 02012670 ___AC C:\Windows\System32\dllcache\NT5.CAT

2012-06-29 21:48 - 2004-08-04 22:00 - 01086058 ___RA C:\Windows\SET133.tmp

2012-06-29 21:48 - 2004-08-04 22:00 - 01086058 ___AC C:\Windows\System32\dllcache\NTPRINT.CAT

2012-06-29 21:48 - 2004-08-04 22:00 - 01042903 ___RA C:\Windows\SET130.tmp

2012-06-29 21:48 - 2004-08-04 22:00 - 00797189 ___AC C:\Windows\System32\dllcache\NT5IIS.CAT

2012-06-29 21:48 - 2004-08-04 22:00 - 00399645 ___AC C:\Windows\System32\dllcache\MAPIMIG.CAT

2012-06-29 21:48 - 2004-08-04 22:00 - 00382952 ___AC C:\Windows\System32\dllcache\NT5INF.CAT

2012-06-29 21:48 - 2004-08-04 22:00 - 00168806 ___AC C:\Windows\System32\dllcache\startoc.cat

2012-06-29 21:48 - 2004-08-04 22:00 - 00037484 ___AC C:\Windows\System32\dllcache\MW770.CAT

2012-06-29 21:48 - 2004-08-04 22:00 - 00031281 ___AC C:\Windows\System32\dllcache\FP4.CAT

2012-06-29 21:48 - 2004-08-04 22:00 - 00024661 ___AC (Perle Systems Ltd.) C:\Windows\System32\dllcache\spxcoins.dll

2012-06-29 21:48 - 2004-08-04 22:00 - 00024661 ____A (Perle Systems Ltd.) C:\Windows\System32\spxcoins.dll

2012-06-29 21:48 - 2004-08-04 22:00 - 00024209 ___AC C:\Windows\System32\dllcache\msn7.cat

2012-06-29 21:48 - 2004-08-04 22:00 - 00013753 ___RA C:\Windows\SET13F.tmp

2012-06-29 21:48 - 2004-08-04 22:00 - 00013753 ___AC C:\Windows\System32\dllcache\IMS.CAT

2012-06-29 21:48 - 2004-08-04 22:00 - 00013472 ___AC C:\Windows\System32\dllcache\HPCRDP.CAT

2012-06-29 21:48 - 2004-08-04 22:00 - 00013312 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\irclass.dll

2012-06-29 21:48 - 2004-08-04 22:00 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\irclass.dll

2012-06-29 21:48 - 2004-08-04 22:00 - 00011651 ___AC C:\Windows\System32\dllcache\msn9.cat

2012-06-29 21:48 - 2004-08-04 22:00 - 00009581 ___AC C:\Windows\System32\dllcache\MSMSGS.CAT

2012-06-29 21:48 - 2004-08-04 22:00 - 00008574 ___AC C:\Windows\System32\dllcache\IASNT4.CAT

2012-06-29 21:48 - 2004-08-04 22:00 - 00007245 ___AC C:\Windows\System32\dllcache\MSTSWEB.CAT

2012-06-29 21:47 - 2012-07-02 01:09 - 00434792 ____A C:\Windows\setupapi.log

2012-06-29 21:47 - 2012-06-29 22:19 - 00118868 ____A C:\Windows\setupact.log

2012-06-29 21:47 - 2012-06-29 22:09 - 00000520 ____A C:\Windows\setuperr.log

2012-06-29 20:14 - 2012-07-03 11:11 - 00000159 ____A C:\Windows\wiadebug.log

2012-06-29 19:57 - 2012-07-01 18:00 - 00000446 ____A C:\Windows\Tasks\SpeedMaxPc Registration3.job

2012-06-29 19:56 - 2012-07-02 03:39 - 00000382 ____A C:\Windows\Tasks\SpeedMaxPc.job

2012-06-29 19:56 - 2012-06-29 19:56 - 00000404 ____A C:\Windows\Tasks\SpeedMaxPc Update3.job

2012-06-29 19:56 - 2012-06-29 19:56 - 00000000 ____D C:\Program Files\SpeedMaxPc

2012-06-29 19:56 - 2012-06-29 19:56 - 00000000 ____D C:\Program Files\Common Files\SpeedMaxPc

2012-06-29 13:06 - 2012-06-30 12:56 - 00000000 ____D C:\Windows\System32\MpEngineStore

2012-06-29 01:01 - 2012-07-03 10:09 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job

2012-06-28 22:41 - 2012-06-28 22:41 - 00001945 ___AH C:\Windows\epplauncher.mif

2012-06-28 22:35 - 2012-06-28 22:36 - 00000000 ___HD C:\Program Files\Microsoft Security Client

2012-06-28 21:57 - 2012-07-03 11:12 - 00000250 ___AH C:\Windows\Tasks\Command Prompt.job

2012-06-26 13:51 - 2012-06-26 13:51 - 00000000 ___HD C:\Program Files\Microsoft.NET

2012-06-26 13:47 - 2012-06-26 13:47 - 00029635 ___AH C:\Program Files\download.htm

2012-06-19 19:15 - 2012-06-19 19:15 - 17396768 ___AH (Microsoft Corporation) C:\Program Files\mpas-fe.exe

============ 3 Months Modified Files ========================

2012-07-03 11:12 - 2012-06-28 21:57 - 00000250 ___AH C:\Windows\Tasks\Command Prompt.job

2012-07-03 11:12 - 2004-08-04 22:00 - 00002206 ___AH C:\Windows\System32\wpa.dbl

2012-07-03 11:11 - 2012-06-29 20:14 - 00000159 ____A C:\Windows\wiadebug.log

2012-07-03 11:11 - 2010-05-04 13:59 - 00000278 ___AH C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1682526488-682003330-1004.job

2012-07-03 11:11 - 2009-07-23 13:49 - 00000880 ___AH C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-07-03 11:11 - 2006-01-13 14:34 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-03 11:11 - 2006-01-13 14:26 - 00620606 ___AH C:\Windows\WindowsUpdate.log

2012-07-03 11:11 - 2006-01-13 06:14 - 00000048 ___AH C:\Windows\wiaservc.log

2012-07-03 11:06 - 2006-01-13 14:34 - 00032578 ___AH C:\Windows\SchedLgU.Txt

2012-07-03 10:31 - 2006-02-02 16:40 - 00524288 ___AH C:\Windows\System32\config\ACEEvent.evt

2012-07-03 10:10 - 2009-07-23 13:49 - 00000884 ___AH C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-07-03 10:09 - 2012-06-29 01:01 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job

2012-07-03 10:01 - 2011-10-19 09:25 - 00000236 ___AH C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job

2012-07-03 09:22 - 2010-04-14 17:02 - 00000256 ___AH C:\Windows\Tasks\Malwarebytes' Anti-Malware.job

2012-07-02 10:33 - 2006-01-13 06:11 - 00000327 _RASH C:\boot.ini

2012-07-02 03:39 - 2012-06-29 19:56 - 00000382 ____A C:\Windows\Tasks\SpeedMaxPc.job

2012-07-02 01:09 - 2012-06-29 21:47 - 00434792 ____A C:\Windows\setupapi.log

2012-07-01 18:00 - 2012-06-29 19:57 - 00000446 ____A C:\Windows\Tasks\SpeedMaxPc Registration3.job

2012-07-01 00:27 - 2006-01-13 16:58 - 00000143 ___AH C:\Windows\NeroDigital.ini

2012-06-30 07:45 - 2012-06-30 07:45 - 00000000 ___AH C:\Windows\System32\config\software.tmp.LOG

2012-06-30 07:45 - 2012-06-30 07:45 - 00000000 ___AH C:\Windows\System32\config\default.tmp.LOG

2012-06-30 07:45 - 2006-01-13 06:11 - 34340864 ___AH C:\Windows\System32\config\software.sav

2012-06-30 07:45 - 2006-01-13 06:11 - 13893632 ___AH C:\Windows\System32\config\system.sav

2012-06-30 07:45 - 2006-01-13 06:11 - 00339968 ___AH C:\Windows\System32\config\default.sav

2012-06-30 07:45 - 2006-01-13 06:11 - 00262144 ____A C:\Windows\System32\config\userdiff

2012-06-30 07:44 - 2012-06-30 07:44 - 00001024 ___AH C:\Windows\System32\config\TempKey.LOG

2012-06-30 07:44 - 2012-06-30 07:44 - 00000000 ___AH C:\Windows\System32\config\system.tmp.LOG

2012-06-29 23:19 - 2012-06-29 23:19 - 00001448 ____A C:\Windows\COM+.log

2012-06-29 22:32 - 2012-06-29 21:48 - 00608594 ____A C:\Windows\System32\PerfStringBackup.TMP

2012-06-29 22:27 - 2012-06-29 22:07 - 00002098 ____A C:\Windows\wmsetup.log

2012-06-29 22:23 - 2012-06-29 21:48 - 00020827 ____A C:\Windows\comsetup.log

2012-06-29 22:20 - 2006-01-13 06:12 - 00224024 ___AH C:\Windows\System32\FNTCACHE.DAT

2012-06-29 22:19 - 2012-06-29 21:48 - 00011207 ____A C:\Windows\ntdtcsetup.log

2012-06-29 22:19 - 2012-06-29 21:48 - 00009049 ____A C:\Windows\tsoc.log

2012-06-29 22:19 - 2012-06-29 21:48 - 00004382 ____A C:\Windows\imsins.log

2012-06-29 22:19 - 2012-06-29 21:48 - 00000885 ____A C:\Windows\ocmsn.log

2012-06-29 22:19 - 2012-06-29 21:48 - 00000708 ____A C:\Windows\iis6.log

2012-06-29 22:19 - 2012-06-29 21:47 - 00118868 ____A C:\Windows\setupact.log

2012-06-29 22:12 - 2012-06-30 07:44 - 00001024 ___AH C:\Windows\System32\config\userdiff.LOG

2012-06-29 22:12 - 2012-06-29 22:12 - 00001024 ___AH C:\Windows\System32\config\userdifr.LOG

2012-06-29 22:12 - 2009-12-07 22:11 - 00262144 ___AH C:\Windows\System32\config\userdifr

2012-06-29 22:12 - 2006-01-13 14:27 - 00316640 ____A C:\Windows\WMSysPr9.prx

2012-06-29 22:12 - 2006-01-13 14:27 - 00023392 ____A C:\Windows\System32\nscompat.tlb

2012-06-29 22:12 - 2006-01-13 14:27 - 00016832 ____A C:\Windows\System32\amcompat.tlb

2012-06-29 22:11 - 2006-01-13 06:13 - 00004161 ___AH C:\Windows\ODBCINST.INI

2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\WindowsShell.Manifest

2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\System32\wuaucpl.cpl.manifest

2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\System32\sapi.cpl.manifest

2012-06-29 22:09 - 2012-06-29 22:09 - 00000749 __RAH C:\Windows\System32\ncpa.cpl.manifest

2012-06-29 22:09 - 2012-06-29 22:09 - 00000488 __RAH C:\Windows\System32\logonui.exe.manifest

2012-06-29 22:09 - 2012-06-29 21:47 - 00000520 ____A C:\Windows\setuperr.log

2012-06-29 22:09 - 2006-01-13 14:27 - 00000488 __RAH C:\Windows\System32\WindowsLogon.manifest

2012-06-29 22:09 - 2006-01-13 14:26 - 00000749 __RAH C:\Windows\System32\nwc.cpl.manifest

2012-06-29 22:09 - 2006-01-13 14:26 - 00000749 __RAH C:\Windows\System32\cdplayer.exe.manifest

2012-06-29 22:09 - 2004-08-04 22:00 - 00000686 ___AH C:\Windows\win.ini

2012-06-29 22:08 - 2012-06-29 22:08 - 00001041 ____A C:\Windows\sessmgr.setup.log

2012-06-29 22:08 - 2012-06-29 21:48 - 00014685 ____A C:\Windows\ocgen.log

2012-06-29 22:08 - 2012-06-29 21:48 - 00014480 ____A C:\Windows\FaxSetup.log

2012-06-29 22:08 - 2012-06-29 21:48 - 00000927 ____A C:\Windows\msgsocm.log

2012-06-29 22:08 - 2006-01-13 14:25 - 00023392 ___AH C:\Windows\System32\emptyregdb.dat

2012-06-29 22:06 - 2012-07-02 10:33 - 00000211 ____A C:\Boot.bak

2012-06-29 22:06 - 2012-06-29 22:06 - 00000200 ____A C:\Windows\cmsetacl.log

2012-06-29 22:05 - 2012-06-29 21:48 - 00001494 ____A C:\Windows\regopt.log

2012-06-29 21:48 - 2004-08-04 22:00 - 00000231 ___AH C:\Windows\system.ini

2012-06-29 21:23 - 2006-01-13 06:12 - 00081920 ____A C:\Windows\System32\config\security.sav

2012-06-29 19:56 - 2012-06-29 19:56 - 00000404 ____A C:\Windows\Tasks\SpeedMaxPc Update3.job

2012-06-28 22:45 - 2011-12-12 14:18 - 00065536 ___AH C:\Windows\System32\config\WindowsPowerShell.evt

2012-06-28 22:41 - 2012-06-28 22:41 - 00001945 ___AH C:\Windows\epplauncher.mif

2012-06-27 10:10 - 2010-05-04 13:59 - 00000286 ___AH C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1682526488-682003330-1004.job

2012-06-26 16:35 - 2006-01-13 06:13 - 00605756 ___AH C:\Windows\System32\PerfStringBackup.INI

2012-06-26 13:47 - 2012-06-26 13:47 - 00029635 ___AH C:\Program Files\download.htm

2012-06-19 22:25 - 2007-05-01 14:51 - 00007680 __ASH C:\Windows\Thumbs.db

2012-06-19 19:15 - 2012-06-19 19:15 - 17396768 ___AH (Microsoft Corporation) C:\Program Files\mpas-fe.exe

2012-06-04 17:35 - 2006-01-13 14:26 - 00210968 ____A (Microsoft Corporation) C:\Windows\System32\wuweb.dll

2012-06-03 23:35 - 2006-01-14 13:01 - 56731752 ___AH (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-06-02 15:19 - 2009-08-06 18:24 - 00022040 ___AH (Microsoft Corporation) C:\Windows\System32\wucltui.dll.mui

2012-06-02 15:19 - 2009-08-06 18:24 - 00017944 ___AH (Microsoft Corporation) C:\Windows\System32\wuaueng.dll.mui

2012-06-02 15:19 - 2009-08-06 18:24 - 00015384 ___AH (Microsoft Corporation) C:\Windows\System32\wuaucpl.cpl.mui

2012-06-02 15:19 - 2009-08-06 18:24 - 00015384 ___AH (Microsoft Corporation) C:\Windows\System32\wuapi.dll.mui

2012-06-02 15:19 - 2005-05-26 22:16 - 00045080 ___AH (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-05-26 16:57 - 2009-04-22 18:30 - 00000087 ___AH C:\Windows\System32\ssprs.tgz

2012-05-12 00:42 - 2006-10-27 14:09 - 00629760 ___AH (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-05-12 00:42 - 2006-10-27 14:09 - 00055296 ___AH (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2012-05-12 00:42 - 2006-10-17 11:57 - 02000384 ___AH (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-05-11 20:12 - 2006-10-27 14:09 - 11111424 ___AH (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-05-09 13:47 - 2011-10-19 09:24 - 00137928 ___AH (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys

2012-05-09 13:47 - 2011-10-19 09:24 - 00083392 ___AH (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys

2012-04-24 20:56 - 2007-04-07 13:24 - 00001024 ___AH C:\EPSONCD.Pal

2012-04-24 20:56 - 2007-04-07 13:24 - 00000071 ___AH C:\Windows\EPSONCD.INI

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe

[2004-08-04 22:00] - [2004-08-04 22:00] - 1032192 ____A (Microsoft Corporation) A0732187050030AE399B241436565E64

C:\Windows\System32\winlogon.exe

[2004-08-04 22:00] - [2004-08-04 22:00] - 0502272 ____A (Microsoft Corporation) 01C3346C241652F43AED8E2149881BFE

C:\Windows\System32\svchost.exe

[2004-08-04 22:00] - [2004-08-04 22:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\Windows\System32\services.exe

[2004-08-04 22:00] - [2004-08-04 22:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4

C:\Windows\System32\User32.dll

[2004-08-04 22:00] - [2004-08-04 22:00] - 0577024 ____A (Microsoft Corporation) C72661F8552ACE7C5C85E16A3CF505C4

C:\Windows\System32\userinit.exe

[2004-08-04 22:00] - [2004-08-04 22:00] - 0024576 ____A (Microsoft Corporation) 39B1FFB03C2296323832ACBAE50D2AFF

C:\Windows\System32\Drivers\volsnap.sys

[2004-08-04 22:00] - [2004-08-04 22:00] - 0052352 ____A (Microsoft Corporation) EE4660083DEBA849FF6C485D944B379B

==================== Restore Points (XP) =====================

RP: -> 2012-07-03 06:07 - 028672 _restore{9B8F6BCF-36EC-4666-912B-D443AA50D4E1}\RP4

RP: -> 2012-07-01 23:30 - 028672 _restore{9B8F6BCF-36EC-4666-912B-D443AA50D4E1}\RP3

RP: -> 2012-06-30 22:51 - 028672 _restore{9B8F6BCF-36EC-4666-912B-D443AA50D4E1}\RP2

RP: -> 2012-06-29 22:27 - 028672 _restore{9B8F6BCF-36EC-4666-912B-D443AA50D4E1}\RP1

========================= Memory info ======================

Percentage of memory in use: 41%

Total physical RAM: 2046.09 MB

Available physical RAM: 1187.21 MB

Total Pagefile: 3937.94 MB

Available Pagefile: 3145.06 MB

Total Virtual: 2047.88 MB

Available Virtual: 2004.46 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.77 GB) (Free:45.54 GB) NTFS ==>[Drive with boot components (Windows XP)]

4 Drive f: () (Removable) (Total:3.73 GB) (Free:3.67 GB) FAT32

5 Drive g: (MOVIES) (Fixed) (Total:931.51 GB) (Free:229.63 GB) NTFS

6 Drive h: (FROM MARK 1 TB) (Fixed) (Total:931.51 GB) (Free:20.95 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 233 GB 0 B

Disk 1 Online 932 GB 0 B

Disk 2 Online 932 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 47 MB 32 KB

Partition 2 Primary 233 GB 47 MB

Partition 3 Unknown 16 MB 233 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 233 GB Healthy Boot

==================================================================================

Disk: 0

Partition 3

Type : 17 (Suspicious Type)

Hidden: Yes

Active: Yes

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 932 GB 32 KB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 G MOVIES NTFS Partition 932 GB Healthy

==================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 932 GB 1024 KB

==================================================================================

Disk: 2

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 H FROM MARK 1 NTFS Partition 932 GB Healthy

==================================================================================

======================= End Of Log ==========================

[Maniac]

Thanks!

Please delete the OTL, get a new copy and generate new log files, where you (in Normal or Safe mode). Then post them in your next reply.

[colin0100]

Will do as you request...in the meantime this may be of interest

MANIAC, MANY THANKS FOR YOUR HELP SO FAR. I AM REALLY TRYING.

4.50 pm my time.

ran a quick scan with Malwarebytes.

Found pup.bundleinstaller.iq and removed it.

Then ran Avira and it found 2 hidden objects which I couldn't do anything about.

I noticed that my desktop had 2 icons on it that were a bit atrange.

1. mplayer_installer_1922

Properties:

1.47MB

Digital signatures W3i.LLC

Right click to scan with Malwarebytes and nothing happened

Right click on the icon to scan with Avira-

0 Scanned directories

6 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 Files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

6 Files not concerned

3 Archives were scanned

0 Warnings

0 Notes

2. I THEN DID A COMPLETE SCAN WITH AVIRA

14415 Scanned directories

289335 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 Files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

289335 Files not concerned

1722 Archives were scanned

135 Warnings

2 Notes

434332 Objects were scanned with rootkit scan

2 Hidden objects were found

3. router_land.php-tracking=ga18banner=6.2

1167 bytes................

Right click to scan with Malwarebytes: nothing happened

Right click on the icon and scanned with Avira

0 Scanned directories

3 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 Files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

3 Files not concerned

0 Archives were scanned

0 Warnings

0 Notes

======================================

Should I delete these???

Under control panel they are not in the list of progs (add and remove programs option)