do i have malware [solved]

blakloks · January 14, 2012

I uninstalled firefox from my desktop pc as it was running poorly i then tried to re-install my bt internet software and when i did i could not connect to the internet even though the icons were there, i then tried to system restore but was unable to this either so i now cannot connect to the internet so im not sure if i have a malware problem or not.:confused:

KenB · January 15, 2012

Hi,

i then tried to re-install my bt internet software

Was there a problem with this before you removed F_F ?

How are you connected ?

Wired or wireless ?

Are there any other computers in the house and can they connect OK ?

Which router are you using. Make and model number please ?

This doesn't sound like malware - it is more likely to be a setting on your computer or the router.

blakloks · January 15, 2012

No I have done that before when i reinstalled firefox previously, firefox had become another search engine i didnt like so uninstalled it again. The desktop pc is wired but there is also a laptop that is wireless and running no problem i am using the BT homehub 2.0

KenB · January 15, 2012

laptop that is wireless and running no problem

This implies that there is no problem with the BT Homehub settings.

Take the ethernet cable and use it to connect the laptop to the BT Homehub.

It should connect no problem.

If it cannot - then it looks like there is a problem with the ethernet cable.

Switch off the Wireless Option on the laptop first - just to make sure.

Let me know the results.

blakloks · January 15, 2012

Ethernet cable is fine just tried it in the laptop with wireless switched off

KenB · January 15, 2012

OK.

Connect the ethernet cable back up to the desktop.

Start ....type in ......devmgmt.msc ......ENTER

Click the + next to Network Adapters

What is listed?

Are there any yellow exclamation marks or red Xs ?

blakloks · January 15, 2012

Yeah there is 3 yellow exclamation marks mate below network adapters one is at other devices one is at SM bus controller and the other is at Unknown device Edited January 15, 2012 by blakloks

KenB · January 16, 2012

You don't have the drivers for the NIC installed.

What is the make and model number of your pc.

I can try to locate them for you.

Also let me know the Operating System please.

blakloks · January 17, 2012

Ok thanks for the info my pc is Fujitsu Siemens scaleo p model and I am running windows XP home. What would have happened to the drivers then as it was working?

KenB · January 17, 2012

According to the Fujitsu site the drivers for your NIC are embedded in XP.

If this is the case then it could be that there is a problem with the card ( it is actually a chip ) itself.

The drivers needed are Realtek RTL8139 and it is this that should be showing in Device Manager.

Go back to Network Adapters in Device Manager ( devmgmt.msc ) right click on each of the devices with a yellow exclamation mark > uninstall.

Re-boot the machine.

Windows should locate new hardware and, if the drivers are embedded, should auto install them.

If not then the drivers are here:

click here

Windows XP > click on US1 or US2

blakloks · January 18, 2012

ive got my drivers back in i had a disc so many thanks for that. When i click on my icons to get onto the net it says internet explorer encountered a problem with the add on and needs to close!!! So close yet so far:D will i need to uninstall and reinstall

KenB · January 18, 2012

Can you let me know the exact error message please?

Which version of IE are you using ?

There should be an option in Tools > Manage Add Ons to turn them off.

Do this and try connecting again.

blakloks · January 26, 2012

Sooty about the late reply I cannot even open Internet explorer it says it encounters a problem with an add on and needs to close and the following add on was running when the problem occurred :File: Wltcore.dllCompany name: MicrosoftDescription. : Windows live toolbar

KenB · February 2, 2012

Hi,

Sorry for missing your last post.

Wltcore.dll is linked with Windows Live Toolbar

Does Windows Live Toolbar show in Control Panel

or

Control Panel > Add / Remove

From Add / Remove ............which version of IE are you using?

blakloks · February 5, 2012

I went into add and remove programs but for some bizzare reason Internet explorer does not appear to be visible there so don't know what's happening there mate any ideas?

KenB · February 6, 2012

Wltcore.dll is linked with Windows Live Toolbar
Does Windows Live Toolbar show in Control Panel

Is Windows Live Toolbar there?

It may be in Add / Remove ..............is it here ?

Internet explorer does not appear

If you are running IE6 it probably will not show in Add/Remove as it is integrated into the System Files.

Updates do show.

blakloks · February 6, 2012

i cannot see windows live toolbar there is a windows live upload tool(would that be it??) and another thing in relation to windows but that is it

KenB · February 7, 2012

windows live upload tool(would that be it??)

No - Frustrating !!

You don't see IE in Add/Remove ( presumably you have IE6 )

You cannot open IE

There is a Fix-It here:

click here

Click the Run Now button

This fixes defective add-ons and a lot more.

Starbuck · February 7, 2012

You don't see IE in Add/Remove ( presumably you have IE6 )

If you are running IE6, then it's a good bet that your copy of Windows is missing a lot of updates.

The IE updates will have come as a default install along with the Windows updates.

Are your Windows updates turned off?

blakloks · February 14, 2012

windows updates are on. How do i get that ie repair from my laptop onto the problem pc if i cant connect to the net? I put the drivers and utilities disk and avg detected a threat which i could not vault as it was in the optical drive!!!!!

Starbuck · February 14, 2012

When i used BT HomeHub in the past, i never installed any of their software.

It's not needed anyway. (most of it is bloatware anyway)

Any system using an ethernet cable will work without the software.

Although IE may not be connecting.... you may still have a connection.

Will your AV update? or if you have something like MBAM on your system.... will that update?

To make things easier, why not download another browser to see if it will connect using that?

Opera is a firm favourite.

You can download it to the laptop.

Save it to the desktop.

Then transfer it by way of usb stick or disc to the other system.

When installing it, if it asks if you want to transfer your IE settings..... click No.

blakloks · February 19, 2012

When i used BT HomeHub in the past, i never installed any of their software.
It's not needed anyway. (most of it is bloatware anyway)
Any system using an ethernet cable will work without the software.

Although IE may not be connecting.... you may still have a connection.
Will your AV update? or if you have something like MBAM on your system.... will that update?

To make things easier, why not download another browser to see if it will connect using that?
Opera is a firm favourite.
You can download it to the laptop.
Save it to the desktop.
Then transfer it by way of usb stick or disc to the other system.
When installing it, if it asks if you want to transfer your IE settings..... click No.

I downloaded firefox onto a flash drive and put it on the desktop PC worked a treat mate the only thing is that sometimes it says local area network connection not connected for the first 5 minutes at leasts its up and running now thanks for all the help guys!!!

Starbuck · February 19, 2012

at leasts its up and running now thanks for all the help guys!!!

Now it's up and running, it may be as well to check out your system for a possible cause.

Download OTL to your desktop.
right click on the link and select 'Save Link/Target As'.

if you have problems, try this download link:
OTL
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

Now copy the lines in bold below.

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
.
Click the Run Scan button.

http://img.photobucket.com/albums/v708/starbuck50/runscan.png
Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

Thanks

blakloks · February 20, 2012

this from otl notepad:

OTL logfile created on: 20/02/2012 19:17:21 - Run 1

OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\Jasper\My Documents\Downloads

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.52% Memory free

3.85 Gb Paging File | 3.37 Gb Available in Paging File | 87.57% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 202.34 Gb Free Space | 86.89% Space Free | Partition Type: NTFS

Drive F: | 3.74 Gb Total Space | 3.66 Gb Free Space | 97.94% Space Free | Partition Type: FAT32

Computer Name: HOME-86DCE43013 | User Name: Jasper | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jasper\My Documents\Downloads\OTL(1).exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()

PRC - C:\Program Files\AVG Secure Search\vprot.exe ()

PRC - C:\Documents and Settings\Jasper\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)

PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()

PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)

PRC - C:\Program Files\Lexmark 4300 Series\lxcemon.exe (Lexmark International, Inc.)

PRC - C:\WINDOWS\system32\lxcecoms.exe (Lexmark International, Inc.)

PRC - C:\Program Files\Lexmark 4300 Series\ezprint.exe ()

PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()

MOD - C:\Program Files\AVG Secure Search\vprot.exe ()

MOD - c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll ()

MOD - C:\WINDOWS\system32\quartz.dll ()

MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()

MOD - C:\WINDOWS\system32\sbe.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

MOD - C:\WINDOWS\system32\LXPRMON.DLL ()

MOD - C:\Program Files\Lexmark 4300 Series\lxcecnv4.dll ()

MOD - C:\Program Files\Lexmark 4300 Series\ezprint.exe ()

========== Win32 Services (SafeList) ==========

SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()

SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll ()

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()

SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (lxce_device) -- C:\WINDOWS\System32\lxcecoms.exe (Lexmark International, Inc.)

========== Driver Services (SafeList) ==========

DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb&sysid=2

IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0

FF - prefs.js..extensions.enabledItems: {28387537-e3f9-4ed7-860c-11e69af4a8a0}:4.1.0.00

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2

FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2

FF - prefs.js..extensions.enabledItems: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}:4.1.0.00

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..keyword.URL: "http://search.imesh.com/web?src=ffb&systemid=1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2012/02/18 14:47:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/19 15:20:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/11/25 20:10:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/02/20 13:45:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 19:28:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/20 12:03:23 | 000,000,000 | ---D | M]

[2006/02/25 23:59:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jasper\Application Data\Mozilla\Extensions

[2012/02/18 15:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jasper\Application Data\Mozilla\Firefox\Profiles\g9thydj2.default\extensions

[2011/02/03 18:10:00 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Jasper\Application Data\Mozilla\Firefox\Profiles\g9thydj2.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}

[2011/04/11 14:56:35 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Jasper\Application Data\Mozilla\Firefox\Profiles\g9thydj2.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}

[2010/12/21 11:56:29 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\Jasper\Application Data\Mozilla\Firefox\Profiles\g9thydj2.default\extensions\2020Player@2020Technologies.com

[2011/06/15 16:27:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Jasper\Application Data\Mozilla\Firefox\Profiles\g9thydj2.default\extensions\engine@conduit.com

[2011/09/30 11:21:28 | 000,002,613 | ---- | M] () -- C:\Documents and Settings\Jasper\Application Data\Mozilla\Firefox\Profiles\g9thydj2.default\searchplugins\askcom.xml

[2010/09/14 12:48:25 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\Jasper\Application Data\Mozilla\Firefox\Profiles\g9thydj2.default\searchplugins\BearShareWebSearch.xml

[2010/09/02 08:09:28 | 000,002,486 | ---- | M] () -- C:\Documents and Settings\Jasper\Application Data\Mozilla\Firefox\Profiles\g9thydj2.default\searchplugins\iMeshWebSearch.xml

[2012/02/18 15:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/02/20 13:45:56 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.0.0.7\

[2010/10/19 11:32:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2012/02/19 19:28:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012/02/08 17:50:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/02/20 13:45:45 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

[2010/09/14 12:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml

[2012/02/08 17:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/08 17:50:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/02/08 17:50:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2010/09/02 08:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml

[2012/02/08 17:50:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/10 19:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll ()

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()

O2 - BHO: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.

O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\ToolBar\imeshdtxmltbpi.dll ()

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))

O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)

O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 4300 Series\ezprint.exe ()

O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()

O4 - HKLM..\Run: [LXCECATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.DLL ()

O4 - HKLM..\Run: [lxcemon.exe] C:\Program Files\Lexmark 4300 Series\lxcemon.exe (Lexmark International, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Jasper\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - Startup: C:\Documents and Settings\Jasper\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6407C1E3-3E20-47F4-88E6-0C74EF45D788}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Jasper\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jasper\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/04/07 20:13:05 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2006/02/25 23:36:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2011/03/22 15:07:56 | 000,000,000 | ---D | M] - F:\AUTOCAD -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/18 15:38:15 | 000,000,000 | ---D | C] -- C:\37b7bbde4b59dd63d7a8a55834f6cc3a

[2012/02/18 15:33:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jasper\Recent

[2012/02/18 14:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2012/02/18 14:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jasper\Local Settings\Application Data\ConduitEngine

[2012/02/18 14:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2012/02/18 14:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jasper\Local Settings\Application Data\Conduit

[2012/02/14 19:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jasper\Application Data\ElevatedDiagnostics

[2012/02/14 19:25:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell

[2012/02/14 19:16:34 | 000,000,000 | ---D | C] -- C:\$AVG

[2012/02/04 13:33:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache

[2006/02/25 23:57:32 | 000,022,600 | ---- | C] () -- C:\Documents and Settings\Jasper\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2006/02/25 23:54:50 | 006,410,196 | -H-- | C] () -- C:\Documents and Settings\Jasper\Local Settings\Application Data\IconCache.db

[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/20 18:22:42 | 089,557,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012/02/20 18:02:09 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2012/02/20 18:01:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/02/20 12:03:24 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2012/02/19 15:20:08 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[2012/02/18 16:29:07 | 000,502,098 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/02/18 16:29:07 | 000,096,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/02/18 16:21:20 | 000,134,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/02/18 16:16:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/02/18 15:28:03 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/02/18 15:28:03 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012/02/18 14:20:02 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[33 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/20 12:03:24 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk

[2012/02/20 12:03:24 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2012/02/18 15:33:53 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2012/02/18 15:28:03 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012/02/16 19:59:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/02/16 19:59:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll

[2011/04/12 11:24:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/04/07 21:24:47 | 000,431,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/02/03 19:02:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2010/11/04 16:10:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/10/06 11:37:52 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Jasper\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/05 15:19:51 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Jasper\Local Settings\Application Data\fusioncache.dat

[2010/10/05 10:41:49 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL

[2010/10/05 10:41:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL

[2010/10/05 10:39:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcevs.dll

[2010/10/04 17:57:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini

========== LOP Check ==========

[2011/04/11 14:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1E35B

[2011/09/28 18:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2012/02/18 14:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

[2011/02/03 18:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2012/01/26 19:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2011/09/28 17:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess

[2011/05/13 08:06:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/11/25 20:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/10/06 13:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/01/20 16:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\Amazon

[2011/04/07 20:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\Autodesk

[2010/10/04 15:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\AVG10

[2012/02/14 19:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\ElevatedDiagnostics

[2011/02/04 13:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\FrostWire

[2011/02/27 19:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\GARMIN

[2010/10/13 13:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\GetRightToGo

[2011/02/03 18:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\imeshbandmltbpi

[2011/07/07 09:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\LibreOffice

[2011/04/11 14:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\mediabarbs

[2011/02/03 18:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\mediabarim

[2010/10/04 16:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\MSNInstaller

[2011/05/27 11:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\OpenOffice.org

[2011/02/28 10:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\SmartDraw

[2010/10/13 13:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\SystemRequirementsLab

[2012/02/18 15:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jasper\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/02/25 23:36:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/10/12 14:40:07 | 000,000,209 | -HS- | M] () -- C:\boot.ini

[2010/10/05 10:38:49 | 000,000,242 | ---- | M] () -- C:\CDFE.log

[2006/02/25 23:36:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2006/02/25 23:36:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2012/01/15 18:24:07 | 000,000,811 | ---- | M] () -- C:\lxce.log

[2010/10/05 10:38:46 | 000,000,000 | ---- | M] () -- C:\lxcefire.csv

[2010/10/05 10:39:25 | 000,000,291 | ---- | M] () -- C:\LXCEINST.csv

[2006/02/25 23:36:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/10 19:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2010/10/11 14:54:25 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2012/02/20 18:01:48 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2005/03/08 02:09:24 | 000,073,728 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\lxcePP5C.DLL

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >

[2006/02/25 23:17:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2006/02/25 23:17:58 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2006/02/25 23:17:58 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\* >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/19 19:28:29 | 000,834,832 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/19 19:28:29 | 000,834,832 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/19 19:28:29 | 000,834,832 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/19 19:28:33 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/19 19:28:33 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/19 19:28:33 | 000,924,632 | ---- | M] (Mozilla Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 00:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 00:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 00:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/14 00:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >