Slumdog Posted June 7, 2011 Posted June 7, 2011 Hello again! My own laptop is now running perfectly, touch wood! These are the reports from my fathers, which is so slow it's like I'm back in 1998! Although it runs on the same wi-fi as mine. It took 12 minutes to navigate to this page! It is XP and is used for his work, but his IT office do not help at all with cleaning etc. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6672 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 25/05/2011 13:01:54 mbam-log-2011-05-25 (13-01-54).txt Scan type: Quick scan Objects scanned: 161443 Time elapsed: 54 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 46 Registry Values Infected: 5 Registry Data Items Infected: 4 Folders Infected: 36 Files Infected: 396 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Miracle (PUP.PerfectOptimizer) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Folders Infected: c:\documents and settings\alan smith\application data\RegTool (Rogue.RegTool) -> Delete on reboot. c:\documents and settings\alan smith\application data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew (Rogue.RegTool) -> Delete on reboot. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470 (Rogue.RegTool) -> Delete on reboot. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-06 14-20-340 (Rogue.RegTool) -> Delete on reboot. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-06 14-25-530 (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-07 12-38-390 (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-11 13-11-160 (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Results (Rogue.RegTool) -> Quarantined and deleted successfully. c:\program files\funwebproducts (Adware.MyWebSearch) -> Delete on reboot. c:\program files\funwebproducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Search (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\perfect optimizer (PUP.PerfectOptimizer) -> Not selected for removal. c:\program files\perfect optimizer\Backup (PUP.PerfectOptimizer) -> Not selected for removal. c:\program files\perfect optimizer\Backup\application (PUP.PerfectOptimizer) -> Not selected for removal. c:\program files\perfect optimizer\Backup\Registry (PUP.PerfectOptimizer) -> Not selected for removal. c:\program files\perfect optimizer\Backup\Registry\firstbackup (PUP.PerfectOptimizer) -> Not selected for removal. c:\program files\perfect optimizer\Backup\Registry\fullbackup (PUP.PerfectOptimizer) -> Not selected for removal. c:\program files\perfect optimizer\Backup\Service (PUP.PerfectOptimizer) -> Not selected for removal. c:\program files\perfect optimizer\Data (PUP.PerfectOptimizer) -> Not selected for removal. c:\program files\perfect optimizer\Data\Service (PUP.PerfectOptimizer) -> Not selected for removal. c:\program files\perfect optimizer\Temp (PUP.PerfectOptimizer) -> Not selected for removal. Files Infected: c:\program files\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\regtool scan.job (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\spy_ignore.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Logs\2009-05-05 16-00-040.log (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Logs\2009-05-05 16-59-450.log (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Logs\2009-05-06 09-40-210.log (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Logs\2009-05-06 12-00-050.log (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Logs\2009-05-06 12-00-070.log (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Logs\2009-05-07 12-00-060.log (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Logs\2009-05-07 12-00-080.log (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Logs\2009-05-08 12-00-100.log (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Logs\2009-05-08 12-00-140.log (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Logs\2009-05-09 12-00-050.log (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Logs\2009-05-09 12-00-080.log (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Logs\2009-05-11 12-00-070.log (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Logs\2009-05-11 12-00-120.log (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Logs\2009-05-12 12-00-040.log (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Logs\2009-05-12 12-00-070.log (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-250.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-251.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-252.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-253.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-254.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-255.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-256.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-257.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-258.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-259.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-260.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-261.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-262.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-263.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-264.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-265.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-266.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-267.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-132.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-150.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-169.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-187.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-204.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-222.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-268.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-286.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-303.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-124.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-125.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-126.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-127.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-128.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-129.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-130.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-131.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-133.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-134.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-135.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-136.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-137.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-138.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-139.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-140.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-141.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-142.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-143.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-144.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-145.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-146.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-147.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-148.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-149.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-151.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-152.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-153.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-154.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-155.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-156.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-157.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-158.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-159.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-160.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-161.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-162.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-163.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-164.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-165.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-166.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-167.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-168.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-170.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-171.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-172.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-173.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-174.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-175.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-176.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-177.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-178.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-179.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-180.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-181.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-182.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-183.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-184.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-185.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-186.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-188.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-189.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-190.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-191.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-192.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-193.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-194.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-195.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-196.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-197.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-198.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-199.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-200.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-201.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-202.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-203.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-205.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-206.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-207.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-208.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-209.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-210.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-211.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-212.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-213.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-214.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-215.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-216.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-217.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-218.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-219.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-220.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-221.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-223.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-224.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-225.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-226.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-227.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-228.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-229.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-230.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-231.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-232.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-233.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-234.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-235.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-236.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-237.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-238.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-239.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-240.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-241.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-242.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-243.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-244.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-245.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-246.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-247.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-248.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-249.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-269.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-270.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-271.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-272.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-273.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-274.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-275.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-276.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-277.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-278.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-279.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-280.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-281.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-282.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-283.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-284.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-285.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-287.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-288.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-289.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-290.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-291.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-292.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-293.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-294.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-295.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-296.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-297.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-298.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-299.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-300.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-301.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-302.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-304.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-305.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-306.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-307.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-308.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-309.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-310.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-311.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-312.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-313.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-314.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-315.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-316.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-317.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-318.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-319.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-05 16-25-470\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-06 14-20-340\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-06 14-25-530\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-07 12-38-390\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-07 12-38-390\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-07 12-38-390\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-07 12-38-390\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-07 12-38-390\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\quarantinew\2009-05-11 13-11-160\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Results\Evidence.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Results\Junk.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Results\Registry.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\documents and settings\alan smith\application data\RegTool\Results\Update.db (Rogue.RegTool) -> Quarantined and deleted successfully. c:\program files\funwebproducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\screensaver\Images\0098D78D.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Shared\Cache\cursormaniabtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Shared\Cache\mailstampbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Shared\Cache\mystationerybtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Shared\Cache\smileycentralbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\m3ffxtbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\m3ntstbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\mwsoestb.dll.vzr (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\0003559C (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\00039768 (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\00056A7C (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\001529D4 (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\001BAB95 (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\001BAD3A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\001BAD9E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\001BADF8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\001BAEDE.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\001BB01F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\00529895.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\0052A0C2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\0052A13A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\0052A180.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\018CCCE8 (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Search\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\perfect optimizer\License.ini (PUP.PerfectOptimizer) -> Not selected for removal. c:\program files\perfect optimizer\Data\JunkFile.txt (PUP.PerfectOptimizer) -> Not selected for removal. c:\program files\perfect optimizer\Data\RegClean.txt (PUP.PerfectOptimizer) -> Not selected for removal. OTL and Extras to follow. Quote
ExTS Admin Starbuck Posted June 7, 2011 ExTS Admin Posted June 7, 2011 Hi again Slumdog I take it this is the MBAM log that showed the infections that you spoke of. Have you run an up to date scan? MBAM has been updated 129 times since that report. I'll wait for the OTL reports. Quote Member of:UNITE
Slumdog Posted June 7, 2011 Author Posted June 7, 2011 (edited) Doing it now, well, it's taken 4 hours so far. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6798 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 07/06/2011 21:37:34 mbam-log-2011-06-07 (21-37-34).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 231992 Time elapsed: 3 hour(s), 42 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\program files\uusee\uuseetemp\uuplayer_update\uusee_setup_2007_final.exe (PUP.Uusee) -> Quarantined and deleted successfully. Edited June 7, 2011 by Slumdog Quote
Slumdog Posted June 8, 2011 Author Posted June 8, 2011 OTL logfile created on: 07/06/2011 21:56:57 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Alan Smith\Desktop Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 758.48 Mb Total Physical Memory | 357.14 Mb Available Physical Memory | 47.09% Memory free 1.43 Gb Paging File | 1.06 Gb Available in Paging File | 73.95% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 39.02 Gb Total Space | 6.92 Gb Free Space | 17.73% Space Free | Partition Type: NTFS Drive D: | 16.85 Gb Total Space | 16.79 Gb Free Space | 99.62% Space Free | Partition Type: NTFS Computer Name: NFRNTABLET11 | User Name: Alan Smith | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Alan Smith\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\WINDOWS\system32\digtizer.exe (WACOM) PRC - C:\Program Files\Fujitsu\Utils\FjDspMon.exe (Fujitsu PC Corporation) PRC - C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP) PRC - C:\Program Files\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.) PRC - C:\WINDOWS\AntSwitch.exe (Fujitsu Siemens Computers) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Alan Smith\Desktop\OTL.scr (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Inc.) ========== Win32 Services (SafeList) ========== SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (vvdsvc) -- C:\WINDOWS\system32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (Digitizer) -- C:\WINDOWS\system32\digtizer.exe (WACOM) SRV - (HP Port Resolver) -- C:\WINDOWS\system32\hpbpro.exe (Hewlett-Packard Company) SRV - (HP Status Server) -- C:\WINDOWS\system32\hpboid.exe (Hewlett-Packard Company) SRV - (btwdins) -- C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (n558) -- C:\WINDOWS\system32\drivers\n558.sys () DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (hidpen) -- C:\WINDOWS\system32\drivers\hidpen.sys (Wacom Co., Ltd) DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.) DRV - (OZSCR) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro) DRV - (CONAN) -- C:\WINDOWS\system32\drivers\o2mmb.sys (O2 Micro ) DRV - (MbxStby) -- C:\WINDOWS\system32\drivers\MbxStby.sys (O2 Micro) DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (WIDCOMM, Inc.) DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (WIDCOMM, Inc.) DRV - (BTSLBCSP) -- C:\WINDOWS\system32\drivers\btslbcsp.sys (WIDCOMM, Inc.) DRV - (BTKRNL) -- C:\windows\system32\drivers\btkrnl.sys (WIDCOMM, Inc.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (WIDCOMM, Inc.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (WIDCOMM, Inc.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (WIDCOMM, Inc.) DRV - (cdrbsdrv) -- C:\windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation) DRV - (Fjbtndrv) -- C:\WINDOWS\system32\drivers\FjBtndrv.sys (Fujitsu PC Corporation) DRV - (FUJ02E1) -- C:\WINDOWS\system32\drivers\FUJ02E1.sys (Fujitsu Limited) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) DRV - (FUJ02B1) -- C:\WINDOWS\system32\drivers\fuj02b1.sys (FUJITSU LIMITED) DRV - (Aspi32) -- C:\windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 04 EB 0C 2A F9 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 169.254.*.* ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/10/14 14:31:46 | 000,000,000 | ---D | M] [2009/05/07 11:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alan Smith\Application Data\Mozilla\Firefox\Profiles\cibkoitq.default\extensions [2008/06/10 16:09:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Alan Smith\Application Data\Mozilla\Firefox\Profiles\cibkoitq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/11/24 15:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008/05/04 12:06:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/26 14:15:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{422112EB-BC81-4FF3-A751-D14968EB3BC3} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\REAL-NETWORKS@PARTNERS.MOZILLA.COM File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG File not found (No name found) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (no name) - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\windows\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe (Fujitsu PC Corporation) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP) O4 - Startup: C:\Documents and Settings\Alan Smith\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntSwitch.lnk = C:\WINDOWS\AntSwitch.exe (Fujitsu Siemens Computers) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra Button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - File not found O9 - Extra 'Tools' menuitem : ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - File not found O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - Reg Error: Value error. File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macromedia.com/director/cabs/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://194.168.163.96/activex/AxisCamControl.cab (CamImage Class) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.tvucricket.com/player/vjocx-en-black.cab (VodClient Control Class) O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab (FlashXControl Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} http://www.179169.com/pCastCtl_1.0.0.89_20080808.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\windows\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\windows\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Documents and Settings\Alan Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alan Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: LanmanWorkstation - File not found NetSvcs: Messenger - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "WMPNetworkSvc" MsConfig - Services: "gusvc" MsConfig - Services: "gupdate1c9d31333ce2850" MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - Reg Error: Value error. - File not found MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: FjEvents - hkey= - key= - C:\Program Files\Fujitsu\Utils\FjEvents.exe (Fujitsu Computer Systems Corporation) MsConfig - StartUpReg: Fujitsu Menu - hkey= - key= - C:\Program Files\Fujitsu\Utils\FjMnuIco.exe () MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.) MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe () MsConfig - StartUpReg: LVCOMSX - hkey= - key= - C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.) MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: NapsterShell - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: Octoshape Streaming Services - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: OM_Monitor - hkey= - key= - C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.) MsConfig - StartUpReg: ppmate - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: swg - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: TabletTip - hkey= - key= - C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe (Microsoft Corporation) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point (30131377424826368) ========== Files/Folders - Created Within 30 Days ========== [2011/06/07 21:54:59 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alan Smith\Desktop\OTL.scr [2011/06/07 17:36:40 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alan Smith\Desktop\TFC.exe [2011/05/25 13:03:43 | 000,000,000 | ---D | C] -- C:\Avenger [2011/05/25 11:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan Smith\Application Data\Malwarebytes [2011/05/25 11:53:16 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/05/25 11:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/25 11:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/05/25 11:53:08 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/05/25 11:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware ========== Files - Modified Within 30 Days ========== [2317/03/08 02:23:05 | 000,003,120 | ---- | M] () -- C:\windows\MF_C421.lfa [2317/03/08 02:23:05 | 000,003,120 | ---- | M] () -- C:\windows\MF_C420.lfa [2011/06/08 03:25:00 | 000,000,432 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{52548EC2-B4D7-439B-9623-1232966E9D66}.job [2011/06/08 02:32:02 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/07 21:55:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan Smith\Desktop\OTL.scr [2011/06/07 21:42:21 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl [2011/06/07 21:42:05 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011/06/07 21:41:49 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat [2011/06/07 21:41:41 | 795,398,144 | -HS- | M] () -- C:\hiberfil.sys [2011/06/07 17:36:51 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan Smith\Desktop\TFC.exe [2011/06/07 17:31:25 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/05/25 11:39:10 | 000,115,369 | ---- | M] () -- C:\windows\System32\drivers\klin.dat [2011/05/15 20:03:34 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Alan Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk [2011/05/11 11:47:17 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/05/11 11:38:03 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2317/03/08 02:23:05 | 000,003,120 | ---- | C] () -- C:\windows\MF_C421.lfa [2317/03/08 02:23:05 | 000,003,120 | ---- | C] () -- C:\windows\MF_C420.lfa [2011/05/25 11:53:17 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/14 14:33:20 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat [2010/10/14 14:33:20 | 000,097,859 | ---- | C] () -- C:\windows\System32\drivers\klick.dat [2009/11/24 16:16:05 | 000,000,432 | ---- | C] () -- C:\windows\System32\iolo.ini [2009/11/24 15:52:17 | 000,074,703 | ---- | C] () -- C:\windows\System32\mfc45.dll [2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\windows\System32\drivers\klopp.dat [2009/05/27 22:16:19 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat [2009/05/04 15:03:00 | 000,059,904 | ---- | C] () -- C:\windows\System32\zlib1.dll [2009/05/04 14:53:10 | 000,143,360 | ---- | C] () -- C:\windows\System32\libexpatw.dll [2008/11/06 15:51:12 | 000,000,338 | ---- | C] () -- C:\windows\wininit.ini [2008/11/06 15:47:25 | 000,003,654 | ---- | C] () -- C:\windows\System32\drivers\Sonyhcp.dll [2008/11/06 12:18:19 | 000,776,766 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate [2008/10/14 16:06:39 | 000,004,212 | -H-- | C] () -- C:\windows\System32\zllictbl.dat [2008/09/13 21:39:07 | 000,048,396 | ---- | C] () -- C:\windows\UninstVeetleTVPlayer.exe [2008/08/16 13:45:57 | 000,000,204 | ---- | C] () -- C:\windows\struct~.ini [2008/05/28 13:40:54 | 000,000,031 | -H-- | C] () -- C:\windows\UKCpInfo.sys [2008/05/04 12:11:34 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2008/04/05 10:33:12 | 000,096,577 | ---- | C] () -- C:\windows\hpqins16.dat [2007/12/03 01:29:51 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat [2007/10/07 15:12:40 | 000,022,334 | R--- | C] () -- C:\windows\System32\lvcoinst.ini [2007/08/15 08:27:18 | 000,009,600 | ---- | C] () -- C:\windows\System32\drivers\n558.sys [2007/03/21 15:20:43 | 000,107,520 | ---- | C] () -- C:\windows\System32\UnCasino5.exe [2006/09/13 12:06:10 | 000,045,056 | ---- | C] () -- C:\windows\System32\gtapi.dll [2006/08/11 13:28:16 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Alan Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/06/26 10:33:40 | 000,023,472 | ---- | C] () -- C:\windows\System32\drivers\LVPr2Mon.sys [2006/05/13 13:10:46 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/04/05 18:56:24 | 000,000,057 | ---- | C] () -- C:\windows\System32\peer.ini [2005/12/01 16:44:08 | 000,016,850 | ---- | C] () -- C:\windows\hpdj6800.ini [2005/12/01 16:44:02 | 000,005,506 | ---- | C] () -- C:\windows\hpf6800m.ini [2005/10/06 14:40:13 | 000,320,512 | ---- | C] () -- C:\windows\System32\w32mkde.exe [2005/10/06 14:40:13 | 000,110,080 | ---- | C] () -- C:\windows\System32\w32mkrc.dll [2005/10/06 11:46:14 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI [2005/10/05 22:00:36 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Alan Smith\Local Settings\Application Data\fusioncache.dat [2005/09/28 21:36:05 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini [2005/09/28 21:33:56 | 000,000,982 | ---- | C] () -- C:\windows\System32\oeminfo.ini [2004/09/13 22:13:29 | 000,001,385 | ---- | C] () -- C:\windows\hpfmdl6800.dat [2004/09/13 22:13:29 | 000,000,242 | ---- | C] () -- C:\windows\hpfins6800.dat [2004/08/13 17:07:50 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat [2004/08/13 16:59:12 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat [2004/08/13 09:52:31 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI [2004/08/13 09:51:25 | 000,281,336 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2004/08/12 12:28:11 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat [2004/08/12 12:28:07 | 000,444,156 | ---- | C] () -- C:\windows\System32\perfh009.dat [2004/08/12 12:28:07 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat [2004/08/12 12:28:07 | 000,071,970 | ---- | C] () -- C:\windows\System32\perfc009.dat [2004/08/12 12:28:07 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat [2004/08/12 12:28:06 | 000,004,499 | ---- | C] () -- C:\windows\System32\oembios.dat [2004/08/12 12:28:05 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin [2004/08/12 12:28:02 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat [2004/08/12 12:27:56 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat [2004/08/12 12:27:56 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin [2004/08/12 12:27:47 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat [2004/08/12 12:27:40 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin [2004/04/02 14:49:10 | 000,086,016 | ---- | C] () -- C:\windows\System32\btprn2k.dll [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll ========== LOP Check ========== [2005/10/06 14:40:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan Smith\Application Data\IBM [2005/11/08 17:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan Smith\Application Data\InterVideo [2009/11/25 11:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan Smith\Application Data\iolo [2009/04/10 15:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan Smith\Application Data\Nokia [2006/05/11 11:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan Smith\Application Data\OLYMPUS [2008/07/25 20:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan Smith\Application Data\PC Suite [2006/08/21 12:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan Smith\Application Data\PCTV4Me [2006/10/14 13:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan Smith\Application Data\PPLive [2006/10/28 14:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan Smith\Application Data\PPMate [2008/07/20 19:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alan Smith\Application Data\Ulead Systems [2007/04/18 16:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations [2009/10/16 17:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2010/10/14 13:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2008/10/14 16:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2008/07/31 20:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS [2008/07/31 19:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming [2009/05/06 14:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Miracle [2008/07/20 19:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster [2007/05/10 19:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2007/04/18 16:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2009/11/24 15:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2009/09/19 21:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/05/04 22:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2011/06/08 03:35:00 | 000,000,432 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{52548EC2-B4D7-439B-9623-1232966E9D66}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2003/06/10 13:18:54 | 000,005,608 | ---- | M] () -- C:\Alan.wgx [2011/06/07 21:41:41 | 795,398,144 | -HS- | M] () -- C:\hiberfil.sys [2009/07/02 16:29:44 | 000,000,066 | ---- | M] () -- C:\ICSYSINF.log [2007/12/12 20:39:34 | 000,007,203 | ---- | M] () -- C:\Install.LOG [2005/09/28 21:33:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2005/09/28 21:35:46 | 000,006,465 | ---- | M] () -- C:\Lang.txt [2008/09/06 12:51:06 | 000,005,069 | ---- | M] () -- C:\lvcoinst.log [2005/09/28 21:33:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/09/07 13:56:13 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/06/07 21:41:39 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys [2009/11/23 16:52:47 | 000,001,113 | ---- | M] () -- C:\rollback.ini [2005/11/25 13:02:46 | 027,262,976 | ---- | M] () -- C:\VIRTPART.DAT < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2002/08/29 11:41:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\jnwppr.dll [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll [2008/04/14 01:11:53 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll [2010/07/01 21:35:12 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\klogon.dll [2004/08/04 13:00:00 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm50.dll [2008/04/14 01:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl1.sys [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\kl2.sys [2010/10/14 15:10:05 | 000,475,736 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klif.sys [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klim5.sys [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\klmouflt.sys < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2004/08/13 09:47:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2004/08/13 09:47:44 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2004/08/13 09:47:44 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %PROGRAMFILES%\* > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\windows\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\windows\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\windows\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/05/06 20:50:10 | 001,010,232 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\windows\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\windows\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\windows\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < End of report > OTL Extras logfile created on: 07/06/2011 21:56:57 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Alan Smith\Desktop Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 758.48 Mb Total Physical Memory | 357.14 Mb Available Physical Memory | 47.09% Memory free 1.43 Gb Paging File | 1.06 Gb Available in Paging File | 73.95% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 39.02 Gb Total Space | 6.92 Gb Free Space | 17.73% Space Free | Partition Type: NTFS Drive D: | 16.85 Gb Total Space | 16.79 Gb Free Space | 99.62% Space Free | Partition Type: NTFS Computer Name: NFRNTABLET11 | User Name: Alan Smith | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "4635:TCP" = 4635:TCP:*:Enabled:ppLive "6329:UDP" = 6329:UDP:*:Enabled:ppLive "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPStream "C:\Program Files\PPLive\PPlive.exe" = C:\Program Files\PPLive\PPlive.exe:*:Enabled:PPLive "C:\Program Files\PPMate\PPMate\ppmate.exe" = C:\Program Files\PPMate\PPMate\ppmate.exe:*:Enabled:PPMate "C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail "C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail "C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail "C:\Program Files\Octoshape Streaming Services\Alan Smith\OctoshapeClient.exe" = C:\Program Files\Octoshape Streaming Services\Alan Smith\OctoshapeClient.exe:*:Disabled:OctoshapeClient "C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer "C:\WINDOWS\LMI11.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI11.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue "C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe" = C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe:*:Enabled:MediaCenter "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service "C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" = C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe:*:Enabled:iolo AntiVirus® "C:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe" = C:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe:*:Enabled:iolo AntiVirus® Email Protection ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{0510E9B6-C4C9-4C1D-8FE9-89EDDAA54958}" = Microsoft Reader "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband "{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 15 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4C85FA-E312-11D7-BCF5-00105A24FEA8}" = Mobile User VPN "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{5337BED2-73A0-4EB8-A33C-91DFD4C2F82D}" = Fujitsu Pen Service "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver "{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Fujitsu Siemens Computers Bluetooth Software "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{92E0213D-2D81-4AC0-B9E5-BCB3AB8C2F9E}" = HP Deskjet 6800 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4 "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master "{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1108168-3364-4F6F-B19E-1ECA24192164}" = Fujitsu Button Driver Component "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator "{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F94FD9EE-B0A7-47BE-8C96-72F693BE4299}" = Fujitsu Button Utilities "Adobe AIR" = Adobe AIR "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "DeskJet 6800 Installer" = HP Deskjet 6800 "Google Chrome" = Google Chrome "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "QcDrv" = Logitech® Camera Driver "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "William Hill Casino" = William Hill Casino "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Quote
ExTS Admin Starbuck Posted June 8, 2011 ExTS Admin Posted June 8, 2011 Hi Slumdog By the looks of things, we better get started. http://fc06.deviantart.net/fs4/i/2004/250/7/1/ROFL_by_b4sti.gif Step 1 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :otl DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = 169.254.*.* O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (no name) - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O9 - Extra Button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - File not found O9 - Extra 'Tools' menuitem : ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - File not found O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found O9 - Extra Button: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - Reg Error: Value error. File not found O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.) O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valueactive.com/Regi...18/flashax.cab (FlashXControl Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} http://www.179169.com/pCastCtl_1.0.0.89_20080808.cab (Reg Error: Key error.) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: NapsterShell - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: Octoshape Streaming Services - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: ppmate - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: swg - hkey= - key= - Reg Error: Value error. File not found [2317/03/08 02:23:05 | 000,003,120 | ---- | M] () -- C:\windows\MF_C421.lfa [2317/03/08 02:23:05 | 000,003,120 | ---- | M] () -- C:\windows\MF_C420.lfa :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 6 Update 26 and save it to your desktop. Scroll down to where it says "Java SE 6 Update 26". Click the "Download JRE" button to the right. Accept the license agreement. select 'Windows x86'offline from the list. Save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. . Java 6 Update 15 J2SE Runtime Environment 5.0 Update 2 . Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u26-windows-i586-p.exe to install the newest version. Step 3 Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. Vista/Win7 users should right click on the icon and select Run as Administrator. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista/Win7, you may not see the recovery console screens Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. In your next reply, please submit: Otl Fix Combofix.txt Thanks. Quote Member of:UNITE
Slumdog Posted June 8, 2011 Author Posted June 8, 2011 I've tried running Otl with the lines you gave me pasted in, but it keeps freezing (not responding) on line 03 and will not go any further. This has happened three times. Do any settings need changing on the Otl page? Quote
ExTS Admin Starbuck Posted June 8, 2011 ExTS Admin Posted June 8, 2011 Hi Slumdog, I can't see any reason for the Otl fix to freeze on an 03 line. Those lines are just orphans. ( leftovers) if the Otl fix won't run, carry on with the next steps. When you run Combofix, it will remove any orphan entries during it's scan. We'll have a look at the report and then take it from there. Quote Member of:UNITE
Slumdog Posted June 8, 2011 Author Posted June 8, 2011 Ok, so now I'm a bit concerned, Combofix ran then said-- Rebooting Windows . . . Please wait Please allow Combofix to reboot the machine WARNING!! Do not manually reboot the machine yourself. Well it's been like that for 45 minutes, albeit with the cursor flashing underneath, but hasn't done anything. I'll have to leave it like that over night and do whatever? in the morning. Quote
Slumdog Posted June 9, 2011 Author Posted June 9, 2011 Well, it's gone. The screen is just wallpaper with no desktop logos at all, nor the taskbar at the bottom. i.e nothing to click on whatsoever. Quote
ExTS Admin Starbuck Posted June 9, 2011 ExTS Admin Posted June 9, 2011 Hi Slumdog, Have you tried rebooting the system again? (it sounds like 'Explorer.exe' isn't running) If still nothing: Press the 3 keyboard keys... ctrl-alt-del. This will bring up the Task Manager. (In some cases it brings up the Windows Security dialog, but you can click on the Task Manager button from there to go where we need to be.) Once in the Task Manager, make sure you are on the "Processes" tab and then click on "File" in the Task Manager menu. Then select "New Task (Run...)" and type explorer.exe in the "open" field. Then click ok. See if this helps. If not: * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, a menu with options should appear; You will need to use the 'keyboard arrow keys' to navigate on this menu. * Select 'Use last known good configuration' then press "Enter". See if this get's you up and running again. Quote Member of:UNITE
Slumdog Posted June 9, 2011 Author Posted June 9, 2011 Hi again Starbuck! Ok, running combofix again, report to follow hopefully (writing this on my own laptop). One thing it did say when combofix was starting, it tried to install the Microsoft Windows Recovery Console, but this popped up-- "Boot partition cannot be enumerated correctly" so didn't install. Quote
Slumdog Posted June 9, 2011 Author Posted June 9, 2011 This is the report Combofix produced-- ComboFix 11-06-08.03 - Alan Smith 09/06/2011 18:37:48.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.758.418 [GMT 1:00] Running from: c:\documents and settings\Alan Smith\Desktop\Combo-fix.exe . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\windows\system32\drivers\FSC__PI__LIFEBOOK T4010__FUJITSU_FJNB18E__Default System BIOS_FUJ - 1040000_Version 1.04 .MRK c:\windows\system32\Nagasoft\Codecs\asyncflt.ax c:\windows\system32\Nagasoft\Codecs\atrc.dll c:\windows\system32\Nagasoft\Codecs\cook.dll c:\windows\system32\Nagasoft\Codecs\drvc.dll c:\windows\system32\Nagasoft\Codecs\raac.dll c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll c:\windows\system32\Nagasoft\GifShower.dll c:\windows\system32\Nagasoft\vjocx.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_STEC3 -------\Legacy_vvdsvc -------\Legacy_vvdsvc -------\Service_vvdsvc -------\Service_vvdsvc . . ((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 ))))))))))))))))))))))))))))))) . . 2011-06-08 22:49 . 2011-06-09 17:16 -------- d-----w- C:\Combo-fix 2011-06-08 22:28 . 2011-06-08 22:25 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-06-08 22:28 . 2011-06-08 22:25 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-08 20:20 . 2011-06-08 20:20 -------- d-----w- C:\_OTL 2011-05-25 10:54 . 2011-05-25 10:54 -------- d-----w- c:\documents and settings\Alan Smith\Application Data\Malwarebytes 2011-05-25 10:53 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-25 10:53 . 2011-05-25 10:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-25 10:53 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-25 10:53 . 2011-06-07 16:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-29 126976] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-07-02 163840] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 88363] "FjDspMon"="c:\program files\Fujitsu\Utils\FjDspMon.exe" [2004-10-14 20480] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-09-13 172032] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-10-14 352976] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Alan Smith\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-11-6 368640] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ AntSwitch.lnk - c:\windows\AntSwitch.exe [2005-11-2 28748] BTTray.lnk - c:\program files\Fujitsu Siemens\Bluetooth Software\BTTray.exe [2004-9-21 557123] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] 2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] 2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] 2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppmate HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FjEvents] 2004-12-16 14:08 20480 ----a-w- c:\program files\Fujitsu\Utils\FjEvents.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fujitsu Menu] 2004-12-16 14:10 32768 ----a-w- c:\program files\Fujitsu\Utils\FjMnuIco.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 15:24 54840 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2006-06-26 08:46 497200 ----a-w- c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2006-06-26 09:34 614960 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] 2006-06-26 09:33 243248 ----a-w- c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM_Monitor] 2006-05-16 17:50 40960 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletTip] 2008-04-14 00:12 271872 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\tabtip.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "gusvc"=2 (0x2) "gupdate1c9d31333ce2850"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4635:TCP"= 4635:TCP:ppLive "6329:UDP"= 6329:UDP:ppLive . R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/06/2010 17:43 11352] R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [28/09/2005 21:35 192608] R3 Fjbtndrv;Fujitsu LIFEBOOK T3000 Button Driver;c:\windows\system32\drivers\FjBtndrv.sys [20/06/2003 14:30 11392] R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [28/09/2005 21:35 6000] R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [28/09/2005 21:35 31104] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07/05/2010 12:06 32856] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472] R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [28/09/2005 21:35 92550] S2 gupdate1c9d31333ce2850;Google Update Service (gupdate1c9d31333ce2850);c:\program files\Google\Update\GoogleUpdate.exe [12/05/2009 16:06 133104] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/05/2009 16:06 133104] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [25/05/2011 11:53 39984] S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [28/09/2005 21:35 6324] S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [13/08/2004 09:54 14208] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] vvdsvc REG_MULTI_SZ vvdsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 15:05] . 2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 15:05] . 2011-06-09 c:\windows\Tasks\User_Feed_Synchronization-{52548EC2-B4D7-439B-9623-1232966E9D66}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = 169.254.*.* uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm IE: {{022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com IE: {{BAA37C20-5000-11DB-B0DE-0800200C9A66} TCP: DhcpNameServer = 192.168.0.1 DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - hxxp://www.179169.com/pCastCtl_1.0.0.89_20080808.cab . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-09 18:58 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1056) c:\windows\system32\WININET.dll c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll c:\windows\system32\ieframe.dll c:\program files\windows journal\nbmaptip.dll c:\windows\IME\SPGRMR.DLL c:\windows\system32\BTNEIG~1.DLL c:\windows\system32\wbtapi.dll c:\windows\system32\btwpimif.dll c:\windows\system32\btosif.dll c:\windows\system32\btrez.dll c:\windows\system32\CSH.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe c:\windows\SYSTEM32\WISPTIS.EXE c:\windows\System32\tabbtnu.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe c:\windows\System32\SCardSvr.exe c:\program files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe c:\windows\System32\digtizer.exe c:\windows\system32\igfxext.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\HPZipm12.exe c:\windows\system32\wscntfy.exe c:\windows\AGRSMMSG.exe c:\windows\system32\rundll32.exe c:\windows\system32\igfxext.exe c:\program files\Apoint2K\HidFind.exe c:\program files\Apoint2K\Apntex.exe . ************************************************************************** . Completion time: 2011-06-09 19:06:37 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-09 18:06 . Pre-Run: 6,942,216,192 bytes free Post-Run: 6,931,312,640 bytes free . - - End Of File - - 0766C55074EEA7F5147A7C18C4C9D3F5 Quote
ExTS Admin Starbuck Posted June 9, 2011 ExTS Admin Posted June 9, 2011 Hi Slumdog, "Boot partition cannot be enumerated correctly" Ok, we'll take a look at this later. As the OTL fix didn't run, we'll clean the temp files another way and then get a fresh OTL report. Step 1 Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. Step 2 Double click on OTL to run it. Under Extra Registry section, select Use SafeList. Don't check the boxes beside 'LOP Check' and 'Purity Check' this time. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. Thanks Quote Member of:UNITE
Slumdog Posted June 9, 2011 Author Posted June 9, 2011 No wonder my father swears at this thing and hasn't any hair left!! Anyway, here's the reports-- OTL logfile created on: 09/06/2011 20:11:38 - Run 2 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Alan Smith\Desktop Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 758.48 Mb Total Physical Memory | 364.89 Mb Available Physical Memory | 48.11% Memory free 1.43 Gb Paging File | 1.06 Gb Available in Paging File | 74.22% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 39.02 Gb Total Space | 6.73 Gb Free Space | 17.25% Space Free | Partition Type: NTFS Drive D: | 16.85 Gb Total Space | 16.79 Gb Free Space | 99.62% Space Free | Partition Type: NTFS Computer Name: NFRNTABLET11 | User Name: Alan Smith | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Alan Smith\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\WINDOWS\system32\digtizer.exe (WACOM) PRC - C:\Program Files\Fujitsu\Utils\FjDspMon.exe (Fujitsu PC Corporation) PRC - C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP) PRC - C:\Program Files\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.) PRC - C:\WINDOWS\AntSwitch.exe (Fujitsu Siemens Computers) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Alan Smith\Desktop\OTL.scr (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Inc.) ========== Win32 Services (SafeList) ========== SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (Digitizer) -- C:\WINDOWS\system32\digtizer.exe (WACOM) SRV - (HP Port Resolver) -- C:\WINDOWS\system32\hpbpro.exe (Hewlett-Packard Company) SRV - (HP Status Server) -- C:\WINDOWS\system32\hpboid.exe (Hewlett-Packard Company) SRV - (btwdins) -- C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (n558) -- C:\WINDOWS\system32\drivers\n558.sys () DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (hidpen) -- C:\WINDOWS\system32\drivers\hidpen.sys (Wacom Co., Ltd) DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.) DRV - (OZSCR) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro) DRV - (CONAN) -- C:\WINDOWS\system32\drivers\o2mmb.sys (O2 Micro ) DRV - (MbxStby) -- C:\WINDOWS\system32\drivers\MbxStby.sys (O2 Micro) DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (WIDCOMM, Inc.) DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (WIDCOMM, Inc.) DRV - (BTSLBCSP) -- C:\WINDOWS\system32\drivers\btslbcsp.sys (WIDCOMM, Inc.) DRV - (BTKRNL) -- C:\windows\system32\drivers\btkrnl.sys (WIDCOMM, Inc.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (WIDCOMM, Inc.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (WIDCOMM, Inc.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (WIDCOMM, Inc.) DRV - (cdrbsdrv) -- C:\windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation) DRV - (Fjbtndrv) -- C:\WINDOWS\system32\drivers\FjBtndrv.sys (Fujitsu PC Corporation) DRV - (FUJ02E1) -- C:\WINDOWS\system32\drivers\FUJ02E1.sys (Fujitsu Limited) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) DRV - (FUJ02B1) -- C:\WINDOWS\system32\drivers\fuj02b1.sys (FUJITSU LIMITED) DRV - (Aspi32) -- C:\windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 04 EB 0C 2A F9 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 169.254.*.* ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/10/14 14:31:46 | 000,000,000 | ---D | M] [2009/05/07 11:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alan Smith\Application Data\Mozilla\Firefox\Profiles\cibkoitq.default\extensions [2008/06/10 16:09:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Alan Smith\Application Data\Mozilla\Firefox\Profiles\cibkoitq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/11/24 15:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008/05/04 12:06:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/06/08 23:25:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{422112EB-BC81-4FF3-A751-D14968EB3BC3} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\REAL-NETWORKS@PARTNERS.MOZILLA.COM File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG File not found (No name found) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD O1 HOSTS File: ([2011/06/09 18:57:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\windows\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe (Fujitsu PC Corporation) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP) O4 - Startup: C:\Documents and Settings\Alan Smith\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntSwitch.lnk = C:\WINDOWS\AntSwitch.exe (Fujitsu Siemens Computers) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra Button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - File not found O9 - Extra 'Tools' menuitem : ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - File not found O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.) O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - Reg Error: Value error. File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://active.macromedia.com/director/cabs/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://194.168.163.96/activex/AxisCamControl.cab (CamImage Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.tvucricket.com/player/vjocx-en-black.cab (VodClient Control Class) O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab (FlashXControl Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} http://www.179169.com/pCastCtl_1.0.0.89_20080808.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (WIDCOMM, Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\windows\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\windows\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Documents and Settings\Alan Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alan Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/06/09 19:53:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/06/08 23:50:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2011/06/08 23:50:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2011/06/08 23:50:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2011/06/08 23:50:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe [2011/06/08 23:49:46 | 000,000,000 | ---D | C] -- C:\windows\ERDNT [2011/06/08 23:49:37 | 000,000,000 | ---D | C] -- C:\Combo-fix [2011/06/08 23:49:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/06/08 23:46:41 | 004,116,281 | R--- | C] (Swearware) -- C:\Documents and Settings\Alan Smith\Desktop\Combo-fix.exe [2011/06/08 23:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2011/06/08 23:28:09 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl [2011/06/08 23:28:08 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll [2011/06/08 23:28:08 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe [2011/06/08 23:28:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe [2011/06/08 23:28:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe [2011/06/08 23:20:14 | 016,619,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Alan Smith\Desktop\jre-6u26-windows-i586.exe [2011/06/08 21:20:47 | 000,000,000 | ---D | C] -- C:\_OTL [2011/06/07 21:54:59 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alan Smith\Desktop\OTL.scr [2011/06/07 17:36:40 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alan Smith\Desktop\TFC.exe [2011/05/25 13:03:43 | 000,000,000 | ---D | C] -- C:\Avenger [2011/05/25 11:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alan Smith\Application Data\Malwarebytes [2011/05/25 11:53:16 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/05/25 11:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/25 11:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/05/25 11:53:08 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/05/25 11:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware ========== Files - Modified Within 30 Days ========== [2317/03/08 02:23:05 | 000,003,120 | ---- | M] () -- C:\windows\MF_C421.lfa [2317/03/08 02:23:05 | 000,003,120 | ---- | M] () -- C:\windows\MF_C420.lfa [2011/06/10 00:05:00 | 000,000,432 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{52548EC2-B4D7-439B-9623-1232966E9D66}.job [2011/06/09 23:44:09 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/09 20:05:20 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl [2011/06/09 20:04:52 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011/06/09 20:04:43 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat [2011/06/09 20:04:41 | 795,398,144 | -HS- | M] () -- C:\hiberfil.sys [2011/06/09 19:46:40 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2011/06/09 18:57:26 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2011/06/08 23:48:11 | 004,116,281 | R--- | M] (Swearware) -- C:\Documents and Settings\Alan Smith\Desktop\Combo-fix.exe [2011/06/08 23:25:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe [2011/06/08 23:25:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe [2011/06/08 23:25:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe [2011/06/08 23:25:30 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javacpl.cpl [2011/06/08 23:25:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll [2011/06/08 23:20:53 | 016,619,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Alan Smith\Desktop\jre-6u26-windows-i586.exe [2011/06/07 21:55:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan Smith\Desktop\OTL.scr [2011/06/07 17:36:51 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alan Smith\Desktop\TFC.exe [2011/06/07 17:31:25 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/05/25 11:39:10 | 000,115,369 | ---- | M] () -- C:\windows\System32\drivers\klin.dat [2011/05/15 20:03:34 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Alan Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk [2011/05/11 11:47:17 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk ========== Files Created - No Company Name ========== [2317/03/08 02:23:05 | 000,003,120 | ---- | C] () -- C:\windows\MF_C421.lfa [2317/03/08 02:23:05 | 000,003,120 | ---- | C] () -- C:\windows\MF_C420.lfa [2011/06/08 23:50:22 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe [2011/06/08 23:50:22 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2011/06/08 23:50:22 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2011/06/08 23:50:22 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2011/06/08 23:50:21 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2011/05/25 11:53:17 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/10/14 14:33:20 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat [2010/10/14 14:33:20 | 000,097,859 | ---- | C] () -- C:\windows\System32\drivers\klick.dat [2009/11/24 16:16:05 | 000,000,432 | ---- | C] () -- C:\windows\System32\iolo.ini [2009/11/24 15:52:17 | 000,074,703 | ---- | C] () -- C:\windows\System32\mfc45.dll [2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\windows\System32\drivers\klopp.dat [2009/05/27 22:16:19 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat [2009/05/04 15:03:00 | 000,059,904 | ---- | C] () -- C:\windows\System32\zlib1.dll [2009/05/04 14:53:10 | 000,143,360 | ---- | C] () -- C:\windows\System32\libexpatw.dll [2008/11/06 15:51:12 | 000,000,338 | ---- | C] () -- C:\windows\wininit.ini [2008/11/06 15:47:25 | 000,003,654 | ---- | C] () -- C:\windows\System32\drivers\Sonyhcp.dll [2008/11/06 12:18:19 | 000,776,766 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate [2008/10/14 16:06:39 | 000,004,212 | -H-- | C] () -- C:\windows\System32\zllictbl.dat [2008/09/13 21:39:07 | 000,048,396 | ---- | C] () -- C:\windows\UninstVeetleTVPlayer.exe [2008/08/16 13:45:57 | 000,000,204 | ---- | C] () -- C:\windows\struct~.ini [2008/05/28 13:40:54 | 000,000,031 | -H-- | C] () -- C:\windows\UKCpInfo.sys [2008/05/04 12:11:34 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2008/04/05 10:33:12 | 000,096,577 | ---- | C] () -- C:\windows\hpqins16.dat [2007/12/03 01:29:51 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat [2007/10/07 15:12:40 | 000,022,334 | R--- | C] () -- C:\windows\System32\lvcoinst.ini [2007/08/15 08:27:18 | 000,009,600 | ---- | C] () -- C:\windows\System32\drivers\n558.sys [2007/03/21 15:20:43 | 000,107,520 | ---- | C] () -- C:\windows\System32\UnCasino5.exe [2006/09/13 12:06:10 | 000,045,056 | ---- | C] () -- C:\windows\System32\gtapi.dll [2006/08/11 13:28:16 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Alan Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/06/26 10:33:40 | 000,023,472 | ---- | C] () -- C:\windows\System32\drivers\LVPr2Mon.sys [2006/05/13 13:10:46 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/04/05 18:56:24 | 000,000,057 | ---- | C] () -- C:\windows\System32\peer.ini [2005/12/01 16:44:08 | 000,016,850 | ---- | C] () -- C:\windows\hpdj6800.ini [2005/12/01 16:44:02 | 000,005,506 | ---- | C] () -- C:\windows\hpf6800m.ini [2005/10/06 14:40:13 | 000,320,512 | ---- | C] () -- C:\windows\System32\w32mkde.exe [2005/10/06 14:40:13 | 000,110,080 | ---- | C] () -- C:\windows\System32\w32mkrc.dll [2005/10/06 11:46:14 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI [2005/10/05 22:00:36 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Alan Smith\Local Settings\Application Data\fusioncache.dat [2005/09/28 21:36:05 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini [2005/09/28 21:33:56 | 000,000,982 | ---- | C] () -- C:\windows\System32\oeminfo.ini [2004/09/13 22:13:29 | 000,001,385 | ---- | C] () -- C:\windows\hpfmdl6800.dat [2004/09/13 22:13:29 | 000,000,242 | ---- | C] () -- C:\windows\hpfins6800.dat [2004/08/13 17:07:50 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat [2004/08/13 16:59:12 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat [2004/08/13 09:52:31 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI [2004/08/13 09:51:25 | 000,281,336 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2004/08/12 12:28:11 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat [2004/08/12 12:28:07 | 000,444,156 | ---- | C] () -- C:\windows\System32\perfh009.dat [2004/08/12 12:28:07 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat [2004/08/12 12:28:07 | 000,071,970 | ---- | C] () -- C:\windows\System32\perfc009.dat [2004/08/12 12:28:07 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat [2004/08/12 12:28:06 | 000,004,499 | ---- | C] () -- C:\windows\System32\oembios.dat [2004/08/12 12:28:05 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin [2004/08/12 12:28:02 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat [2004/08/12 12:27:59 | 000,020,480 | ---- | C] () -- C:\windows\System32\msorc32r.dll [2004/08/12 12:27:56 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat [2004/08/12 12:27:56 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin [2004/08/12 12:27:47 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat [2004/08/12 12:27:40 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin [2004/04/02 14:49:10 | 000,086,016 | ---- | C] () -- C:\windows\System32\btprn2k.dll [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll < End of report > OTL Extras logfile created on: 09/06/2011 20:11:38 - Run 2 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Alan Smith\Desktop Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 758.48 Mb Total Physical Memory | 364.89 Mb Available Physical Memory | 48.11% Memory free 1.43 Gb Paging File | 1.06 Gb Available in Paging File | 74.22% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 39.02 Gb Total Space | 6.73 Gb Free Space | 17.25% Space Free | Partition Type: NTFS Drive D: | 16.85 Gb Total Space | 16.79 Gb Free Space | 99.62% Space Free | Partition Type: NTFS Computer Name: NFRNTABLET11 | User Name: Alan Smith | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "4635:TCP" = 4635:TCP:*:Enabled:ppLive "6329:UDP" = 6329:UDP:*:Enabled:ppLive "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{0510E9B6-C4C9-4C1D-8FE9-89EDDAA54958}" = Microsoft Reader "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband "{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4C85FA-E312-11D7-BCF5-00105A24FEA8}" = Mobile User VPN "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5337BED2-73A0-4EB8-A33C-91DFD4C2F82D}" = Fujitsu Pen Service "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver "{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Fujitsu Siemens Computers Bluetooth Software "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{92E0213D-2D81-4AC0-B9E5-BCB3AB8C2F9E}" = HP Deskjet 6800 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4 "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master "{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1108168-3364-4F6F-B19E-1ECA24192164}" = Fujitsu Button Driver Component "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator "{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F94FD9EE-B0A7-47BE-8C96-72F693BE4299}" = Fujitsu Button Utilities "Adobe AIR" = Adobe AIR "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "DeskJet 6800 Installer" = HP Deskjet 6800 "Google Chrome" = Google Chrome "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}" = OLYMPUS Master "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "QcDrv" = Logitech® Camera Driver "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "William Hill Casino" = William Hill Casino "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Quote
ExTS Admin Starbuck Posted June 10, 2011 ExTS Admin Posted June 10, 2011 Hi Slumdog, No wonder my father swears at this thing and hasn't any hair left!! http://fc06.deviantart.net/fs4/i/2004/250/7/1/ROFL_by_b4sti.gif I'm sure we can make things a bit easier by the time we are finished. Let's try the Otl fix again. If it does freeze, let me know at what line it freezes ( but hopefully it won't) Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 169.254.*.* File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{422112EB-BC81-4FF3-A751-D14968EB3BC3} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\REAL-NETWORKS@PARTNERS.MOZILLA.COM File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG File not found (No name found) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (no name) - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {8260C2B8-E0D1-448a-B062-33D12D468BF0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O9 - Extra Button: Ãâ·Ñ¾«²ÊÊÓƵ³¬Á÷³©ÔÚÏß¹Û¿´ - {022C4009-5283-4365-97BF-144054B40E2E} - File not found O9 - Extra 'Tools' menuitem : ²¥°ÔµçÊÓ - {022C4009-5283-4365-97BF-144054B40E2E} - File not found O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found O9 - Extra Button: Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Littlewoods Casino - {BAA37C20-5000-11DB-B0DE-0800200C9A66} - Reg Error: Value error. File not found O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.) O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://signin3.valueactive.com/Regi...18/flashax.cab (FlashXControl Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} http://www.179169.com/pCastCtl_1.0.0.89_20080808.cab (Reg Error: Key error.) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: NapsterShell - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: Octoshape Streaming Services - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: ppmate - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: swg - hkey= - key= - Reg Error: Value error. File not found [2317/03/08 02:23:05 | 000,003,120 | ---- | M] () -- C:\windows\MF_C421.lfa [2317/03/08 02:23:05 | 000,003,120 | ---- | M] () -- C:\windows\MF_C420.lfa :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Quote Member of:UNITE
Slumdog Posted June 10, 2011 Author Posted June 10, 2011 Well that was quicker! All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8260C2B8-E0D1-448a-B062-33D12D468BF0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8260C2B8-E0D1-448a-B062-33D12D468BF0}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8260C2B8-E0D1-448a-B062-33D12D468BF0} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8260C2B8-E0D1-448a-B062-33D12D468BF0}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{022C4009-5283-4365-97BF-144054B40E2E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{022C4009-5283-4365-97BF-144054B40E2E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{022C4009-5283-4365-97BF-144054B40E2E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{022C4009-5283-4365-97BF-144054B40E2E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{BAA37C20-5000-11DB-B0DE-0800200C9A66}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAA37C20-5000-11DB-B0DE-0800200C9A66}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{BAA37C20-5000-11DB-B0DE-0800200C9A66}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BAA37C20-5000-11DB-B0DE-0800200C9A66}\ not found. Starting removal of ActiveX control {6A344D34-5231-452A-8A57-D064AC9B7862} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A344D34-5231-452A-8A57-D064AC9B7862}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A344D34-5231-452A-8A57-D064AC9B7862}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A344D34-5231-452A-8A57-D064AC9B7862}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A344D34-5231-452A-8A57-D064AC9B7862}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A344D34-5231-452A-8A57-D064AC9B7862}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {D8089245-3211-40F6-819B-9E5E92CD61A2} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D8089245-3211-40F6-819B-9E5E92CD61A2}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D8089245-3211-40F6-819B-9E5E92CD61A2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8089245-3211-40F6-819B-9E5E92CD61A2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D8089245-3211-40F6-819B-9E5E92CD61A2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8089245-3211-40F6-819B-9E5E92CD61A2}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Starting removal of ActiveX control {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Google Desktop Search\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NapsterShell\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Octoshape Streaming Services\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ppmate\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\swg\ not found. C:\WINDOWS\MF_C421.lfa moved successfully. C:\WINDOWS\MF_C420.lfa moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Alan Smith\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Alan Smith\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Alan Smith ->Temp folder emptied: 118252 bytes ->Temporary Internet Files folder emptied: 3072769 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2528302 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 6.00 mb C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: Administrator User: Alan Smith ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.23.0 log created on 06102011_180405 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Alan Smith\Local Settings\Temp\~DF22F4.tmp not found! File\Folder C:\Documents and Settings\Alan Smith\Local Settings\Temp\~DF2490.tmp not found! File\Folder C:\Documents and Settings\Alan Smith\Local Settings\Temp\~DF2A3A.tmp not found! File\Folder C:\Documents and Settings\Alan Smith\Local Settings\Temp\~DF2A68.tmp not found! File\Folder C:\Documents and Settings\Alan Smith\Local Settings\Temp\~DF2D43.tmp not found! File\Folder C:\Documents and Settings\Alan Smith\Local Settings\Temp\~DF2D6B.tmp not found! C:\Documents and Settings\Alan Smith\Local Settings\Temporary Internet Files\Content.IE5\UPO2PEVD\ads[3].txt moved successfully. C:\Documents and Settings\Alan Smith\Local Settings\Temporary Internet Files\Content.IE5\NEZ2TS71\11824-FAO-Starbuck-A-extremely-slow-PC[1].txt moved successfully. C:\Documents and Settings\Alan Smith\Local Settings\Temporary Internet Files\Content.IE5\6FETXN55\iframe[1].htm moved successfully. C:\Documents and Settings\Alan Smith\Local Settings\Temporary Internet Files\Content.IE5\5MDYC5IT\ads[3].txt moved successfully. C:\Documents and Settings\Alan Smith\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot... Quote
ExTS Admin Starbuck Posted June 10, 2011 ExTS Admin Posted June 10, 2011 Hi Slumdog, Well that was quicker! Seems we're getting some where now. http://fc07.deviantart.net/images3/i/2004/146/9/1/Two_thumbs_up.gif Step 1 I'd like you to do an ESET OnlineScan You may find it beneficial to close your resident AV program before running the scan. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Note: It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% ) To prevent this happening: When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology http://img.photobucket.com/albums/v708/starbuck50/eset.png Step 2 Download Puran Disc Defragmenter Save it to your 'Desktop'. Run the program. From the main 'Puran Defrag' screen, click on the 'C' drive to highlight it. Then click on 'Defrag'. This program is faster than the built in Windows Defrag and is more efficient. Try not to use the m/c while the defrag is running. See if the system runs any faster afterwards. In your next reply, please submit: Eset scan report and let me know how the system runs after running Puran Defrag. Thanks. Quote Member of:UNITE
Slumdog Posted June 10, 2011 Author Posted June 10, 2011 2011/06/10 at 23:21:36 Analysis Report For C: Total Files83206 Total Directories7773 Total Excluded0 Total Deleted0 Total Deleted Bytes0 MB Total Fragmented Files7414 Total Fragmented Directories92 Total Fragmented Bytes15150 MB MFT Fragments5 Registry Fragments1Pagefile Fragments210 Fragmentation Percentage By Size48%Fragmentation Percentage By Count8% Analysis Report For C: After Defragmentation Total Fragmented Files2410Total Fragmented Directories5 Total Fragmented Bytes13360 MB Fragmentation Percentage By Size42% Fragmentation Percentage By Count2% The following files/directories were defragmented - Top 10 PathLcnSize in MBFragmentsC:\Program Files\Common Files\Symantec Shared\VirusDefs\20081011.003\VIRSCAN7.DAT 895099827.8511 C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081011.003\VIRSCAN5.DAT 86630658.6110 C:\System Volume Information\_restore{19033AF7-1D20-46CE-98A9-FAE06779F5A4}\RP2249\snapshot\Repository\FS\OBJECTS.DATA 594129519.518 C:\WINDOWS\Installer\11cd6f1.msi 86810477.027 C:\WINDOWS\Installer\$PatchCache$\Managed\9040111900063D11C8EF10054038389C\11.0.5614\MSB1ENFR.ITS.FAD473D6_E564_11D3_8F5D_00C04F9CF4AC 68562597.077 C:\Casino\William Hill Casino\data\slots_safariheat15line\scatter_long-background.cfs 67257116.926 C:\WINDOWS\ie8updates\KB976749-IE8\mshtml.dll 61072505.676 C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081011.018\VIRSCAN5.DAT 60363378.616 C:\WINDOWS\ie8updates\KB972260-IE8\ieframe.dll 603026410.556 C:\System Volume Information\_restore{19033AF7-1D20-46CE-98A9-FAE06779F5A4}\RP2249\A0188662.dll 895778123.276 The following files/directories are still fragmented - Top 10 PathLcnSize in MBFragmentsC:\Documents and Settings\Alan Smith\My Documents\MyData\nfrn1\Email Back up\backup.pst 7580604344.89181C:\Documents and Settings\Alan Smith\Local Settings\Application Data\Google\GoogleEarth\dbCache.dat 8700459414.81107C:\WINDOWS\Installer\85ae16.msp 6648171114.4259C:\Documents and Settings\Alan Smith\My Documents\Downloads\wlsetup-all.exe 2749190134.8545C:\Documents and Settings\Alan Smith\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst 4134271350.7034C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Packages\Nokia_PC_Suite\Setup\Nokia_PC_Suite.msi 728462457.4028C:\Documents and Settings\Alan Smith\My Documents\My Videos\St&Ev B.Day.plus 005.mpg 910554147.6923C:\Documents and Settings\Alan Smith\My Documents\My Videos\St&Ev B.Day.plus 004.mpg 979722658.3122C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb 9844444146.0121C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\English\kavkis.msi 2812031105.8617 ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6526 # api_version=3.0.2 # EOSSerial=5ff271fcfe11614a804ba1677f00bc63 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-06-10 08:34:10 # local_time=2011-06-10 09:34:10 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1280 16777191 100 0 20667038 20667038 0 0 # compatibility_mode=8192 67108863 100 0 373 373 0 0 # compatibility_mode=9217 16777213 25 9 48661346 76018216 0 0 # scanned=82965 # found=0 # cleaned=0 # scan_time=7984 I'll let you know how it's running soon, thanks. Quote
Slumdog Posted June 10, 2011 Author Posted June 10, 2011 Thanks Starbuck, it seems much better than it was. I understand because of it's age, it may never be super-fast. (No, I'm not talking about my father again!!!). Cheers. Quote
ExTS Admin Starbuck Posted June 12, 2011 ExTS Admin Posted June 12, 2011 Hi Slumdog, Do you happen to have the Windows XP installation disc? Quote Member of:UNITE
Slumdog Posted June 12, 2011 Author Posted June 12, 2011 No, his work would have set it all up. Quote
ExTS Admin Starbuck Posted June 13, 2011 ExTS Admin Posted June 13, 2011 Ok. I was looking for an easy way to address this: "Boot partition cannot be enumerated correctly" Let's try this (and keep our fingers crossed it doesn't ask for the disc) Run the System File Checker (SFC) to scan all protected files to verify their versions. If SFC discovers that a critical system file has been damaged, altered or missing, it restores the correct version of the file from the cache folder. You must be logged on as an administrator or as a member of the Administrators group to run sfc and it may ask you to insert your XP Installation CD ..so have it available. Use Task Manager (Alt + Ctl + Del)... New Task... and type: sfc /scannow ..... (Or use the 'Run' command) Make sure that you include a space between the c and /. This command will initiate the Windows File Protection service to scan all protected files, verify their integrity, and replace any problem files. Quote Member of:UNITE
Slumdog Posted June 13, 2011 Author Posted June 13, 2011 Ok, it ran that eventually. Was it supposed to leave a report or anything, because it just disappeared? Quote
ExTS Admin Starbuck Posted June 14, 2011 ExTS Admin Posted June 14, 2011 Hi Slumdog, Was it supposed to leave a report or anything, because it just disappeared? No, it doesn't give a report. It just replaces any corrupt or missing system files. 758.48 Mb Total Physical Memory | 364.89 Mb Available Physical Memory | 48.11% Memory free 1.43 Gb Paging File | 1.06 Gb Available in Paging File | 74.22% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 39.02 Gb Total Space | 6.73 Gb Free Space | 17.25% Space Free | Partition Type: NTFS It would seem that the system has 1 x 512mb 1 x 256mb of ram installed. You could up this, i've just got a 1gb ram module for an older system of mine, cost about £20.00 You could even take out the 256mb stick and add the 1gb ..... that would give a nice 1.5gb of memory. Mind you, it all depends on how much Ram the motherboard can handle. If you want to find out, you can run this: Go to http://www.crucial.com/uk/systemscanner/index.aspx 1. First, agree to the terms and conditions. 2. Click the "download the scanner" button, and choose "Save File" when prompted. 3. Save the file to your desktop, or anywhere you prefer. 4. Navigate to this saved CrucialScan.exe file and open. If you get a security warning, click "Run" to allow the download. 5. It will take several moments while your browser is updated with your scan results. When the report comes up it will tell you how much Ram memory is installed, how many modules,how many slots are used, how many are available, how much Ram memory can be installed and what type of memory you can install. Crucial will also give you a price for any recommended Ram upgrades, but you don't have to accept this. You are free to use their scanner and then buy your Ram chips from wherever you want. Also the system only has 17.25% Space Free .... you could try removing some old programs/files etc and increase this, that would make a difference. Quote Member of:UNITE
Slumdog Posted June 15, 2011 Author Posted June 15, 2011 Ok, sorry, was that to speed things up or the boot partition thing? I'll let him know, but he is very unlikely to pay any money for software as it is not his! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.