Jump to content

stevie12

Members
 View Profile  See their activity

  • Posts

    18

  • Joined

  • Last visited

Tech Info

  • Experience
    beginner
  • System: windows_xp_home

stevie12's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. stevie12
    Hi, my pc's been slow for a while now but it seems to be getting worse. startup is very slow when trying to get onto the internet and very slow surfing the net at times. sometimes pc also freezes and constantly have to send error reports. please help tech guys Stevie ps- i'm an absolute beginner!
  2. stevie12
    Hi Starbuck, did the above with OTL see below:- However the italian website is still blocking the betting sites- sometimes bf can get on to paddy power but ost of time cannot All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 18768 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: rachel ->Temp folder emptied: 739832 bytes ->Temporary Internet Files folder emptied: 5011705 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 456 bytes User: TRAINER 3 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes
  3. stevie12
    Hi Starbuck, The problem with italian website still occuring. the main betting site my bf goes on is paddy power but i expect the block is covering all betting sites. thanks
  4. stevie12
    All processes killed ========== OTL ========== Error: No service named NSL was found to stop! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NSL deleted successfully. File File not found not found. Error: No service named 0118341309337175mcinstcleanup) McAfee Application Installer Cleanup (0118341309337175 was found to stop! Service\Driver key 0118341309337175mcinstcleanup) McAfee Application Installer Cleanup (0118341309337175 not found. File File not found not found. File C:\Documents and Settings\rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1901_0\plugins/avgnpss.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{31c7d459-9cc3-44f2-9dca-fc11795309b4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31C7D459-9CC3-44F2-9DCA-FC11795309B4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31C7D459-9CC3-44F2-9DCA-FC11795309B4}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PosService deleted successfully. Starting removal of ActiveX control {32C3FEAE-0877-4767-8C20-62A5829A0945} C:\WINDOWS\Downloaded Program Files\axfbootloader.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. C:\Documents and Settings\rachel\Application Data\AVG\PC Tuneup folder moved successfully. C:\Documents and Settings\rachel\Application Data\AVG folder moved successfully. C:\Documents and Settings\rachel\Application Data\IObit\Common folder moved successfully. C:\Documents and Settings\rachel\Application Data\IObit folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\Conduit folder moved successfully. C:\Program Files\Conduit\Community Alerts folder moved successfully. C:\Program Files\Conduit folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\UserDefinedItems folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\SearchInNewTab folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Repository\conduit_CT2384137_en\ToolbarTranslation folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Repository\conduit_CT2384137_en folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Repository\conduit_CT2384137_CT2384137\ToolbarSettings folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Repository\conduit_CT2384137_CT2384137\ToolbarLogin folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Repository\conduit_CT2384137_CT2384137\DynamicDialogs folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Repository\conduit_CT2384137_CT2384137\AppsMetaData folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Repository\conduit_CT2384137_CT2384137 folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Repository folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\RadioPlayer folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\MyStuffComponents folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\MyStuffApps folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Logs folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\ExternalComponent folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\EmailNotifier folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\UntrustedAppPendingDialog folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\UntrustedAppApprovalDialog folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\UntrustedAddedAppDialog folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\UninstallDialog folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\ToolbarFirstTimeDialog folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\SearchProtectorDialog\Images folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\SearchProtectorDialog folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\SearchProtectorBubbleDialog folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\NewSearchProtectorDialog\images folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\NewSearchProtectorDialog folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\EngineFirstTimeDialog folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\DetectedAppDialog folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\DefualtImages folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs\AddedAppDialog folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\Dialogs folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom\CacheIcons folder moved successfully. C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom folder moved successfully. Folder C:\Documents and Settings\rachel\Application Data\IObit\ not found. C:\Program Files\AVG\AVG2012\awacs\speedtest\component folder moved successfully. C:\Program Files\AVG\AVG2012\awacs\speedtest folder moved successfully. C:\Program Files\AVG\AVG2012\awacs folder moved successfully. C:\Program Files\AVG\AVG2012 folder moved successfully. C:\Program Files\AVG folder moved successfully. C:\WINDOWS\System32\ZoneLabs\Updates folder moved successfully. C:\WINDOWS\System32\ZoneLabs\lib\pyd folder moved successfully. C:\WINDOWS\System32\ZoneLabs\lib folder moved successfully. C:\WINDOWS\System32\ZoneLabs folder moved successfully. C:\WINDOWS\Internet Logs folder moved successfully. C:\Program Files\ZoneAlarmBackup\ZoneAlarmBackupstevie\ZoneAlarmBackupLog folder moved successfully. C:\Program Files\ZoneAlarmBackup\ZoneAlarmBackupstevie\TempCom folder moved successfully. C:\Program Files\ZoneAlarmBackup\ZoneAlarmBackupstevie\Session folder moved successfully. C:\Program Files\ZoneAlarmBackup\ZoneAlarmBackupstevie\Log folder moved successfully. C:\Program Files\ZoneAlarmBackup\ZoneAlarmBackupstevie folder moved successfully. C:\Program Files\ZoneAlarmBackup\ZoneAlarmBackuprachel\Log folder moved successfully. C:\Program Files\ZoneAlarmBackup\ZoneAlarmBackuprachel folder moved successfully. C:\Program Files\ZoneAlarmBackup\ZoneAlarmBackup(3) folder moved successfully. C:\Program Files\ZoneAlarmBackup\ZoneAlarmBackup(2) folder moved successfully. C:\Program Files\ZoneAlarmBackup\images folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Program Files\Microsoft SQL Server\MSSQL.1 folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Program Files\Microsoft SQL Server folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Program Files folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Local Settings\Temp\IswTmp\Logs folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Local Settings\Temp\IswTmp folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Local Settings\Temp folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Local Settings\Application Data\Trusteer\Rapport\user\logs folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Local Settings\Application Data\Trusteer\Rapport\user folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Local Settings\Application Data\Trusteer\Rapport folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Local Settings\Application Data\Trusteer folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Local Settings\Application Data\Microsoft\Internet Explorer folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Local Settings\Application Data\Microsoft folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Local Settings\Application Data\AskToolbar folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Local Settings\Application Data folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Local Settings folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Application Data\CheckPoint\ZoneAlarm Toolbar folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Application Data\CheckPoint folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3\Application Data folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\TRAINER 3 folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\NETWOR~1\LOCALS~1\Temp\IswTmp\Logs folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\NETWOR~1\LOCALS~1\Temp\IswTmp folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\NETWOR~1\LOCALS~1\Temp folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\NETWOR~1\LOCALS~1 folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\NETWOR~1 folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\NetworkService\Local Settings\History\History.IE5 folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\NetworkService\Local Settings\History folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\NetworkService\Local Settings folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\NetworkService\Cookies folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\NetworkService folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Dell\UCM folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Dell folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Trusteer\Rapport\logs folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Trusteer\Rapport folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Trusteer folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\IswTmp\Logs folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\IswTmp folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Search\Data folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Search folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\Microsoft folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\AVG2012\log folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\AVG2012\Chjw\f27a58037a57c2d1 folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\AVG2012\Chjw folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data\AVG2012 folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users\Application Data folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings\All Users folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C\Documents and Settings folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int\C folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP\Int folder moved successfully. C:\Program Files\ZoneAlarmBackup\IBVSSTEMP folder moved successfully. C:\Program Files\ZoneAlarmBackup\animation folder moved successfully. C:\Program Files\ZoneAlarmBackup folder moved successfully. C:\Program Files\ZoneAlarm_Security folder moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AESTFltr\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AVG_TRAY\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ChangeTPMAuth\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\EmbassySecurityCheck\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PosService\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\vProt\ deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:E5BA9ADD deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:48D3CC24 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:E14FA16F deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:4A906D4A deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:3EC5BC08 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:0696EC8E deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:02F30776 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:FB647F34 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:831C6B2D deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:EF0C5444 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:8FDE078B deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:8556124B deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:6DC537DB deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:9BB8C675 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:A819A132 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:491270B8 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D6B89CE deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:3969ACF7 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:2899566E deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:1234ADAE deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:46283136 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:E732B44B deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:C37283B5 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:18DEBC51 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:16F4BC64 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:F3591DDB deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:BF640EE5 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:4D551822 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:E6708F08 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA0017FD deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:9F3CEEE6 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:05F547A9 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:E6C6EB3B deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:A4AF8D0D deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:2F8138B7 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:147A3409 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:A88BE334 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:EBCF5924 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:A9056F42 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:A42FABF7 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:2AE74FF9 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:AAA06E15 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:E6EC5C2A deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:DE875C30 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:B54E4B5A deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:90C320E1 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:87A3A233 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:E40D7F76 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:B4F0E275 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:D999FFD5 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:BD8010FE deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:5E8C18F1 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:5E413CD6 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:F5D01D7C deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:CAC06C34 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:59465B40 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:206470A5 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:C30487EE deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:63210866 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:3086B95F deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:D93FCBB6 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:B139DDF3 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:D576A536 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E8117B1 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:B6E6C4EA deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:32A82570 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:E0888117 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:C7F08EA3 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:AECF4772 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:041C0562 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:09064307 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:ADFAD95A deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:33B04540 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:512E1728 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:0DE96CF5 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:BD34FFC5 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:3DB6F365 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72 deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:E690114B deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\rachel\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\rachel\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 4481452 bytes ->Temporary Internet Files folder emptied: 283479 bytes ->Google Chrome cache emptied: 856432 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 86738 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: rachel ->Temp folder emptied: 10764953 bytes ->Temporary Internet Files folder emptied: 85887185 bytes ->Java cache emptied: 5928 bytes ->Google Chrome cache emptied: 74924896 bytes ->Flash cache emptied: 3254 bytes User: TRAINER 3 ->Temp folder emptied: 1328 bytes ->Temporary Internet Files folder emptied: 508834 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 7771958 bytes ->Flash cache emptied: 470 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 56769 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12331 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 76793015 bytes Total Files Cleaned = 250.00 mb Error: Unable to interpret <[RESETHOSTS]Return to OTL, > in the current context! OTL by OldTimer - Version 3.2.31.0 log created on 01122012_213849 Files\Folders moved on Reboot... C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_ba4.dat moved successfully. File\Folder C:\Documents and Settings\rachel\Local Settings\Temp\tmp171.tmp not found! File\Folder C:\Documents and Settings\rachel\Local Settings\Temp\~DF7AB0.tmp not found! File\Folder C:\Documents and Settings\rachel\Local Settings\Temp\~DF7ADD.tmp not found! File\Folder C:\Documents and Settings\rachel\Local Settings\Temp\~DF7B6A.tmp not found! File\Folder C:\Documents and Settings\rachel\Local Settings\Temp\~DF7B82.tmp not found! File\Folder C:\Documents and Settings\rachel\Local Settings\Temp\~DF7CD4.tmp not found! File\Folder C:\Documents and Settings\rachel\Local Settings\Temp\~DF7CF9.tmp not found! C:\Documents and Settings\rachel\Local Settings\Temporary Internet Files\Content.IE5\KX3SC6QG\ads[4].htm moved successfully. C:\Documents and Settings\rachel\Local Settings\Temporary Internet Files\Content.IE5\8F5QAE9D\ads[2].htm moved successfully. C:\Documents and Settings\rachel\Local Settings\Temporary Internet Files\Content.IE5\08DG2Y84\12941-italian-ip-address-keeps-blocking-certain-websites-how-do-u-remove-it[1].htm moved successfully. Registry entries deleted on Reboot...
  5. stevie12
    Hi Starbuck, i did download combofix and tdsskiller but never kept the reports- thought i could try and remove this site myself but cannot :( otl extras txt below- thanks:- OTL Extras logfile created on: 12/01/2012 19:14:28 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\rachel\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.96 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 65.43% Memory free 3.76 Gb Paging File | 3.08 Gb Available in Paging File | 81.79% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.68 Gb Total Space | 88.34 Gb Free Space | 79.10% Space Free | Partition Type: NTFS Computer Name: FSN3 | User Name: rachel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer "C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1" = PowerOffer 2.0 "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data "{173497F1-F291-4AA7-943E-61CB9378771D}" = SO32MMWrapper "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 30 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager "{41573DB1-9DAA-43C7-BCBC-49696A648079}" = Dell ControlPoint Connection Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{5D2CF9D0-113A-476B-986F-288B54571614}" = DevalVR plugin for Internet Explorer (remove) "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{62F29D1C-D526-40F4-B4D0-840F043C2CC1}" = Dell ControlPoint System Manager "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6705BBE4-4664-40C6-9C1B-0330FA300A5C}" = DCP32MMWrapper "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7BB045C3-D5E4-4620-B536-DC11AACD5942}" = Broadcom Management Programs "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8B1F8092-9D84-459B-88EA-0BE882AC915E}" = UPEK TouchChip Fingerprint Reader "{8CB7F4E6-73AE-4D8F-86A2-EAE39CE72FD1}" = Intel® PROSet/Wireless WiFi API "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8E1E6C75-D67B-48B0-B539-EDCA99C29C9E}" = Dell Control Point "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch "{9AE41AF3-FAD1-4A34-8976-747FDC19FE08}" = Intel® PROSet/Wireless WiFi Driver "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A23C3636-4F99-4A34-972C-F395E85DFEC0}" = Wave Infrastructure Installer "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack "{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync "{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}" = AuthenTec Fingerprint System "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack "66E7D038E1F9BEA2EBDF90804718442328FF88DA" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (06/12/2008 8.1.0.51) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DivX Setup" = DivX Setup "Google Chrome" = Google Chrome "HDMI" = Intel® Graphics Media Accelerator Driver "ie8" = Windows Internet Explorer 8 "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "IObitCom Toolbar" = IObitCom Toolbar "Marmite Screensaver" = Marmite Screensaver "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "Nero - Burning Rom!UninstallKey" = Nero OEM "NSS" = Norton Security Scan "ProInst" = Intel PROSet Wireless "Rapport_msi" = Rapport "RealPlayer 15.0" = RealPlayer "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Software Update" = Yahoo! Software Update ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/01/2012 05:16:33 | Computer Name = FSN3 | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 11/01/2012 05:16:43 | Computer Name = FSN3 | Source = PowerOffer Service | ID = 0 Description = Service cannot be started. System.ArgumentException: No value exists with that name. at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource) at Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue) at Microsoft.Win32.RegistryKey.DeleteValue(String name) at PowerOfferService.Helper.RegistryHelper.SetRunRegistry() at PowerOfferService.Service1.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 11/01/2012 05:16:48 | Computer Name = FSN3 | Source = PowerOffer Upd Service | ID = 0 Description = Service cannot be started. The handle is invalid Error - 11/01/2012 06:33:11 | Computer Name = FSN3 | Source = MSSQL$MSSMLBIZ | ID = 8313 Description = Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled. Error - 11/01/2012 06:33:11 | Computer Name = FSN3 | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 11/01/2012 06:33:14 | Computer Name = FSN3 | Source = PowerOffer Service | ID = 0 Description = Service cannot be started. System.ArgumentException: No value exists with that name. at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource) at Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue) at Microsoft.Win32.RegistryKey.DeleteValue(String name) at PowerOfferService.Helper.RegistryHelper.SetRunRegistry() at PowerOfferService.Service1.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 11/01/2012 16:15:47 | Computer Name = FSN3 | Source = MSSQLServerADHelper | ID = 100 Description = '0' is an invalid number of start up parameters. This service takes two start up parameters. Error - 11/01/2012 16:15:47 | Computer Name = FSN3 | Source = MSSQL$MSSMLBIZ | ID = 8313 Description = Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled. Error - 11/01/2012 16:15:47 | Computer Name = FSN3 | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 11/01/2012 16:16:03 | Computer Name = FSN3 | Source = PowerOffer Service | ID = 0 Description = Service cannot be started. System.ArgumentException: No value exists with that name. at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource) at Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue) at Microsoft.Win32.RegistryKey.DeleteValue(String name) at PowerOfferService.Helper.RegistryHelper.SetRunRegistry() at PowerOfferService.Service1.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) [ Application Events ] Error - 11/01/2012 05:16:33 | Computer Name = FSN3 | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 11/01/2012 05:16:43 | Computer Name = FSN3 | Source = PowerOffer Service | ID = 0 Description = Service cannot be started. System.ArgumentException: No value exists with that name. at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource) at Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue) at Microsoft.Win32.RegistryKey.DeleteValue(String name) at PowerOfferService.Helper.RegistryHelper.SetRunRegistry() at PowerOfferService.Service1.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 11/01/2012 05:16:48 | Computer Name = FSN3 | Source = PowerOffer Upd Service | ID = 0 Description = Service cannot be started. The handle is invalid Error - 11/01/2012 06:33:11 | Computer Name = FSN3 | Source = MSSQL$MSSMLBIZ | ID = 8313 Description = Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled. Error - 11/01/2012 06:33:11 | Computer Name = FSN3 | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 11/01/2012 06:33:14 | Computer Name = FSN3 | Source = PowerOffer Service | ID = 0 Description = Service cannot be started. System.ArgumentException: No value exists with that name. at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource) at Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue) at Microsoft.Win32.RegistryKey.DeleteValue(String name) at PowerOfferService.Helper.RegistryHelper.SetRunRegistry() at PowerOfferService.Service1.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 11/01/2012 16:15:47 | Computer Name = FSN3 | Source = MSSQLServerADHelper | ID = 100 Description = '0' is an invalid number of start up parameters. This service takes two start up parameters. Error - 11/01/2012 16:15:47 | Computer Name = FSN3 | Source = MSSQL$MSSMLBIZ | ID = 8313 Description = Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled. Error - 11/01/2012 16:15:47 | Computer Name = FSN3 | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 11/01/2012 16:16:03 | Computer Name = FSN3 | Source = PowerOffer Service | ID = 0 Description = Service cannot be started. System.ArgumentException: No value exists with that name. at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource) at Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue) at Microsoft.Win32.RegistryKey.DeleteValue(String name) at PowerOfferService.Helper.RegistryHelper.SetRunRegistry() at PowerOfferService.Service1.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) [ Application Events ] Error - 11/01/2012 05:16:33 | Computer Name = FSN3 | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 11/01/2012 05:16:43 | Computer Name = FSN3 | Source = PowerOffer Service | ID = 0 Description = Service cannot be started. System.ArgumentException: No value exists with that name. at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource) at Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue) at Microsoft.Win32.RegistryKey.DeleteValue(String name) at PowerOfferService.Helper.RegistryHelper.SetRunRegistry() at PowerOfferService.Service1.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 11/01/2012 05:16:48 | Computer Name = FSN3 | Source = PowerOffer Upd Service | ID = 0 Description = Service cannot be started. The handle is invalid Error - 11/01/2012 06:33:11 | Computer Name = FSN3 | Source = MSSQL$MSSMLBIZ | ID = 8313 Description = Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled. Error - 11/01/2012 06:33:11 | Computer Name = FSN3 | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 11/01/2012 06:33:14 | Computer Name = FSN3 | Source = PowerOffer Service | ID = 0 Description = Service cannot be started. System.ArgumentException: No value exists with that name. at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource) at Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue) at Microsoft.Win32.RegistryKey.DeleteValue(String name) at PowerOfferService.Helper.RegistryHelper.SetRunRegistry() at PowerOfferService.Service1.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) Error - 11/01/2012 16:15:47 | Computer Name = FSN3 | Source = MSSQLServerADHelper | ID = 100 Description = '0' is an invalid number of start up parameters. This service takes two start up parameters. Error - 11/01/2012 16:15:47 | Computer Name = FSN3 | Source = MSSQL$MSSMLBIZ | ID = 8313 Description = Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled. Error - 11/01/2012 16:15:47 | Computer Name = FSN3 | Source = MSSQL$MSSMLBIZ | ID = 3409 Description = Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions. Error - 11/01/2012 16:16:03 | Computer Name = FSN3 | Source = PowerOffer Service | ID = 0 Description = Service cannot be started. System.ArgumentException: No value exists with that name. at System.ThrowHelper.ThrowArgumentException(ExceptionResource resource) at Microsoft.Win32.RegistryKey.DeleteValue(String name, Boolean throwOnMissingValue) at Microsoft.Win32.RegistryKey.DeleteValue(String name) at PowerOfferService.Helper.RegistryHelper.SetRunRegistry() at PowerOfferService.Service1.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) [ System Events ] Error - 12/01/2012 05:27:24 | Computer Name = FSN3 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2617.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 12/01/2012 12:14:30 | Computer Name = FSN3 | Source = NETLOGON | ID = 3095 Description = This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error - 12/01/2012 12:14:35 | Computer Name = FSN3 | Source = Service Control Manager | ID = 7023 Description = The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: %%31 Error - 12/01/2012 12:14:53 | Computer Name = FSN3 | Source = Service Control Manager | ID = 7024 Description = The SQL Server Active Directory Helper service terminated with service-specific error 3221225572 (0xC0000064). Error - 12/01/2012 12:15:06 | Computer Name = FSN3 | Source = Service Control Manager | ID = 7000 Description = The Norton Safe Web Lite service failed to start due to the following error: %%3 Error - 12/01/2012 12:15:29 | Computer Name = FSN3 | Source = UPS | ID = 2481 Description = The UPS service is not configured correctly. Error - 12/01/2012 12:15:29 | Computer Name = FSN3 | Source = Service Control Manager | ID = 7023 Description = The Uninterruptible Power Supply service terminated with the following error: %%2481 Error - 12/01/2012 12:18:01 | Computer Name = FSN3 | Source = Service Control Manager | ID = 7022 Description = The Network Access Protection Agent service hung on starting. Error - 12/01/2012 12:43:20 | Computer Name = FSN3 | Source = NetDDE | ID = 206 Description = Listen failed: 23: The ncb_lana_num member did not specify a valid network number. Error - 12/01/2012 12:43:32 | Computer Name = FSN3 | Source = NetDDE | ID = 206 Description = Listen failed: 15: [ System Events ] Error - 12/01/2012 05:27:24 | Computer Name = FSN3 | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.2617.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 12/01/2012 12:14:30 | Computer Name = FSN3 | Source = NETLOGON | ID = 3095 Description = This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. Error - 12/01/2012 12:14:35 | Computer Name = FSN3 | Source = Service Control Manager | ID = 7023 Description = The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: %%31 Error - 12/01/2012 12:14:53 | Computer Name = FSN3 | Source = Service Control Manager | ID = 7024 Description = The SQL Server Active Directory Helper service terminated with service-specific error 3221225572 (0xC0000064). Error - 12/01/2012 12:15:06 | Computer Name = FSN3 | Source = Service Control Manager | ID = 7000 Description = The Norton Safe Web Lite service failed to start due to the following error: %%3 Error - 12/01/2012 12:15:29 | Computer Name = FSN3 | Source = UPS | ID = 2481 Description = The UPS service is not configured correctly. Error - 12/01/2012 12:15:29 | Computer Name = FSN3 | Source = Service Control Manager | ID = 7023 Description = The Uninterruptible Power Supply service terminated with the following error: %%2481 Error - 12/01/2012 12:18:01 | Computer Name = FSN3 | Source = Service Control Manager | ID = 7022 Description = The Network Access Protection Agent service hung on starting. Error - 12/01/2012 12:43:20 | Computer Name = FSN3 | Source = NetDDE | ID = 206 Description = Listen failed: 23: The ncb_lana_num member did not specify a valid network number. Error - 12/01/2012 12:43:32 | Computer Name = FSN3 | Source = NetDDE | ID = 206 Description = Listen failed: 15: < End of report >
  6. stevie12
    Hi Starbuck, thanks for getting back. The results are as follows:- OTL logfile created on: 12/01/2012 10:00:55 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\rachel\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.96 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 67.12% Memory free 3.76 Gb Paging File | 3.14 Gb Available in Paging File | 83.34% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.68 Gb Total Space | 88.92 Gb Free Space | 79.62% Space Free | Partition Type: NTFS Computer Name: FSN3 | User Name: rachel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\rachel\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) PRC - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) PRC - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.) PRC - c:\drivers\audio\R205445\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) PRC - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation) PRC - C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll () MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll () MOD - C:\Program Files\Intel\WiFi\bin\iWMSProv.dll () ========== Win32 Services (SafeList) ========== SRV - (NSL) -- File not found SRV - (0118341309337175mcinstcleanup) McAfee Application Installer Cleanup (0118341309337175) -- File not found SRV - (PowerOffer Service) -- C:\Documents and Settings\TRAINER 3\Local Settings\Application Data\PosService\Pos.exe (PowerOfferService) SRV - (ServUpdater) -- C:\Documents and Settings\TRAINER 3\Local Settings\Application Data\ServUpdater\ServiceUpd.exe (ServiceUpd) SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.) SRV - (STacSV) -- c:\drivers\audio\R205445\stacsv.exe (IDT, Inc.) SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe () SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV - (BrcmMgmtAgent) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation) SRV - (ATService) -- C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.) SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (MpKsl562aeac5) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D666C7F-50AD-402A-B0D2-5641F3490A28}\MpKsl562aeac5.sys (Microsoft Corporation) DRV - (RapportCerberus_34302) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys () DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.) DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.) DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.) DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.) DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (BASFND) -- C:\Program Files\Broadcom\MgmtAgent\BASFND.sys (Broadcom Corporation) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation) DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fp-yie8 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USREL/2 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.uk.msn.com/USREL/2 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fp-yie8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = virginmedia.com:8080 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/12 00:05:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/22 21:31:52 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Documents and Settings\rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: Google Search = C:\Documents and Settings\rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ CHR - Extension: Gmail = C:\Documents and Settings\rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012/01/10 21:32:33 | 000,000,612 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (compliance0615 Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\prxtbIOb0.dll File not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (compliance0615 Toolbar) - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\prxtbIOb0.dll File not found O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (compliance0615 Toolbar) - {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - C:\Program Files\IObitCom\prxtbIOb0.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [PosService] C:\Documents and Settings\All Users\Documents\AppData\PoApp\PLauncher.exe File not found O4 - HKLM..\RunOnce: [112_952501433889] C:\Documents and Settings\rachel\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0002.tmp_r.bat () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E2C0250-60CE-454A-830F-93D1724D3419}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FE9DEF1-B785-4885-A0F3-649E214BC5EE}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D42408A8-E3FA-409C-8907-5BCA6AA62232}: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D42408A8-E3FA-409C-8907-5BCA6AA62232}: NameServer = 176.31.229.24,176.31.229.25 O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\rachel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\rachel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (wvauth) -C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/25 21:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/01/12 09:44:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rachel\Desktop\OTL.scr [2012/01/12 09:30:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012/01/11 13:34:52 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/01/11 09:06:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\rachel\IECompatCache [2012/01/10 23:15:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\rachel\Desktop\TFC.exe [2012/01/10 22:07:04 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012/01/10 22:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\AVG [2012/01/10 21:45:37 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/01/10 21:10:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/01/10 20:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\Malwarebytes [2012/01/10 19:29:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2012/01/10 19:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\LogMeIn Rescue Applet [2012/01/10 19:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\Temp [2012/01/10 19:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\Adobe [2012/01/10 09:35:45 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx [2012/01/10 09:35:45 | 000,140,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX [2012/01/10 09:35:45 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msstdfmt.dll [2012/01/10 09:35:44 | 000,244,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSFLXGRD.OCX [2012/01/10 09:35:44 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX [2012/01/10 09:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\Conduit [2012/01/10 09:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012/01/10 09:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\IObitCom [2012/01/10 09:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\IObit [2012/01/10 09:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue [2012/01/09 23:44:30 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2012/01/09 23:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner [2012/01/09 23:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2012/01/09 23:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\My Documents\Downloads [2012/01/09 23:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\PCHealth [2012/01/09 23:08:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2012/01/09 23:06:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\rachel\Start Menu\Programs\Administrative Tools [2012/01/09 23:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\Windows Search [2012/01/09 22:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\Macromedia [2012/01/09 22:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\Adobe [2012/01/09 22:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\Yahoo [2012/01/09 22:46:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\AskToolbar [2012/01/09 22:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\Google [2012/01/09 22:46:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\rachel\PrivacIE [2012/01/09 22:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\Yahoo! [2012/01/09 22:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\Google [2012/01/09 22:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\Real [2012/01/09 22:37:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\rachel\IETldCache [2012/01/09 22:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\Intel [2012/01/09 22:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\InstallShield [2012/01/09 22:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\Identities [2012/01/09 22:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\Broadcom [2012/01/09 22:35:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\rachel\Application Data\Microsoft [2012/01/09 22:35:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\rachel\Application Data [2012/01/09 22:35:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\rachel\Favorites [2012/01/09 22:35:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\rachel\Cookies [2012/01/09 22:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\Windows Desktop Search [2012/01/09 22:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\Wave Systems Corp [2012/01/09 22:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\Wave Systems Corp [2012/01/09 22:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\Trusteer [2012/01/09 22:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\Trusteer [2012/01/09 22:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Application Data\Sun [2012/01/09 22:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\PowerDVD DX [2012/01/09 22:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\Microsoft Help [2012/01/09 22:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\Microsoft [2012/01/09 22:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\Identities [2012/01/09 22:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Desktop [2012/01/09 22:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\rachel\Local Settings\Application Data\ApplicationHistory [2012/01/09 22:35:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\rachel\SendTo [2012/01/09 22:35:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\rachel\Recent [2012/01/09 22:35:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\rachel\Start Menu\Programs\Startup [2012/01/09 22:35:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\rachel\Start Menu [2012/01/09 22:35:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\rachel\My Documents\My Videos [2012/01/09 22:35:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\rachel\My Documents\My Pictures [2012/01/09 22:35:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\rachel\My Documents\My Music [2012/01/09 22:35:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\rachel\My Documents [2012/01/09 22:35:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\rachel\Start Menu\Programs\Accessories [2012/01/09 22:35:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\rachel\Templates [2012/01/09 22:35:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\rachel\PrintHood [2012/01/09 22:35:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\rachel\NetHood [2012/01/09 22:35:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\rachel\Local Settings [2012/01/05 06:06:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS [2012/01/05 06:06:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0306010.00B [2012/01/05 06:06:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0306000.01F [2012/01/03 15:31:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2012/01/03 13:44:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs [2012/01/03 13:41:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2012/01/02 20:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarmBackup [2012/01/02 20:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security [2012/01/02 20:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint [2012/01/02 20:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2012/01/01 15:43:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2012/01/01 15:43:54 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2012/01/01 15:43:54 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2012/01/01 15:41:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2012/01/01 15:38:36 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2012/01/01 15:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012/01/01 15:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2012/01/01 15:32:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2012/01/01 15:32:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2012/01/01 15:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\DevalVR [2011/12/31 17:12:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/12/31 17:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2011/12/31 16:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2011/12/31 08:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! [2011/12/31 08:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion [2011/12/31 08:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! [2011/12/31 08:14:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2011/12/22 21:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2011/12/15 16:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee ========== Files - Modified Within 30 Days ========== [2012/01/12 10:03:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{54FA2E56-24AC-45F4-81D8-6470F5BBFA68}.job [2012/01/12 09:45:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rachel\Desktop\OTL.scr [2012/01/12 09:21:32 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012/01/12 09:16:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/01/12 09:16:50 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/01/12 09:16:48 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On TRAINER 3 Logon.job [2012/01/12 09:16:48 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1999328495-1140362564-3312135486-1009.job [2012/01/12 09:16:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/01/12 09:16:21 | 2100,469,760 | -HS- | M] () -- C:\hiberfil.sys [2012/01/11 20:15:45 | 000,000,210 | -HS- | M] () -- C:\boot.ini [2012/01/11 13:56:44 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\rachel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.LNK [2012/01/11 13:43:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/01/11 12:56:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012/01/10 23:15:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\rachel\Desktop\TFC.exe [2012/01/10 21:50:02 | 000,738,296 | ---- | M] () -- C:\Documents and Settings\rachel\Desktop\Virus, possible hard-drive malfunction.mht [2012/01/10 18:33:40 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012/01/09 23:44:30 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2012/01/09 22:39:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\rachel\Local Settings\Application Data\WavXMapDrive.bat [2012/01/09 22:37:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\rachel\Desktop\Windows Media Player.lnk [2012/01/09 21:18:31 | 000,000,022 | ---- | M] () -- C:\WINDOWS\tpcsd [2012/01/03 13:46:15 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2012/01/03 13:45:00 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2012/01/01 15:37:40 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2012/01/01 15:37:40 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2012/01/01 15:32:31 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2011/12/30 14:07:24 | 000,545,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/12/30 14:07:24 | 000,111,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/12/29 21:33:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1999328495-1140362564-3312135486-1009.job [2011/12/22 21:32:16 | 000,001,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free Offers.lnk [2011/12/22 21:32:16 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/12/22 21:31:36 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2011/12/22 21:31:19 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2011/12/22 21:31:19 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2011/12/22 21:31:15 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/12/16 09:39:42 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/12/15 18:29:21 | 000,001,793 | ---- | M] () -- C:\Documents and Settings\rachel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/12/15 18:29:20 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2011/12/15 16:53:44 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk ========== Files Created - No Company Name ========== [2012/01/12 09:10:47 | 000,155,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012/01/11 14:03:40 | 2100,469,760 | -HS- | C] () -- C:\hiberfil.sys [2012/01/11 14:00:28 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{54FA2E56-24AC-45F4-81D8-6470F5BBFA68}.job [2012/01/10 21:49:58 | 000,738,296 | ---- | C] () -- C:\Documents and Settings\rachel\Desktop\Virus, possible hard-drive malfunction.mht [2012/01/09 23:40:43 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012/01/09 22:38:23 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\rachel\Start Menu\Programs\Internet Explorer.lnk [2012/01/09 22:37:12 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\rachel\Start Menu\Programs\Windows Media Player.lnk [2012/01/09 22:37:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\rachel\Desktop\Windows Media Player.lnk [2012/01/09 22:35:14 | 000,001,793 | ---- | C] () -- C:\Documents and Settings\rachel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/01/09 22:35:14 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\rachel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.LNK [2012/01/09 22:35:13 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\rachel\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2012/01/09 22:35:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\rachel\Local Settings\Application Data\WavXMapDrive.bat [2012/01/09 22:35:11 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\rachel\Start Menu\Programs\Remote Assistance.LNK [2012/01/09 22:35:11 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\rachel\Start Menu\Programs\Outlook Express.LNK [2012/01/09 21:18:31 | 000,000,022 | ---- | C] () -- C:\WINDOWS\tpcsd [2012/01/03 13:45:00 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2012/01/02 20:27:10 | 000,003,841 | ---- | C] () -- C:\WINDOWS\System32\server.pem [2012/01/02 20:26:53 | 000,147,130 | ---- | C] () -- C:\WINDOWS\System32\CRYPT32.LIB [2012/01/02 20:26:53 | 000,117,982 | ---- | C] () -- C:\WINDOWS\System32\ADVAPI32.LIB [2012/01/02 20:26:51 | 000,000,730 | ---- | C] () -- C:\WINDOWS\System32\rootcert.pem [2012/01/02 20:05:13 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml [2012/01/01 16:02:16 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0306010.00B\isolate.ini [2012/01/01 15:32:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2011/12/31 19:04:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On TRAINER 3 Logon.job [2011/12/31 16:56:52 | 000,000,242 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011/12/22 21:32:16 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/12/15 16:53:44 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk [2011/12/15 16:53:44 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk [2011/08/20 17:44:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011/06/29 07:54:37 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe [2011/06/29 07:54:37 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe [2011/06/29 07:54:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe [2011/06/18 02:12:51 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2011/06/11 06:05:46 | 000,003,286 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\profiles.xml [2011/03/23 22:51:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe [2009/04/16 02:40:37 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2009/04/16 02:40:37 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2009/04/16 02:40:37 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4980.dll [2009/04/16 02:40:25 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe [2009/04/16 02:39:32 | 000,001,204 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2009/04/15 18:45:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/04/15 18:28:52 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/04/15 18:09:13 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll [2009/03/01 17:01:02 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll [2008/12/22 11:13:54 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll [2008/12/19 17:59:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll [2008/12/19 17:59:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll [2008/12/19 17:59:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll [2008/12/19 17:59:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll [2008/12/19 17:59:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll [2008/12/19 17:59:12 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll [2008/12/19 17:59:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll [2008/12/19 17:59:10 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll [2008/12/19 17:59:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll [2008/12/19 17:59:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll [2008/12/19 17:59:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll [2008/12/19 17:59:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll [2008/12/19 17:59:04 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll [2008/12/19 17:59:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll [2008/12/19 17:59:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll [2008/12/19 17:59:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll [2008/12/19 17:58:58 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll [2008/12/19 17:58:56 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll [2008/12/19 17:58:56 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll [2008/12/19 17:58:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll [2008/12/19 17:58:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll [2008/12/19 17:58:52 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll [2008/12/19 17:58:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll [2008/12/19 17:58:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll [2008/12/11 14:51:36 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll [2008/12/11 11:59:48 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll [2008/12/11 11:59:46 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll [2008/12/11 11:59:46 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll [2008/12/11 11:59:46 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll [2008/12/11 11:59:44 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll [2008/12/11 11:59:44 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll [2008/12/11 11:59:42 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll [2008/12/11 11:59:42 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll [2008/12/11 11:59:40 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll [2008/12/11 11:59:40 | 000,479,232 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll [2008/12/11 11:59:40 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll [2008/12/11 11:59:38 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll [2008/12/11 11:59:38 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll [2008/12/11 11:59:36 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll [2008/12/11 11:59:36 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll [2008/12/11 11:59:36 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll [2008/12/11 11:59:34 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll [2008/12/11 11:59:34 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll [2008/12/11 11:59:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll [2008/12/11 11:59:34 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll [2008/12/11 11:59:32 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll [2008/12/11 11:59:32 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll [2008/12/11 11:59:30 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll [2008/12/11 11:59:30 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll [2008/12/11 11:56:30 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll [2008/10/06 17:36:56 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll [2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008/04/25 21:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008/04/25 21:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/04/25 21:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2008/04/25 16:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008/04/25 16:16:22 | 000,545,700 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008/04/25 16:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008/04/25 16:16:22 | 000,111,666 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008/04/25 16:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008/04/25 16:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008/04/25 16:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008/04/25 16:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2008/04/25 16:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008/04/25 16:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008/04/25 16:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008/04/25 16:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008/04/25 09:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/04/25 09:21:52 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/03/25 08:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll [2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2006/06/30 11:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll [2006/06/30 11:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll [2006/06/12 07:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll [2004/09/10 12:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll [2004/09/10 12:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll ========== LOP Check ========== [2011/09/17 14:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar [2011/08/24 15:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze [2011/06/12 06:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds [2011/03/23 21:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2011/11/11 23:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask [2009/04/15 18:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T [2011/03/22 06:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2011/11/27 16:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon [2011/12/29 20:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games [2011/11/01 15:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2011/08/16 19:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Casual Arts [2011/07/30 14:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cateia Games [2012/01/02 20:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint [2011/12/31 17:12:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/07/15 22:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Crown [2011/08/21 19:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games [2011/08/16 16:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games [2011/08/01 18:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames [2011/06/15 07:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo [2011/06/18 03:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse [2011/09/02 11:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gamers Digital [2011/06/08 06:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet [2011/08/01 19:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games [2012/01/10 22:04:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2009/04/15 18:17:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems [2011/08/25 08:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Particles [2011/09/07 18:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst [2011/10/22 10:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint [2011/08/02 16:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpecialBit [2012/01/10 22:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2011/07/16 10:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheFallTrilogyEp3-BF [2010/03/08 08:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer [2011/11/02 11:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software [2011/11/11 23:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media [2011/11/03 23:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp [2011/11/02 11:49:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2011/06/29 05:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} [2011/06/29 06:26:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0 [2011/11/01 20:02:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~1 [2012/01/10 22:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rachel\Application Data\AVG [2009/04/15 18:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rachel\Application Data\Broadcom [2012/01/10 09:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rachel\Application Data\IObit [2011/06/29 02:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rachel\Application Data\Trusteer [2009/04/15 18:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rachel\Application Data\Wave Systems Corp [2009/04/15 17:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rachel\Application Data\Windows Desktop Search [2012/01/09 23:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\rachel\Application Data\Windows Search [2012/01/10 18:33:40 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2012/01/12 09:16:48 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup Integrator Start On TRAINER 3 Logon.job [2012/01/12 09:21:32 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2012/01/11 12:56:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [2012/01/12 10:03:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{54FA2E56-24AC-45F4-81D8-6470F5BBFA68}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2008/04/25 21:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2012/01/11 20:15:45 | 000,000,210 | -HS- | M] () -- C:\boot.ini [2008/04/25 21:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2009/04/16 02:43:03 | 000,005,465 | RH-- | M] () -- C:\dell.sdr [2012/01/12 09:16:21 | 2100,469,760 | -HS- | M] () -- C:\hiberfil.sys [2008/04/25 21:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS [2008/04/25 21:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS [2008/04/14 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/04/14 12:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/01/12 09:16:18 | 2100,396,032 | -HS- | M] () -- C:\pagefile.sys [2011/06/29 08:01:27 | 000,002,342 | ---- | M] () -- C:\rapport.txt [2011/11/06 17:04:58 | 000,000,889 | ---- | M] () -- C:\Settings.ini [2006/11/13 11:21:34 | 013,312,638 | ---- | M] () -- C:\swipeall.avi [2006/11/13 11:23:48 | 002,081,296 | ---- | M] (UPEK Inc.) -- C:\vtapi.dll < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2008/04/25 09:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008/04/25 09:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2008/04/25 09:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/05 09:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) ========== Alternate Data Streams ========== @Alternate Data Stream - 249 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5BA9ADD @Alternate Data Stream - 247 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48D3CC24 @Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E14FA16F @Alternate Data Stream - 241 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A906D4A @Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EC5BC08 @Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0696EC8E @Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02F30776 @Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE @Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB647F34 @Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:831C6B2D @Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF0C5444 @Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FDE078B @Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8556124B @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6DC537DB @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BB8C675 @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A819A132 @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:491270B8 @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D6B89CE @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3969ACF7 @Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2899566E @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1234ADAE @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46283136 @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E732B44B @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C37283B5 @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18DEBC51 @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:16F4BC64 @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3591DDB @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF640EE5 @Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D551822 @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6708F08 @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA0017FD @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F3CEEE6 @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05F547A9 @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6C6EB3B @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4AF8D0D @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F8138B7 @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:147A3409 @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A88BE334 @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBCF5924 @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9056F42 @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A42FABF7 @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AE74FF9 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AAA06E15 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6EC5C2A @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE875C30 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B54E4B5A @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90C320E1 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87A3A233 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E40D7F76 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4F0E275 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D999FFD5 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD8010FE @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E8C18F1 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E413CD6 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5D01D7C @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CAC06C34 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59465B40 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:206470A5 @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C30487EE @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63210866 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3815BC84 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3086B95F @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D93FCBB6 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B139DDF3 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D576A536 @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E8117B1 @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6E6C4EA @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0888117 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F08EA3 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AECF4772 @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:041C0562 @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09064307 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADFAD95A @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33B04540 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512E1728 @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DE96CF5 @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD34FFC5 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DB6F365 @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72 @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E690114B < End of report >
  7. stevie12
    thanks for your reply Starbuck. i downloaded OTL and here are the results:- OTL logfile created on: 12/01/2012 09:47:06 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\rachel\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.96 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 68.95% Memory free 3.76 Gb Paging File | 3.16 Gb Available in Paging File | 83.88% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.68 Gb Total Space | 88.97 Gb Free Space | 79.67% Space Free | Partition Type: NTFS Computer Name: FSN3 | User Name: rachel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\rachel\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) PRC - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) PRC - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.) PRC - c:\drivers\audio\R205445\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) PRC - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation) PRC - C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll () MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\41c3a2fcffc58b20023c7d54e57ea956\System.IdentityModel.Selectors.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll () MOD - C:\Program Files\Intel\WiFi\bin\iWMSProv.dll () ========== Win32 Services (SafeList) ========== SRV - (NSL) -- File not found SRV - (0118341309337175mcinstcleanup) McAfee Application Installer Cleanup (0118341309337175) -- File not found SRV - (PowerOffer Service) -- C:\Documents and Settings\TRAINER 3\Local Settings\Application Data\PosService\Pos.exe (PowerOfferService) SRV - (ServUpdater) -- C:\Documents and Settings\TRAINER 3\Local Settings\Application Data\ServUpdater\ServiceUpd.exe (ServiceUpd) SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.) SRV - (STacSV) -- c:\drivers\audio\R205445\stacsv.exe (IDT, Inc.) SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe () SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV - (BrcmMgmtAgent) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation) SRV - (ATService) -- C:\Program Files\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.) SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (MpKsl562aeac5) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D666C7F-50AD-402A-B0D2-5641F3490A28}\MpKsl562aeac5.sys (Microsoft Corporation) DRV - (RapportCerberus_34302) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys () DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.) DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.) DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.) DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.) DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (BASFND) -- C:\Program Files\Broadcom\MgmtAgent\BASFND.sys (Broadcom Corporation) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation) DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio) DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fp-yie8 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USREL/2 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.uk.msn.com/USREL/2 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fp-yie8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = virginmedia.com:8080 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/12 00:05:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/22 21:31:52 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Documents and Settings\rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: Google Search = C:\Documents and Settings\rachel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\
  8. stevie12
    thanks for your reply. i did contact my isp virgin media but they seem to think it's a virus (???) and cannot doanyhting themselves. i'm from the uk not Italy, never actually been to italy. please help
  9. stevie12
    it's good to know it's not a virus- i think i must have downloaded it by mistake. it's more annoying than a problem to my bf mainly who uses the betting sites but are being blocked and it's difficult to use paypal online. i just need to know how to remove it completely
  10. stevie12
    hi i desperately need help removing the website aams.gov.it from my computer- the ip address is 217.175.53.72. is it a virus? and how do you remove it? the problem seems to be getting worse as this site is starting to appear more frequently as time goes on. help stevie
×
×
  • Create New...