pitfall

Right Starbuck. I got around to taking Mcafee off My lappy last night. I deleted from Progs, then use this to tidy up after. http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe I run ccleaner, atf cleaner, then rebooted. I followed this http://www.pcworld.com/article/20202...windows-8.html and had no trouble starting windows defender, thank You, Now the question is, do I need anything else to run with windows defender. I've got spywareblaster and malwarebytes on My laptop. but not sure if I need another antivirus installed ?

It works a ttreat KenB. And yes, what a bargain. If anything goes wrong with it, least I know windows 8.1 works great with a usb mouse. cheers guys ;)

http://support.microsoft.com/kb/2934802. It said it was about adobe, so before I updated, I uninstalled adobe from progs? run ccleaner and done the update from micro. then went to install adobe. but it was a bit harder than normal, but finally got this one. could You have a look at this picture and let me know if it's the right one please ;-) http://i464.photobucket.com/albums/rr8/stevo__2009/Untitled_zps16ed8a07.jpg

Quick update on the mouse lol My Son went in to town on a mission to find Me a mouse. I've now got a Microtek 800dpi Precision optical plug in Mouse It works very well and charms doesn't get dragged out as much, and everything is quicker to to use. Now for the good part ( or bad lol ) My Son bought it from £ land................yes for a £1 before You ask lol. so I hope it will stay ok ;-)

What a job KenB :-( only just finished the updates :-( Going to float to bed now, and do the rest of the things tomorrow.Thanks for the help

Great stuff Dave ;-) I hope it last You a long time. I don't think I'm up to doing any major leap like You have. I'm going to give this windows 8.1 a run for it's money lol. I'm finding the small shift button on the left a hard one to master at the moment lol.

Thanks KenB. My Son popped in from college and set it up as best He could ( his first go on windows 8.1) I was going to stay hard wire and use Ethernet, but it's done now lol. I know for one thing, \I'm going to need a mouse. The finger pad isn't much good for Me. Ok, now for the questions lol. can I use windows 8.1 " firefox, spywareblaster, web of trust, sas, and malwarebytes". also, there are 36 important windows updates ( it didn't say critical ) should I load then in. Thanks for any help ;-)

Change of plan Guys :-( I've ordered this one instead. http://www.argos.co.uk/static/Product/partNumber/1471786.htm. I hope it's going to do the trick lol I'll be back in tomorrow with news or for help.

Cheers Starbuck, I was going to ask about Mcafee, I got told to take it off the one I have now. I might as well jump in and get it then. lol I can see Me reading the post in here a lot now lol Night for now all.

Thank You Vr5fx :)

http://www.pcworld.co.uk/gbuk/laptop...69537-pdt.html I've got £300.00 to up-grade from My XP and seen this one. But the more I read about windows 8 the more I get worried lol can You tell Me is there enough ram and hard drive. Is it fast enough. would it play youtube vids. would and could You help strip any stuff off it that I don't need Or is it best to wait for another one to come along :( Thanks for any help Guys :)

Yeah, Job well done :) I'm not looking forward to April, when Micro pulls the plug on the old XP :rolleyes:

Thanks for all the help and giving Your time Starbuck I'm just going to make a new start point now, I've done the rest. ............. KenB, I haven't seen the warning pop up about virtual memory yet, so that looks good :)

Sorry about that Starbuck, I didn't explain it very well did I :(. Before I deleted firefox, and slimmed things down, while we fixed My lappy up. F/F was a bit buggy. I read somewhere that. "Mozilla backpedals on Firefox release schedule, in favour of a holiday break" and I thought That was the cause of the bugginess. As IE I was taking forever to load up or open a new page or tab? so I went back to F/F and it's loading very fast now? Probably due to the work done on My lappy here. can You tell Me if any of these progs are needed or not, or the settings changing. Thanks Peeps :) http://i464.photobucket.com/albums/rr8/stevo__2009/Firefoxsettings_zps281e3725.jpg http://i464.photobucket.com/albums/rr8/stevo__2009/firefoxsettings1_zps8e2e7129.jpg

Thanks Ken, I applied Your idea, and will let You know how it goes. I did try and turn it back, to make sure I could do it :rolleyes: But I would have to put a number in lol If This doesn't fix it, You can find Me a number to put back in lol Cheers ;) PS. I went ahead and put Firefox in, it's much faster than IE, I just wish they would update it.

Good Evening Starbuck. The old laptop runs pretty well,appart from always saying " virtual memory is low " but that can be expected for it's years and not enough ram. But it's life will probably be over soon anyway come april. I done the MS updates, but it had changed from the one I posted here. there are two now . Do You think We need to do anymore work before You lock up? PS. I want to use Firefox again, but it was a bit buggy. they said their not doing a new update this time around ? google is to bloated for XP and I don't like using IE. Is it worth putting F/F back for now ? Thanks for all the help

Sorry about putting this here, but just to let You know. I keep My patch tuesday turned to manual. I check them today and this was offered. I haven't updated them yet till You say I should ? http://support.microsoft.com/kb/2798897 Cheers :confused:

Good Morning Starbuck. A new approach today I didn't turn My anti virus off this time ? I run Your codes, and We got as far as the " re-start computer, so I clicked on it, and a notice from micro popped up saying something about having to send an error report in and avira needs to shut down the comp. But I didn't send in the report. I said no, and clicked re-start. I then said " Windows was shutting down. But it just froze again, and I had to hard close once more. But on rer-boot, We got a log this time,were it hasn't produst one ( appart from when I pressed scan and not fix lol ) So I hope it is of some use to You. Good luck Mate, thanks again. .................... All processes killed ========== OTL ========== Error: No service named HidServ was found to stop! Service\Driver key HidServ not found. File %SystemRoot%\System32\hidserv.dll File not found not found. Error: No service named AppMgmt was found to stop! Service\Driver key AppMgmt not found. File %SystemRoot%\System32\appmgmts.dll File not found not found. Error: No service named WDICA was found to stop! Service\Driver key WDICA not found. File File not found not found. Error: No service named wanatw was found to stop! Service\Driver key wanatw not found. File system32\DRIVERS\wanatw4.sys File not found not found. Error: No service named PDRFRAME was found to stop! Service\Driver key PDRFRAME not found. File File not found not found. Error: No service named PDRELI was found to stop! Service\Driver key PDRELI not found. File File not found not found. Error: No service named PDFRAME was found to stop! Service\Driver key PDFRAME not found. File File not found not found. Error: No service named PDCOMP was found to stop! Service\Driver key PDCOMP not found. File File not found not found. Error: No service named PCIDump was found to stop! Service\Driver key PCIDump not found. File File not found not found. Error: No service named lbrtfdc was found to stop! Service\Driver key lbrtfdc not found. File File not found not found. Error: No service named k750obex was found to stop! Service\Driver key k750obex not found. File system32\DRIVERS\k750obex.sys File not found not found. Error: No service named k750mgmt was found to stop! Service\Driver key k750mgmt not found. File system32\DRIVERS\k750mgmt.sys File not found not found. Error: No service named k750mdm was found to stop! Service\Driver key k750mdm not found. File system32\DRIVERS\k750mdm.sys File not found not found. Error: No service named k750mdfl was found to stop! Service\Driver key k750mdfl not found. File system32\DRIVERS\k750mdfl.sys File not found not found. Error: No service named k750bus was found to stop! Service\Driver key k750bus not found. File system32\DRIVERS\k750bus.sys File not found not found. Error: No service named Changer was found to stop! Service\Driver key Changer not found. File File not found not found. Error: No service named catchme was found to stop! Service\Driver key catchme not found. File C:\DOCUME~1\wayne\LOCALS~1\Temp\catchme.sys File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found. Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found. Starting removal of ActiveX control {5ED80217-570B-4DA9-BF44-BE107C0EC166} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\ not found. Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. C:\Documents and Settings\All Users\Application Data\AVAST Software\Persistent Data\Avast\Logs folder moved successfully. C:\Documents and Settings\All Users\Application Data\AVAST Software\Persistent Data\Avast folder moved successfully. C:\Documents and Settings\All Users\Application Data\AVAST Software\Persistent Data folder moved successfully. C:\Documents and Settings\All Users\Application Data\AVAST Software folder moved successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\the boss\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\the boss\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Administrator.FRONTROOM ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32835 bytes ->Flash cache emptied: 506 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: the boss ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 458819 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 998 bytes User: wayne ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 103073 bytes ->FireFox cache emptied: 64622278 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 1887682 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 64.00 mb File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot. Error: Unble to create default HOSTS file! OTL by OldTimer - Version 3.2.69.0 log created on 01142014_020154 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...

Ok. Thanks very much

Hi Starbuck, I did try and copy and paste Your fixit script, but something keeps going wrong. After I put Your script/code, in and press fix (By the way, You said to scan it in Your last post ;) ) It runs for a bit and stops at something saying " possessing 033 " or something like that. I left it for a long time to make sure it had run properly. but windows sent Me an error report to send. I had My anti virus off while I was doing the fix. I had to hard shut down, even task manager wouldn't close it. could You tell Me if the fix runs fast or not. I'm a bit stuck at the moment :( Is it worth starting over from the begining? or some other idea. Thanks for the quick help so far .

Now I think this is the log from OTL that I run as a scan and NOT as a FIX. ............ OTL logfile created on: 12/01/2014 11:49:44 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\the boss\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 989.48 Mb Total Physical Memory | 642.39 Mb Available Physical Memory | 64.92% Memory free 1.21 Gb Paging File | 0.75 Gb Available in Paging File | 62.24% Paging File free Paging file location(s): C:\pagefile.sys 336 672 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 33.11 Gb Total Space | 15.09 Gb Free Space | 45.58% Space Free | Partition Type: NTFS Computer Name: FRONTROOM | User Name: the boss | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\the boss\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer Inc.) PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation) PRC - C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) PRC - C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe () PRC - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe () PRC - C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG) PRC - C:\Program Files\Ahead\InCD\incdsrv.exe (AHEAD Software) PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe () MOD - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe () MOD - C:\Program Files\BroadJump\Client Foundation\CFD.exe () MOD - C:\Program Files\BroadJump\Client Foundation\TimerManager.DLL () MOD - C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.DLL () MOD - C:\Program Files\BroadJump\Client Foundation\AppProperties.DLL () MOD - C:\Program Files\BroadJump\Client Foundation\Marshaller.dll () MOD - C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll () MOD - C:\Program Files\BroadJump\Client Foundation\BJComRT.dll () MOD - C:\WINDOWS\system32\stlport_4_0_0_DDR.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SRV - (FspadSvc) -- C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe () SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\incdsrv.exe (AHEAD Software) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (k750obex) -- system32\DRIVERS\k750obex.sys File not found DRV - (k750mgmt) -- system32\DRIVERS\k750mgmt.sys File not found DRV - (k750mdm) -- system32\DRIVERS\k750mdm.sys File not found DRV - (k750mdfl) -- system32\DRIVERS\k750mdfl.sys File not found DRV - (k750bus) -- system32\DRIVERS\k750bus.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOCUME~1\wayne\LOCALS~1\Temp\catchme.sys File not found DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions) DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola) DRV - (SISNICXP) -- C:\WINDOWS\system32\drivers\sisnicxp.sys (SiS Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation) DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation) DRV - (qkbfiltr) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys (Quanta Computer, Inc.) DRV - (fspad) -- C:\WINDOWS\system32\drivers\fspad.sys (Asia Vital Components Co.,Ltd.) DRV - (qmofiltr) -- C:\WINDOWS\system32\drivers\qmofiltr.sys (Quanta Computer, Inc.) DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation) DRV - (InCDrec) -- C:\WINDOWS\System32\drivers\incdrec.sys (Ahead Software AG) DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\incdpass.sys (Ahead Software) DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\incdfs.sys () DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys (Logitech Inc.) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{1AB9E258-1622-499D-9B70-E06C8CCB79C6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{6638B77B-D0DF-461F-9133-220D6020A463}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{9D9EFC7F-8E7D-4CF9-80C4-ECEB6B6FD37F}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{BF1521BC-70FF-4303-9EC1-21ACA993D9BD}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{C60EBE12-0A1D-4B8B-82D6-5CFD294BE6C7}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{DBF4149D-43D5-4B05-A96F-6B51870D738F}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = IE - HKCU\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search IE - HKCU\..\SearchScopes\{25E0768B-6F96-40D2-9DA9-79C70260C4B8}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{5F73C9FE-755D-49CD-8C8B-034C82732AB3}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{A4002216-F71B-4F3E-854B-03A3FA149AB0}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{B909E871-1F49-4D21-AEB2-98823825B616}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{C02A4BE6-7476-4A95-B030-419A9F09FBEB}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{ED5D69C1-8340-438F-A1BD-75E72A38D2B0}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) [2013/12/10 20:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - homepage: http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtD0CtDzy0F0EtAyB0FtDtAtC0F0ByEtN0D0Tzu0SyByEtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1916909073&ir= CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Drive = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: WOT = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.0.17_0\ CHR - Extension: WOT = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.1.1_0\ CHR - Extension: YouTube = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\ CHR - Extension: Adblock Plus = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0\ CHR - Extension: Google Search = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ CHR - Extension: Gmail = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2014/01/04 01:30:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe () O4 - HKLM..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe () O4 - HKLM..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG) O4 - HKLM..\Run: [Keyboard Manager Utility] C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer Inc.) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342012978515 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://fdl.msn.com/public/chat/msnchat45.cab (MSN Chat Control 4.5) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{543330AD-2D59-4599-BF95-E62FDE47BA3E}: DhcpNameServer = 194.168.4.100 194.168.8.100 O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/09/09 17:51:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell - "" = AutoRun O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun\command - "" = D:\OEMBranding.exe O33 - MountPoints2\Z\Shell - "" = AutoRun O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014/01/12 11:31:19 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\the boss\Desktop\JRT.exe [2014/01/11 23:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2014/01/11 23:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2014/01/11 21:32:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\the boss\Recent [2014/01/11 21:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Local Settings\Application Data\Meltytech [2014/01/11 20:39:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\the boss\My Documents\picvids [2014/01/11 20:33:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\the boss\My Documents\wayne music [2014/01/11 20:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\to adust window up-dater (bits) [2014/01/11 19:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\MOGS [2014/01/11 19:14:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\the boss\My Documents\my pictures 1 [2014/01/11 19:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\My Playlists [2014/01/11 15:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\2013-10-18, Grace [2014/01/11 15:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\2010 me [2014/01/11 15:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\History [2014/01/11 13:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\waynemorris112183024717 [2014/01/11 13:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\dogs2 [2014/01/11 13:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\pdf files [2014/01/11 12:52:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\the boss\Desktop\OTL.scr [2014/01/10 00:16:18 | 000,000,000 | ---D | C] -- C:\SUPERDelete [2014/01/09 21:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Application Data\DigitalSites [2014/01/05 12:24:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2014/01/04 19:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2014/01/04 01:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2014/01/04 01:13:25 | 000,000,000 | RHSD | C] -- C:\cmdcons [2014/01/04 01:05:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2014/01/02 13:34:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2014/01/02 11:05:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/01/02 00:05:51 | 000,000,000 | ---D | C] -- C:\FRST [2013/12/17 16:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Application Data\SUPERAntiSpyware.com [2013/12/15 23:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Application Data\Avira [2013/12/14 23:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware [2013/12/14 23:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2013/12/14 23:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware ========== Files - Modified Within 30 Days ========== [2014/01/12 11:31:22 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\the boss\Desktop\JRT.exe [2014/01/12 11:18:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2014/01/12 10:54:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014/01/11 20:17:08 | 000,000,292 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\to adjust window auto up-dates.rtf [2014/01/11 20:15:32 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\the boss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/01/11 13:54:50 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2014/01/11 12:52:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\the boss\Desktop\OTL.scr [2014/01/09 21:01:12 | 000,000,005 | ---- | M] () -- C:\Documents and Settings\the boss\Application Data\WBPU-TTL.DAT [2014/01/09 21:01:11 | 000,000,106 | ---- | M] () -- C:\Documents and Settings\the boss\Application Data\WB.CFG [2014/01/09 12:24:22 | 000,002,199 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\retired thoughts.rtf [2014/01/04 01:30:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2014/01/04 01:13:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013/12/26 20:29:04 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI [2013/12/22 12:46:18 | 001,028,034 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\firefox bookmarks.html [2013/12/21 16:49:56 | 000,093,316 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\MPs that voted against food bank inquiry.rtf [2013/12/18 02:19:12 | 000,001,313 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\penning oral % to be met.rtf [2013/12/18 02:13:10 | 000,133,878 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\PIP oral hc911.rtf [2013/12/16 12:22:16 | 000,000,325 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\find BITS in windows start and run.rtf [2013/12/14 23:32:57 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk ========== Files Created - No Company Name ========== [2014/01/11 20:40:22 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\262.rtf [2014/01/11 14:40:05 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\find BITS in windows start and run.rtf [2014/01/11 14:39:47 | 005,742,396 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Macy Gray I Try.wma [2014/01/11 14:39:28 | 003,174,852 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Hu_s_on_First.wmv [2014/01/11 14:38:54 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\home swappers emails.rtf [2014/01/11 14:38:20 | 000,007,117 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\how could you.rtf [2014/01/11 14:37:06 | 001,028,034 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\firefox bookmarks.html [2014/01/11 14:34:09 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\marxbrosvid.rtf [2014/01/11 14:27:43 | 000,000,335 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mine.rtf [2014/01/11 14:27:18 | 000,006,373 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\cameron.rtf [2014/01/11 14:27:18 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\CARE HOME PETITION.rtf [2014/01/11 14:27:14 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\dads obituary.rtf [2014/01/11 14:27:14 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\appeal video.rtf [2014/01/11 14:25:24 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Kasperksky.rtf [2014/01/11 14:21:17 | 000,011,709 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\IDS at autswitch.rtf [2014/01/11 14:18:57 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Mcv.rtf [2014/01/11 14:14:14 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\council tax.rtf [2014/01/11 14:13:46 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\dads family.rtf [2014/01/11 14:13:09 | 000,010,783 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\calums list1.rtf [2014/01/11 14:13:09 | 000,006,067 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\calums list.rtf [2014/01/11 14:13:09 | 000,004,680 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\calums list2.rtf [2014/01/11 14:12:43 | 000,011,782 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Calum and peters list.rtf [2014/01/11 14:12:03 | 000,011,867 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\blair.rtf [2014/01/11 14:11:18 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\to adjust window auto up-dates.rtf [2014/01/11 14:10:40 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\100 tory **** ups.rtf [2014/01/11 14:08:59 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mirosoft update fixer.rtf [2014/01/11 14:07:06 | 000,093,316 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\MPs that voted against food bank inquiry.rtf [2014/01/11 14:04:22 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mums obituary.rtf [2014/01/11 14:04:22 | 000,000,266 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Nelson passed away.rtf [2014/01/11 14:03:54 | 000,071,914 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\parliament.rtf [2014/01/11 14:03:54 | 000,037,033 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\paedos.rtf [2014/01/11 14:03:01 | 000,031,278 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\petes list.rtf [2014/01/11 13:54:50 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2014/01/11 13:31:15 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\New Playlist.wpl [2014/01/11 13:30:07 | 000,005,159 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Now Playing.wpl [2014/01/11 13:30:07 | 000,001,963 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\HIS.wpl [2014/01/11 13:30:07 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mine.wpl [2014/01/11 13:30:07 | 000,000,346 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Untitled Playlist.wpl [2014/01/11 13:14:37 | 000,069,897 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\0539c9a8-ed62-4af3-b0ff-f9b107d151cc_zpsec3eaa2f.jpg [2014/01/09 21:01:12 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\the boss\Application Data\WBPU-TTL.DAT [2014/01/09 21:01:07 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\the boss\Application Data\WB.CFG [2014/01/09 13:31:27 | 000,006,008 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\the Mccann case.rtf [2014/01/09 12:24:22 | 000,002,199 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\retired thoughts.rtf [2014/01/04 01:13:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2014/01/04 01:13:28 | 000,260,272 | RHS- | C] () -- C:\cmldr [2013/12/26 20:29:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2013/12/18 02:19:12 | 000,001,313 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\penning oral % to be met.rtf [2013/12/18 02:13:10 | 000,133,878 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\PIP oral hc911.rtf [2013/12/14 23:32:57 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/09/27 10:01:09 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\the boss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/15 10:51:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010/12/23 22:10:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\the boss\Application Data\wklnhst.dat [2006/12/14 08:05:35 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html ========== ZeroAccess Check ========== [2005/09/09 17:56:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/10/27 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2007/07/11 23:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames [2007/07/12 20:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear [2013/03/01 23:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses [2006/04/08 12:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\******* [2008/10/30 16:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca [2014/01/12 11:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2014/01/09 21:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\DigitalSites [2012/05/24 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\ElevatedDiagnostics [2010/12/12 00:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Opera [2012/05/02 20:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Oracle [2005/09/09 21:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\SampleView [2014/01/09 11:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\SumatraPDF [2012/09/11 09:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Template [2009/12/29 05:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < :otl > [2005/09/09 17:38:39 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2005/09/09 17:54:19 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT < SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found > < SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found > < DRV - (WDICA) -- File not found > < DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found > < DRV - (PDRFRAME) -- File not found > < DRV - (PDRELI) -- File not found > < DRV - (PDFRAME) -- File not found > < DRV - (PDCOMP) -- File not found > < DRV - (PCIDump) -- File not found > < DRV - (lbrtfdc) -- File not found > < DRV - (k750obex) -- system32\DRIVERS\k750obex.sys File not found > < DRV - (k750mgmt) -- system32\DRIVERS\k750mgmt.sys File not found > < DRV - (k750mdm) -- system32\DRIVERS\k750mdm.sys File not found > < DRV - (k750mdfl) -- system32\DRIVERS\k750mdfl.sys File not found > < DRV - (k750bus) -- system32\DRIVERS\k750bus.sys File not found > < DRV - (Changer) -- File not found > < DRV - (catchme) -- C:\DOCUME~1\wayne\LOCALS~1\Temp\catchme.sys File not found > < O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present > < O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present > < O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab (Reg Error: Key error.) > Invalid Switch: qtplugin.cab (Reg Error: Key error.) < O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.) > Invalid Switch: sw.cab (Reg Error: Key error.) < O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/res...lscbase370.cab (Windows Live Safety Center Base Module) > Invalid Switch: res...lscbase370.cab (Windows Live Safety Center Base Module) < O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) > Invalid Switch: OnlineScanner.cab (Reg Error: Key error.) < O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) > Invalid Switch: gp.cab (Reg Error: Key error.) < O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell - "" = AutoRun > < O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun - "" = Auto&Play > < O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a > < O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell - "" = AutoRun > < O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun - "" = Auto&Play > < O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun\command - "" = D:\OEMBranding.exe > < O33 - MountPoints2\Z\Shell - "" = AutoRun > < O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play > < O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 > < [2013/10/27 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software > Invalid Switch: 27 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software < @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 > < > < :Files > < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. < > < :commands > < [emptytemp] > < [purity] > < [RESETHOSTS] > ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report > I have had a go at re-running the fix ( but I'm not sure it is working ) I deleted Malwarebytes, but I think it still froze up :confused: I'll try one more time to run the fix with OTL and get back to You. Cheers.

Helo Starbuck, I'm affraid I made a mess of Your instuctions. My blood sugars went very low before I was aware of it. Any way I had a 3 in 1 coffee and a bit of chcolate, once feeling a bit better. ( I don't think that helped very much ? ) The first time I run JRT, I didn't turn off My anti virus and The OLT "I done a scan and not a fix" I re-done them, but that has lost the first re-start point. and the original logs from JRT and OTL. This is what is showing now. I could roll back to the 9th and start again if You wish ?. Here's the logs I have at the momment :( ................. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Microsoft Windows XP x86 Ran by the boss on 12/01/2014 at 13:21:23.01 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 12/01/2014 at 13:26:45.25 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I'll grab an OTL one now.

Could You please take a look at these logs, and tell Me if I need to do anything else Please. I did run SAS a few times and avira. But untill I run mawarebytes, avira didn't show Yesterdays baddies ?. ........................ Malawarebytes log. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.11.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 the boss :: FRONTROOM [administrator] 11/01/2014 21:57:11 mbam-log-2014-01-11 (21-57-11).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 343704 Time elapsed: 3 hour(s), 29 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 7 C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000077.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000079.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000080.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000081.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000082.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000103.dll (PUP.Optional.Wajam) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E9C43D59-A40F-4ACE-A02F-7357906EACB5}\RP1\A0000104.exe (PUP.Optional.Wajam) -> Quarantined and deleted successfully. (end) ....................... OTL logfile created on: 12/01/2014 02:44:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\the boss\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 989.48 Mb Total Physical Memory | 666.61 Mb Available Physical Memory | 67.37% Memory free 1.21 Gb Paging File | 0.75 Gb Available in Paging File | 61.96% Paging File free Paging file location(s): C:\pagefile.sys 336 672 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 33.11 Gb Total Space | 15.16 Gb Free Space | 45.78% Space Free | Partition Type: NTFS Computer Name: FRONTROOM | User Name: the boss | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\the boss\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer Inc.) PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation) PRC - C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) PRC - C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe () PRC - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe () PRC - C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG) PRC - C:\Program Files\Ahead\InCD\incdsrv.exe (AHEAD Software) PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe () MOD - C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe () MOD - C:\Program Files\BroadJump\Client Foundation\CFD.exe () MOD - C:\Program Files\BroadJump\Client Foundation\TimerManager.DLL () MOD - C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.DLL () MOD - C:\Program Files\BroadJump\Client Foundation\AppProperties.DLL () MOD - C:\Program Files\BroadJump\Client Foundation\Marshaller.dll () MOD - C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll () MOD - C:\Program Files\BroadJump\Client Foundation\BJComRT.dll () MOD - C:\WINDOWS\system32\stlport_4_0_0_DDR.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SRV - (FspadSvc) -- C:\Program Files\AVC Finger-sensing Pad Driver\FspadSvr.exe () SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\incdsrv.exe (AHEAD Software) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (k750obex) -- system32\DRIVERS\k750obex.sys File not found DRV - (k750mgmt) -- system32\DRIVERS\k750mgmt.sys File not found DRV - (k750mdm) -- system32\DRIVERS\k750mdm.sys File not found DRV - (k750mdfl) -- system32\DRIVERS\k750mdfl.sys File not found DRV - (k750bus) -- system32\DRIVERS\k750bus.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOCUME~1\wayne\LOCALS~1\Temp\catchme.sys File not found DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions) DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola) DRV - (SISNICXP) -- C:\WINDOWS\system32\drivers\sisnicxp.sys (SiS Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation) DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation) DRV - (qkbfiltr) -- C:\WINDOWS\system32\drivers\qkbfiltr.sys (Quanta Computer, Inc.) DRV - (fspad) -- C:\WINDOWS\system32\drivers\fspad.sys (Asia Vital Components Co.,Ltd.) DRV - (qmofiltr) -- C:\WINDOWS\system32\drivers\qmofiltr.sys (Quanta Computer, Inc.) DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation) DRV - (InCDrec) -- C:\WINDOWS\System32\drivers\incdrec.sys (Ahead Software AG) DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\incdpass.sys (Ahead Software) DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\incdfs.sys () DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys (Logitech Inc.) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{1AB9E258-1622-499D-9B70-E06C8CCB79C6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{6638B77B-D0DF-461F-9133-220D6020A463}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{9D9EFC7F-8E7D-4CF9-80C4-ECEB6B6FD37F}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{BF1521BC-70FF-4303-9EC1-21ACA993D9BD}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{C60EBE12-0A1D-4B8B-82D6-5CFD294BE6C7}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKLM\..\SearchScopes\{DBF4149D-43D5-4B05-A96F-6B51870D738F}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = IE - HKCU\..\SearchScopes,DefaultScope = {77AA745B-F4F8-45DA-9B14-61D2D95054C8} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{25E0768B-6F96-40D2-9DA9-79C70260C4B8}: "URL" = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{5F73C9FE-755D-49CD-8C8B-034C82732AB3}: "URL" = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{A4002216-F71B-4F3E-854B-03A3FA149AB0}: "URL" = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{B909E871-1F49-4D21-AEB2-98823825B616}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{C02A4BE6-7476-4A95-B030-419A9F09FBEB}: "URL" = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{CC0D0CF2-665C-4255-BE0C-1BBC2B661B79}: "URL" = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c IE - HKCU\..\SearchScopes\{ED5D69C1-8340-438F-A1BD-75E72A38D2B0}: "URL" = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) [2013/12/10 20:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions ========== Chrome ========== CHR - homepage: http://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtD0CtDzy0F0EtAyB0FtDtAtC0F0ByEtN0D0Tzu0SyByEtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1916909073&ir= CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Drive = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: WOT = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.0.17_0\ CHR - Extension: WOT = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.1.1_0\ CHR - Extension: YouTube = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\ CHR - Extension: Adblock Plus = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0\ CHR - Extension: Google Search = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\ CHR - Extension: Gmail = C:\Documents and Settings\the boss\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2014/01/04 01:30:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe () O4 - HKLM..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\FsCp.exe () O4 - HKLM..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG) O4 - HKLM..\Run: [Keyboard Manager Utility] C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer Inc.) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342012978515 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://fdl.msn.com/public/chat/msnchat45.cab (MSN Chat Control 4.5) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{543330AD-2D59-4599-BF95-E62FDE47BA3E}: DhcpNameServer = 194.168.4.100 194.168.8.100 O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/09/09 17:51:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell - "" = AutoRun O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9f0520da-38ca-11de-b516-00c09fe37f03}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f5e1c791-313e-11da-ab7c-806d6172696f}\Shell\AutoRun\command - "" = D:\OEMBranding.exe O33 - MountPoints2\Z\Shell - "" = AutoRun O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\Z\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^wayne^Start Menu^Programs^Startup^wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe - (Microsoft® Corporation) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2014/01/11 23:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2014/01/11 23:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2014/01/11 21:32:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\the boss\Recent [2014/01/11 21:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Local Settings\Application Data\Meltytech [2014/01/11 20:39:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\the boss\My Documents\picvids [2014/01/11 20:33:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\the boss\My Documents\wayne music [2014/01/11 20:13:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\to adust window up-dater (bits) [2014/01/11 19:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\MOGS [2014/01/11 19:14:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\the boss\My Documents\my pictures 1 [2014/01/11 19:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\My Playlists [2014/01/11 15:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\2013-10-18, Grace [2014/01/11 15:05:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\2010 me [2014/01/11 15:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\History [2014/01/11 13:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\waynemorris112183024717 [2014/01/11 13:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\dogs2 [2014/01/11 13:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\My Documents\pdf files [2014/01/11 12:52:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\the boss\Desktop\OTL.scr [2014/01/10 00:16:18 | 000,000,000 | ---D | C] -- C:\SUPERDelete [2014/01/09 21:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Application Data\DigitalSites [2014/01/05 12:24:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2014/01/04 19:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2014/01/04 01:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2014/01/04 01:13:25 | 000,000,000 | RHSD | C] -- C:\cmdcons [2014/01/04 01:05:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2014/01/02 13:34:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2014/01/02 11:05:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/01/02 00:05:51 | 000,000,000 | ---D | C] -- C:\FRST [2013/12/17 16:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Application Data\SUPERAntiSpyware.com [2013/12/15 23:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\the boss\Application Data\Avira [2013/12/14 23:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware [2013/12/14 23:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2013/12/14 23:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/12/13 03:25:04 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Repair [2013/12/13 03:12:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira [2013/12/13 03:12:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2013/12/13 03:12:08 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013/12/13 03:12:08 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013/12/13 03:12:08 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013/12/13 03:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013/12/13 03:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira ========== Files - Modified Within 30 Days ========== [2014/01/12 02:16:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2014/01/12 02:12:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014/01/11 20:17:08 | 000,000,292 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\to adjust window auto up-dates.rtf [2014/01/11 20:15:32 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\the boss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014/01/11 13:54:50 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2014/01/11 12:52:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\the boss\Desktop\OTL.scr [2014/01/09 21:01:12 | 000,000,005 | ---- | M] () -- C:\Documents and Settings\the boss\Application Data\WBPU-TTL.DAT [2014/01/09 21:01:11 | 000,000,106 | ---- | M] () -- C:\Documents and Settings\the boss\Application Data\WB.CFG [2014/01/09 12:24:22 | 000,002,199 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\retired thoughts.rtf [2014/01/04 01:30:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2014/01/04 01:13:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013/12/26 20:29:04 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI [2013/12/22 12:46:18 | 001,028,034 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\firefox bookmarks.html [2013/12/21 16:49:56 | 000,093,316 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\MPs that voted against food bank inquiry.rtf [2013/12/18 02:19:12 | 000,001,313 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\penning oral % to be met.rtf [2013/12/18 02:13:10 | 000,133,878 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\PIP oral hc911.rtf [2013/12/16 12:22:16 | 000,000,325 | ---- | M] () -- C:\Documents and Settings\the boss\My Documents\find BITS in windows start and run.rtf [2013/12/14 23:32:57 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/12/13 03:12:58 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk [2013/12/13 03:00:26 | 000,153,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2014/01/11 20:40:22 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\262.rtf [2014/01/11 14:40:05 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\find BITS in windows start and run.rtf [2014/01/11 14:39:47 | 005,742,396 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Macy Gray I Try.wma [2014/01/11 14:39:28 | 003,174,852 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Hu_s_on_First.wmv [2014/01/11 14:38:54 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\home swappers emails.rtf [2014/01/11 14:38:20 | 000,007,117 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\how could you.rtf [2014/01/11 14:37:06 | 001,028,034 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\firefox bookmarks.html [2014/01/11 14:34:09 | 000,000,194 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\marxbrosvid.rtf [2014/01/11 14:27:43 | 000,000,335 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mine.rtf [2014/01/11 14:27:18 | 000,006,373 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\cameron.rtf [2014/01/11 14:27:18 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\CARE HOME PETITION.rtf [2014/01/11 14:27:14 | 000,000,881 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\dads obituary.rtf [2014/01/11 14:27:14 | 000,000,197 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\appeal video.rtf [2014/01/11 14:25:24 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Kasperksky.rtf [2014/01/11 14:21:17 | 000,011,709 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\IDS at autswitch.rtf [2014/01/11 14:18:57 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Mcv.rtf [2014/01/11 14:14:14 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\council tax.rtf [2014/01/11 14:13:46 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\dads family.rtf [2014/01/11 14:13:09 | 000,010,783 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\calums list1.rtf [2014/01/11 14:13:09 | 000,006,067 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\calums list.rtf [2014/01/11 14:13:09 | 000,004,680 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\calums list2.rtf [2014/01/11 14:12:43 | 000,011,782 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Calum and peters list.rtf [2014/01/11 14:12:03 | 000,011,867 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\blair.rtf [2014/01/11 14:11:18 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\to adjust window auto up-dates.rtf [2014/01/11 14:10:40 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\100 tory **** ups.rtf [2014/01/11 14:08:59 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mirosoft update fixer.rtf [2014/01/11 14:07:06 | 000,093,316 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\MPs that voted against food bank inquiry.rtf [2014/01/11 14:04:22 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mums obituary.rtf [2014/01/11 14:04:22 | 000,000,266 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Nelson passed away.rtf [2014/01/11 14:03:54 | 000,071,914 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\parliament.rtf [2014/01/11 14:03:54 | 000,037,033 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\paedos.rtf [2014/01/11 14:03:01 | 000,031,278 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\petes list.rtf [2014/01/11 13:54:50 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2014/01/11 13:31:15 | 000,000,341 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\New Playlist.wpl [2014/01/11 13:30:07 | 000,005,159 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Now Playing.wpl [2014/01/11 13:30:07 | 000,001,963 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\HIS.wpl [2014/01/11 13:30:07 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\mine.wpl [2014/01/11 13:30:07 | 000,000,346 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\Untitled Playlist.wpl [2014/01/11 13:14:37 | 000,069,897 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\0539c9a8-ed62-4af3-b0ff-f9b107d151cc_zpsec3eaa2f.jpg [2014/01/09 21:01:12 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\the boss\Application Data\WBPU-TTL.DAT [2014/01/09 21:01:07 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\the boss\Application Data\WB.CFG [2014/01/09 13:31:27 | 000,006,008 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\the Mccann case.rtf [2014/01/09 12:24:22 | 000,002,199 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\retired thoughts.rtf [2014/01/04 01:13:34 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2014/01/04 01:13:28 | 000,260,272 | RHS- | C] () -- C:\cmldr [2013/12/26 20:29:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2013/12/18 02:19:12 | 000,001,313 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\penning oral % to be met.rtf [2013/12/18 02:13:10 | 000,133,878 | ---- | C] () -- C:\Documents and Settings\the boss\My Documents\PIP oral hc911.rtf [2013/12/14 23:32:57 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/12/13 03:12:58 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk [2012/09/27 10:01:09 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\the boss\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/15 10:51:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2010/12/23 22:10:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\the boss\Application Data\wklnhst.dat [2006/12/14 08:05:35 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html ========== ZeroAccess Check ========== [2005/09/09 17:56:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/10/27 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2007/07/11 23:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames [2007/07/12 20:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear [2013/03/01 23:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses [2006/04/08 12:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\******* [2008/10/30 16:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca [2014/01/11 10:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2014/01/09 21:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\DigitalSites [2012/05/24 13:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\ElevatedDiagnostics [2010/12/12 00:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Opera [2012/05/02 20:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Oracle [2005/09/09 21:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\SampleView [2014/01/09 11:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\SumatraPDF [2012/09/11 09:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Template [2009/12/29 05:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\the boss\Application Data\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== ========== Drive Information ========== Physical Drives --------------- Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media Interface type: IDE Media Type: Fixed\thard disk media Model: FUJITSU MHT2040AT Partitions: 2 Status: OK Status Info: 0 Partitions --------------- DeviceID: Disk #0, Partition #0 PartitionType: Installable File System Bootable: True BootPartition: True PrimaryPartition: True Size: 33.00GB Starting Offset: 4449876480 Hidden sectors: 0 DeviceID: Disk #0, Partition #1 PartitionType: Unknown Bootable: False BootPartition: False PrimaryPartition: True Size: 4.00GB Starting Offset: 32256 Hidden sectors: 0 < %SYSTEMDRIVE%\*.* > [2005/09/09 17:51:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/04/16 15:47:34 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2014/01/04 01:13:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2006/12/12 21:24:45 | 000,033,553 | ---- | M] () -- C:\caavsetupLog.txt [2006/12/13 01:44:30 | 000,015,012 | ---- | M] () -- C:\caisslog.txt [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2014/01/04 01:35:38 | 000,010,929 | ---- | M] () -- C:\ComboFix.txt [2005/09/09 17:51:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2005/09/09 17:51:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007/02/05 23:05:52 | 000,001,647 | -H-- | M] () -- C:\IPH.PH [2005/09/12 17:45:51 | 000,000,021 | ---- | M] () -- C:\LOCAL [2010/05/02 12:50:14 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt [2005/09/12 17:45:51 | 000,000,021 | ---- | M] () -- C:\MINI [2005/09/09 17:51:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/08/23 11:27:08 | 000,250,048 | RHS- | M] () -- C:\ntldr [2014/01/12 02:11:35 | 352,321,536 | -HS- | M] () -- C:\pagefile.sys [2009/03/27 22:27:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm [2009/03/28 13:08:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm [2009/03/28 14:37:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2009/03/29 16:37:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2009/05/14 17:45:46 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm [2009/05/15 21:10:28 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm [2009/05/21 02:36:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm [2009/05/24 10:40:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm [2009/05/24 10:42:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2009/06/02 00:07:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm [2009/06/02 23:04:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm [2009/06/03 00:10:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm [2009/06/15 03:54:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2009/03/27 22:27:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm [2009/03/28 13:08:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2009/03/28 14:37:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2009/03/29 16:37:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2009/05/14 17:45:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2009/05/15 21:10:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2009/05/21 02:36:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2009/05/24 10:40:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2009/05/24 10:42:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2009/06/02 00:07:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2009/06/02 23:04:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2009/06/03 00:10:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2009/06/15 03:54:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2005/09/09 10:43:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2005/09/09 10:43:42 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2005/09/09 10:43:42 | 000,872,448 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/01/26 06:21:10 | 000,038,000 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -rb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -hb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.0\accdef.exe -sb [2005/01/26 06:20:26 | 000,016,496 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.0\aol.exe [2005/01/26 06:21:10 | 000,038,000 | ---- | M] (America Online, Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/10/29 06:15:36 | 000,174,592 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" < > [2005/09/09 17:38:39 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini [2005/09/09 17:54:19 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report > ............................. extra OTL Extras logfile created on: 12/01/2014 02:44:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\the boss\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 989.48 Mb Total Physical Memory | 666.61 Mb Available Physical Memory | 67.37% Memory free 1.21 Gb Paging File | 0.75 Gb Available in Paging File | 61.96% Paging File free Paging file location(s): C:\pagefile.sys 336 672 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 33.11 Gb Total Space | 15.16 Gb Free Space | 45.78% Space Free | Partition Type: NTFS Computer Name: FRONTROOM | User Name: the boss | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.) "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{373B90E1-A28C-434C-92B6-7281AFA6115A}" = WOT for Internet Explorer "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{55aab41f-5d5c-abdf-4568-baef76587bd7}.sdb" = CVE-2013-3893 "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Roxio Burn Engine "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT "{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}" = Keyboard Manager Utility "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = AVC Finger-sensing Pad Driver "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "Avira AntiVir Desktop" = Avira Free Antivirus "BroadJump Client Foundation" = BroadJump Client Foundation "CCleaner" = CCleaner "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InCD!UninstallKey" = Ahead InCD "InstallShield_{C99EF05C-A49C-4C8C-902B-BD4B96A6F3A8}" = Keyboard Manager Utility "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM "NeroVision!UninstallKey" = Ahead NeroVision Express "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "SiS VGA Driver" = SiS VGA Utilities "SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver "SpywareBlaster_is1" = SpywareBlaster 5.0 "StreetPlugin" = Learn2 Player (Uninstall Only) "SumatraPDF" = SumatraPDF 2.4 "VLC media player" = VLC media player 2.1.2 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/12/2013 10:19:49 | Computer Name = FRONTROOM | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 12/12/2013 12:36:22 | Computer Name = FRONTROOM | Source = Application Hang | ID = 1002 Description = Hanging application helpctr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/12/2013 12:44:55 | Computer Name = FRONTROOM | Source = Application Hang | ID = 1001 Description = Fault bucket 724433971. Error - 12/12/2013 13:46:39 | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 10005 Description = Product: Microsoft Baseline Security Analyzer 2.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2755. The arguments are: 3, C:\Documents and Settings\wayne\Local Settings\Temporary Internet Files\Content.IE5\UL9F3QNA\MBSASetup-x86-EN[1].msi, Error - 13/12/2013 00:57:42 | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 10005 Description = Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: Internet Explorer Error - 13/12/2013 00:58:54 | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 10005 Description = Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: Internet Explorer Error - 13/12/2013 01:00:35 | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 10005 Description = Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: Internet Explorer Error - 13/12/2013 01:00:44 | Computer Name = FRONTROOM | Source = MsiInstaller | ID = 10005 Description = Product: Avira SearchFree Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: Internet Explorer Error - 20/12/2013 05:06:06 | Computer Name = FRONTROOM | Source = VSS | ID = 8193 Description = Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007041d. Error - 11/01/2014 17:18:04 | Computer Name = FRONTROOM | Source = Application Hang | ID = 1002 Description = Hanging application shotcut-win32-140110.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 09/01/2014 13:02:08 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 09/01/2014 13:02:08 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 09/01/2014 13:02:09 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 09/01/2014 13:02:09 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 09/01/2014 13:02:09 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 09/01/2014 13:02:09 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 09/01/2014 13:02:09 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7023 Description = The Application Management service terminated with the following error: %%126 Error - 09/01/2014 17:14:52 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect. Error - 09/01/2014 17:14:52 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7000 Description = The IMAPI CD-Burning COM Service service failed to start due to the following error: %%1053 Error - 11/01/2014 22:15:17 | Computer Name = FRONTROOM | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde < End of report >

Thanks Etavares, I'll check it next time I'm over there.

I went to My Sons today, to up-date his adobe flash, spywareblaster and firefox. I managed to up-date spywareblaster then avast said I needed to update it. I was offered the basic free one or buy/trail one, I just updated the free one. I took the ticks out of the mcafee and something else. then done all the updates. I decided to do a quick scan with avast, it come up with 1 threat. windows \ dyfucadi.ocx win32:trojan-gen. I put it in the chest, as I've never used avast before. Then tried to close avast, but it said it would scan and re-boot then close. took about 1/2 hour or so. Do You know if I need to do anything else, when I next go over. thank you.