Need your help again RC. I'm getting warning boxes popping up that cause my computer to become non responsive and freeze up for sometimes several mins at a time. One box is the Unresponsive plugin box, the other is Unresponsive script. I tried to get email support from HP as I have in the past, but I'm getting a message that my machine is out of warranty. It's was out of warranty for yrs but I was still able to get email support, no longer. I have a Compaq Presario, approx 7 yrs old, with (don't laugh) 512MB Mem, 180GB hard drive with 140 free GBs, Firefox is my browser. Any suggestions?
This is what I wanted to post.
I'm getting warning boxes popping up that cause my computer to become non responsive and freeze up for sometimes several mins at a time. One box is the Unresponsive plugin box, the other is Unresponsive script.
I have a Compaq Presario desktop, approx 7 yrs old, with
512MB Mem, 180GB hard drive with 140 free GBs, Firefox is my browser. I updated several pluguns with no improvement. I attempted to update to SP3 X2, . It completed the install the 1st time but when it restarted there was a loop from the opening page right to the Safe Mode page. I did a system restore. 2nd attempt wouldn't finish after 8 hrs. I shut down and restarted to the same loop as after the 1st install try, another system restore. I updated and ran Malwarebytse, found 5 threats and removed them. I downloaded and ran Spyware blaster. O hope all of the information ypu need is enclosed. I also downloaded the KB 953356 patch for the AMD processor b$ doing the SP3. Thanks in advance.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Compaq_Owner at 20:36:21 on 2013-06-03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.22 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\reminder\SacReminder.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80114
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: WitBHO Class: {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - c:\program files\chameleontom\wit4ie.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr .exe" /background
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [SacReminderHDDV2N] c:\documents and settings\all users\application data\officeguardianv2n\reminder\SacReminder.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDgwNjAyMDYyLVQxLUJBKzEtS1YzKzctWEwrMS1VQ0FMTCsxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNw"&"prod=90"&"ver=10.0.1204
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\canoni~1.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\6750491\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: EnableProfileQuota = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\chameleontom\ct.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
TCP: Interfaces\{14D9CC6F-26E4-4C91-A6EC-9E1BA6683FAC} : DHCPNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.2.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\gbhvogpj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&CUI=UN12355583662464419&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&SearchSource=2&CUI=UN12355583662464419&UM=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff9.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\gbhvogpj.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\gbhvogpj.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\gbhvogpj.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-04-13 21:42; rapportive@rapportive.com; c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\gbhvogpj.default\extensions\rapportive@rapportive.com
FF - ExtSQL: 2013-04-13 21:44; newtabgoogle@graememcc.co.uk; c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\gbhvogpj.default\extensions\newtabgoogle@graememcc.co.uk.xpi
FF - ExtSQL: 2013-05-22 11:15; {7f3f960e-a836-45ca-8911-0accb522246e}; c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\gbhvogpj.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
FF - ExtSQL: 2013-05-22 19:52; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\firefox\Ext
FF - ExtSQL: !HIDDEN! 2009-09-01 21:11; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-12-11 37664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-9 55152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
.
=============== Created Last 30 ================
.
2013-06-03 23:42:06 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-06-03 23:42:06 -------- d-----w- c:\windows\system32\wbem\Repository
2013-06-03 23:36:22 -------- d-----w- c:\windows\system32\CatRoot_bak
2013-06-03 15:59:14 -------- d-----w- c:\program files\SpywareBlaster
2013-06-02 16:20:57 19569 ----a-w- c:\windows\005403_.tmp
2013-06-02 15:57:25 -------- d-----w- C:\8b92052dd8fbc345a9bdf0e9
2013-05-31 00:45:17 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\Wildtangent
2013-05-31 00:45:11 -------- d-----w- c:\windows\wt
2013-05-31 00:45:06 -------- d-----w- c:\program files\McAfee Security Scan
2013-05-31 00:45:06 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2013-05-31 00:13:12 19528 ----a-w- c:\windows\000001_.tmp
2013-05-30 23:57:50 -------- d-----w- C:\d321eb98beeded867b1c1470
2013-05-28 21:52:09 -------- d-----w- c:\windows\system32\scripting
2013-05-28 21:52:08 -------- d-----w- c:\windows\l2schemas
2013-05-28 21:43:09 19569 ----a-w- c:\windows\002709_.tmp
2013-05-24 17:41:26 -------- d-----w- c:\program files\Norton Security Scan
2013-05-24 17:39:50 -------- d-----w- c:\program files\NortonInstaller
2013-05-22 23:54:21 -------- d-----w- c:\documents and settings\compaq_owner\application data\RealNetworks
2013-05-22 23:52:12 -------- d-----w- c:\program files\RealNetworks
2013-05-22 23:51:53 -------- d-----w- c:\documents and settings\all users\application data\RealNetworks
2013-05-22 23:51:21 -------- d-----w- c:\program files\common files\xing shared
2013-05-22 23:50:51 153736 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2013-05-22 23:50:40 124504 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
2013-05-22 15:31:34 -------- d-----w- c:\program files\Uninstaller
2013-05-22 15:23:33 -------- d-----w- c:\program files\Uniblue
2013-05-22 15:21:24 -------- d-----w- c:\program files\Vafmusic2
2013-05-22 15:17:10 -------- d-----w- c:\program files\SearchProtect
2013-05-22 15:16:56 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\Strongvault Online Backup
2013-05-22 15:16:47 -------- d-----w- c:\documents and settings\all users\application data\Strongvault Online Backup
2013-05-22 15:16:35 -------- d-----w- c:\documents and settings\compaq_owner\local settings\application data\Strongvault
2013-05-22 15:15:52 -------- d-----w- c:\program files\Strongvault Online Backup
2013-05-22 15:15:30 -------- d-----w- c:\documents and settings\compaq_owner\application data\SearchProtect
2013-05-22 15:12:05 -------- d-----w- c:\program files\Optimizer Pro
2013-05-22 15:09:52 -------- d-----w- c:\documents and settings\compaq_owner\application data\Strongvault
2013-05-22 15:04:50 -------- d-----w- c:\program files\SingAlong
2013-05-21 22:49:08 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-11 10:37:28 209472 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-05-28 21:55:49 45056 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2013-05-28 21:55:49 44032 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2013-05-22 23:50:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-05-22 23:50:09 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-05-21 00:06:25 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-15 01:31:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 01:31:11 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-29 06:53:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-21 07:08:24 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH: 20:40:34.93 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/6/2009 12:16:06 AM
System Uptime: 6/3/2013 8:21:05 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Salmon
Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 754 | 1808/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 180 GiB total, 125.155 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.873 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1322: 5/28/2013 7:18:30 PM - Installed Windows XP KB958690.
RP1323: 5/28/2013 7:26:50 PM - Installed Windows XP KB959426.
RP1324: 5/28/2013 7:31:29 PM - Installed Windows XP KB960225.
RP1325: 5/28/2013 7:35:26 PM - Installed Windows XP KB960803.
RP1326: 5/28/2013 7:40:13 PM - Installed Windows XP KB960859.
RP1327: 5/28/2013 7:45:56 PM - Installed Windows XP KB961118.
RP1328: 5/28/2013 7:49:36 PM - Installed Windows XP KB961371.
RP1329: 5/28/2013 7:52:19 PM - Installed Windows XP KB961373.
RP1330: 5/28/2013 7:54:31 PM - Installed Windows XP KB961501.
RP1331: 5/28/2013 7:57:23 PM - Installed Windows XP KB961503.
RP1332: 5/28/2013 7:59:27 PM - Installed Windows XP KB967715.
RP1333: 5/28/2013 8:01:44 PM - Installed Windows XP KB968389.
RP1334: 5/28/2013 8:03:46 PM - Installed Windows XP KB968537.
RP1335: 5/28/2013 8:06:55 PM - Installed Windows XP KB969059.
RP1336: 5/28/2013 8:12:26 PM - Installed Windows XP KB969947.
RP1337: 5/28/2013 8:16:01 PM - Installed Windows XP KB970238.
RP1338: 5/28/2013 8:18:37 PM - Installed Windows XP KB970430.
RP1339: 5/28/2013 8:21:22 PM - Installed Windows XP KB971468.
RP1340: 5/28/2013 8:26:23 PM - Installed Windows XP KB971486.
RP1341: 5/28/2013 8:31:29 PM - Installed Windows XP KB971557.
RP1342: 5/28/2013 8:35:18 PM - Installed Windows XP KB971633.
RP1343: 5/28/2013 8:39:19 PM - Installed Windows XP KB971657.
RP1344: 5/28/2013 8:41:12 PM - Installed Windows XP KB971737.
RP1345: 5/28/2013 8:47:00 PM - Installed Windows XP KB972270.
RP1346: 5/28/2013 8:51:06 PM - Installed Windows XP KB973354.
RP1347: 5/28/2013 8:54:48 PM - Installed Windows XP KB973507.
RP1348: 5/28/2013 8:56:55 PM - Installed Windows XP KB973687.
RP1349: 5/28/2013 8:58:40 PM - Installed Windows XP KB973815.
RP1350: 5/28/2013 9:00:27 PM - Installed Windows XP KB973869.
RP1351: 5/28/2013 9:01:58 PM - Installed Windows XP KB974112.
RP1352: 5/28/2013 9:03:29 PM - Installed Windows XP KB974318.
RP1353: 5/28/2013 9:06:59 PM - Installed Windows XP KB974392.
RP1354: 5/28/2013 9:11:17 PM - Installed Windows XP KB974571.
RP1355: 5/28/2013 9:13:08 PM - Installed Windows XP KB975025.
RP1356: 5/28/2013 9:15:14 PM - Installed Windows XP KB975467.
RP1357: 5/28/2013 9:17:08 PM - Installed Windows XP KB975560.
RP1358: 5/28/2013 9:18:54 PM - Installed Windows XP KB975561.
RP1359: 5/28/2013 9:21:09 PM - Installed Windows XP KB975562.
RP1360: 5/28/2013 9:23:09 PM - Installed Windows XP KB975713.
RP1361: 5/28/2013 9:25:20 PM - Installed Windows XP KB977165.
RP1362: 5/28/2013 9:27:01 PM - Installed Windows XP KB977914.
RP1363: 5/28/2013 9:28:40 PM - Installed Windows XP KB978037.
RP1364: 5/28/2013 9:30:27 PM - Installed Windows XP KB978251.
RP1365: 5/28/2013 9:32:36 PM - Installed Windows XP KB978338.
RP1366: 5/28/2013 9:34:31 PM - Installed Windows XP KB978542.
RP1367: 5/28/2013 9:36:42 PM - Installed Windows XP KB978601.
RP1368: 5/28/2013 9:40:06 PM - Installed Windows XP KB978706.
RP1369: 5/28/2013 9:42:57 PM - Installed Windows XP KB979309.
RP1370: 5/28/2013 9:44:22 PM - Installed Windows XP KB979482.
RP1371: 5/28/2013 9:45:44 PM - Installed Windows XP KB979559.
RP1372: 5/28/2013 9:47:10 PM - Installed Windows XP KB979683.
RP1373: 5/28/2013 9:48:49 PM - Installed Windows XP KB980218.
RP1374: 5/28/2013 9:50:13 PM - Installed Windows XP KB980232.
RP1375: 5/29/2013 9:52:39 AM - Restore Operation
RP1376: 5/30/2013 2:04:29 PM - System Checkpoint
RP1377: 5/30/2013 5:42:17 PM - Installed Windows XP KB953356.
RP1378: 5/30/2013 8:13:36 PM - Installed Windows XP Service Pack 2.
RP1379: 5/30/2013 8:40:43 PM - Restore Operation
RP1380: 5/31/2013 7:31:54 PM - Installed Windows XP KB953356.
RP1381: 5/31/2013 7:37:34 PM - before XP3
RP1382: 6/1/2013 3:43:31 PM - Restore Operation
RP1383: 6/2/2013 11:55:48 AM - before sp3
RP1384: 6/2/2013 12:21:29 PM - Installed Windows XP Service Pack 3.
RP1385: 6/2/2013 1:19:02 PM - Installed Windows XP KB2229593.
RP1386: 6/2/2013 1:21:51 PM - Installed Windows XP KB923561.
RP1387: 6/2/2013 1:28:12 PM - Installed Windows XP KB938464.
RP1388: 6/2/2013 1:39:26 PM - Installed Windows XP KB946648.
RP1389: 6/2/2013 1:44:22 PM - Installed Windows XP KB950762.
RP1390: 6/2/2013 1:47:18 PM - Installed Windows XP KB950974.
RP1391: 6/2/2013 1:49:14 PM - Installed Windows XP KB951066.
RP1392: 6/2/2013 1:51:03 PM - Installed Windows XP KB951376-v2.
RP1393: 6/2/2013 1:53:13 PM - Installed Windows XP KB951698.
RP1394: 6/2/2013 1:55:45 PM - Installed Windows XP KB951748.
RP1395: 6/2/2013 2:00:25 PM - Installed Windows XP KB952004.
RP1396: 6/2/2013 2:05:38 PM - Installed Windows XP KB952287.
RP1397: 6/2/2013 2:09:55 PM - Installed Windows XP KB952954.
RP1398: 6/2/2013 2:13:19 PM - Installed Windows XP KB954211.
RP1399: 6/2/2013 2:17:15 PM - Installed Windows XP KB954600.
RP1400: 6/2/2013 2:23:05 PM - Installed Windows XP KB974112.
RP1401: 6/2/2013 2:27:02 PM - Installed Windows XP KB955069.
RP1402: 6/2/2013 2:29:55 PM - Installed Windows XP KB973687.
RP1403: 6/2/2013 2:33:40 PM - Installed Windows XP KB955759.
RP1404: 6/2/2013 2:35:54 PM - Installed Windows XP KB956572.
RP1405: 6/2/2013 2:40:44 PM - Installed Windows XP KB956802.
RP1406: 6/2/2013 2:47:09 PM - Installed Windows XP KB956803.
RP1407: 6/2/2013 2:56:47 PM - Installed Windows XP KB956841.
RP1408: 6/2/2013 3:05:02 PM - Installed Windows XP KB956844.
RP1409: 6/2/2013 3:19:49 PM - Installed Windows XP KB957097.
RP1410: 6/2/2013 3:28:59 PM - Installed Windows XP KB958644.
RP1411: 6/2/2013 3:31:41 PM - Installed Windows XP KB958687.
RP1412: 6/2/2013 3:36:14 PM - Installed Windows XP KB958690.
RP1413: 6/2/2013 3:41:20 PM - Installed Windows XP KB959426.
RP1414: 6/2/2013 3:46:31 PM - Installed Windows XP KB960225.
RP1415: 6/2/2013 3:49:13 PM - Installed Windows XP KB960803.
RP1416: 6/2/2013 3:51:38 PM - Installed Windows XP KB960859.
RP1417: 6/2/2013 3:53:57 PM - Installed Windows XP KB961118.
RP1418: 6/2/2013 3:56:32 PM - Installed Windows XP KB961371.
RP1419: 6/2/2013 4:02:13 PM - Installed Windows XP KB961373.
RP1420: 6/2/2013 4:10:25 PM - Installed Windows XP KB961501.
RP1421: 6/2/2013 4:12:57 PM - Installed Windows XP KB961503.
RP1422: 6/2/2013 4:16:22 PM - Installed Windows XP KB967715.
RP1423: 6/2/2013 4:19:25 PM - Installed Windows XP KB968389.
RP1424: 6/2/2013 4:22:20 PM - Installed Windows XP KB968537.
RP1425: 6/2/2013 4:26:03 PM - Installed Windows XP KB969059.
RP1426: 6/2/2013 4:31:38 PM - Installed Windows XP KB969947.
RP1427: 6/2/2013 4:38:53 PM - Installed Windows XP KB970238.
RP1428: 6/2/2013 4:42:30 PM - Installed Windows XP KB970430.
RP1429: 6/2/2013 4:45:32 PM - Installed Windows XP KB971468.
RP1430: 6/2/2013 4:50:09 PM - Installed Windows XP KB971486.
RP1431: 6/2/2013 4:58:20 PM - Installed Windows XP KB971557.
RP1432: 6/2/2013 5:12:42 PM - Installed Windows XP KB971633.
RP1433: 6/2/2013 5:41:09 PM - Installed Windows XP KB971657.
RP1434: 6/2/2013 5:54:15 PM - Installed Windows XP KB971737.
RP1435: 6/2/2013 6:02:41 PM - Installed Windows XP KB972270.
RP1436: 6/2/2013 6:05:28 PM - Installed Windows XP KB973354.
RP1437: 6/2/2013 6:13:19 PM - Installed Windows XP KB973507.
RP1438: 6/2/2013 6:19:22 PM - Installed Windows XP KB973687.
RP1439: 6/2/2013 6:21:49 PM - Installed Windows XP KB973815.
RP1440: 6/2/2013 6:24:20 PM - Installed Windows XP KB973869.
RP1441: 6/2/2013 6:26:46 PM - Installed Windows XP KB974112.
RP1442: 6/2/2013 6:28:51 PM - Installed Windows XP KB974318.
RP1443: 6/2/2013 6:31:09 PM - Installed Windows XP KB974392.
RP1444: 6/2/2013 6:38:03 PM - Installed Windows XP KB974571.
RP1445: 6/2/2013 6:45:22 PM - Installed Windows XP KB975025.
RP1446: 6/2/2013 6:49:07 PM - Installed Windows XP KB975467.
RP1447: 6/2/2013 6:51:41 PM - Installed Windows XP KB975560.
RP1448: 6/2/2013 7:00:18 PM - Installed Windows XP KB975561.
RP1449: 6/2/2013 7:15:32 PM - Installed Windows XP KB975562.
RP1450: 6/2/2013 7:25:37 PM - Installed Windows XP KB975713.
RP1451: 6/2/2013 7:36:19 PM - Installed Windows XP KB977165.
RP1452: 6/2/2013 7:50:42 PM - Installed Windows XP KB977914.
RP1453: 6/2/2013 7:59:28 PM - Installed Windows XP KB978037.
RP1454: 6/2/2013 8:08:43 PM - Installed Windows XP KB978251.
RP1455: 6/2/2013 8:11:17 PM - Installed Windows XP KB978338.
RP1456: 6/2/2013 8:16:13 PM - Installed Windows XP KB978542.
RP1457: 6/2/2013 8:19:05 PM - Installed Windows XP KB978601.
RP1458: 6/2/2013 8:21:50 PM - Installed Windows XP KB978706.
RP1459: 6/2/2013 8:26:40 PM - Installed Windows XP KB979309.
RP1460: 6/2/2013 8:35:14 PM - Installed Windows XP KB979482.
RP1461: 6/2/2013 8:48:40 PM - Installed Windows XP KB979559.
RP1462: 6/2/2013 9:05:11 PM - Restore Operation
RP1463: 6/3/2013 7:15:33 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Agere Systems PCI Soft Modem
Amazon Kindle
AMT 2.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression for Kodak
AVG 2013
AVG Security Toolbar
Blackhawk Striker 2 from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Blasterball 2 Holidays from Compaq (remove only)
Blasterball 2 Remix from Compaq (remove only)
Bonjour
Bounce Symphony from Compaq (remove only)
calibre
Canon MP Navigator EX 1.0
Canon MX310 series
Canon MX310 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
Chameleon Tom
Choice Guard
Compaq Connections
Compaq Organize
Critical Update for Windows Media Player 11 (KB959772)
Crystal Maze from Compaq (remove only)
Deal or No Deal - Secret Vault Games
Easy Internet Sign-up
EZ Tape Converter 2.0.0 by MixMeister
Final Drive Nitro from Compaq (remove only)
Free Convert MOV AVI to FLV Flash WMV Converter 5.8
Garmin Communicator Plugin
Garmin Lifetime Updater
Google Toolbar for Internet Explorer
Help and Support Additions
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Help and Support 4.0
HpSdpAppCoreApp
InterVideo WinDVD Player
iTunes
Junk Mail filter update
K-Lite Codec Pack 4.0.0 (Full)
KBD
Lexibox Deluxe from Compaq (remove only)
LS_HSI
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! 2000
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Move Media Player
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVCRT
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nickelodeon Toon Twister 3-D
Overball from Compaq (remove only)
Pattern Maker for cross stitch - Std
Pattern Maker for cross stitch Update - V3.10
PC-Doctor for Windows
Phoenix Assault from Compaq (remove only)
Photo Explosion Deluxe
PhotoScape
Picasa 3
Polar Bowler from Compaq (remove only)
Polar Golfer from Compaq (remove only)
Presto! PageManager 7.15.16
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Remove Adobe Photoshop Album 2.0 Starter Edition installer
Remove Microsoft Money 2005 installer
Remove WeatherBug installer
Revo Uninstaller 1.83
SA30xx Media Converter
SCRABBLE
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
Serif AlbumPlus SE PRO
Serif PhotoPlus X3
Shooting Stars Pool from Compaq (remove only)
SiS VGA Utilities
Slyder from Compaq (remove only)
Smilebox
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Stickies 7.1b
Super Granny from Compaq (remove only)
Sure Cuts A Lot 2.029
The File Splitter 1.31
Tradewinds from Compaq (remove only)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB904942)
Update for Windows XP (KB925720)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Walmart MP3 Music Downloads
WebFldrs XP
WildTangent GameChannel (remove only)
WildTangent Web Driver
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Yahoo! Toolbar
.
==== End Of File ===========================
Results of screen317's Security Check version 0.99.64
Windows XP Service Pack 2 x86
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
AVG 2013
AVG Security Toolbar
AVG 2013
McAfee Security Scan Plus
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader XI
Mozilla Firefox 19.0.2 Firefox out of Date!
Google Chrome 2.0.172.39
````````Process Check: objlist.exe by Laurent````````[/u]
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````[/u]
ok good you were able to get it to copy and paste! Good just be patient and take it step by step. You did good so far.
I had a call from my credit card co this AM. There was an unauthorized charge made to my card today. I was wondering if any sensitive info could be gotten from the logs I posted.
No, there is nothing in the logs that would compromise you ...
QuoteI updated and ran Malwarebytse, found 5 threats and removed them
It would be useful to see what MBAM found and removed. Please launch it, and click on the "Logs" tab at the top. Click on the scan that you ran, the "Open" at the bottom left. Copy/paste here please.
Hi, mare_wbpa. You made it! :dance: Welcome to LandzDown Forum.
We will do our best to assist you. However, in order to do so, please follow all instructions provided in the sequence given. Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use. This may cause conflicts with the tools being used in the cleanup process.
If you have questions regarding any of the instructions or problems running any tools, please let us know.
1. Let's start by uninstalling the following. McAfee Security Scan is unnecessary and would have been included with an Adobe update. With your computer out of warranty, PC-Doctor is of no value.
McAfee Security Scan Plus
PC-Doctor for Windows2. Next, please run the Norton Removal tool to remove those leftovers: Download and run the Norton Removal Tool to remove your Norton product (https://support.norton.com/sp/en/us/home/current/solutions/kb20080828154508EN_EndUserProfile_en_us;jsessionid=566B2FB902406D725D4C587E75E07B06.4?entsrc=redirect_pubweb&product=home&pvid=f-home&version=1).
3. Please download
AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner) by Xplode to your Desktop.
- Double-click AdwCleaner.exe to run the tool.
- Click Search.
- A logfile will automatically open after the scan has finished.
- Please post the contents of that logfile with your next response.
Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., R1
4. As Winchester73 indicted, please provide a copy of the Malwarebytes scan that shows what MBAM removed. The log is automatically saved by MBAM and can be viewed by clicking the
Logs tab in MBAM. Please post contents of that file in your next reply.
oh good job by your credit card company. You can rest assured that every thing you are doing here is safe and will hopefully be able to make your pc more secure. These logs will help determine if you still have any infections compromising the security of it.
You are doing a good job.
I'm having trouble already. I went to add/remove and found PC Dr but it wouldn't uninstall. A box would come up momentarilly with a progress bar half way across but would disappear B4 I had a chance to read it. I didn't see Mcafee in the add/remove list, but found it in the "all programs"list and uninstalled it, I think. When I went back to recheck if I had missed it in the Add/remove list I found that list wouldn't open when I clicked on it on the control panel. I didn't go any further.
No worries ... run AdwCleaner and post the MBAM log. We can sort out the rest once we see what is going on.
I used Search to see if I could find the Mbam log and it failed to find it. What's my next step to find the log?
Hi, mare_wbpa.
Rather than using Search, launch Malwarebytes and click on the tab for Logs. If you cannot locate the log there, just move on and run AdwCleaner.
Thanks.
I tried to launch Mbam for the log but got a message that the database was missing or corrupt, and that I needed to download it again. I did the Norton download and ran it. I did the AdwCleaner scan here's the log.
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Compaq_Owner - YOUR-F78BF48CE2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Uninstall.exe
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\WINDOWS\Tasks\SpeedUpMyPC.job
Folder Found : C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\avg@toolbar
Folder Found : C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\CT3289847
Folder Found : C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\CT3289847
Folder Found : C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\CT3294791
Folder Found : C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Iminent
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Compaq_Owner\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\CT3289847
Folder Found : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\CT3289847
Folder Found : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\CT3294791
Folder Found : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}(2)
Folder Found : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}(3)
Folder Found : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
Folder Found : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\Smartbar
Folder Found : C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect
Folder Found : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AVG Security Toolbar
Folder Found : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
Folder Found : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Folder Found : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Ilivid
Folder Found : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\PackageAware
Folder Found : C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Chameleon Tom
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\ChameleonTom
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\InfoAtoms
Folder Found : C:\Program Files\OApps
Folder Found : C:\Program Files\Optimizer Pro
Folder Found : C:\Program Files\SearchProtect
Folder Found : C:\Program Files\SingAlong
***** [Registry] *****
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB35C569-5624-4CFC-8043-E5139F55A073}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9732E648-5755-43ED-9003-9E835D22CFE7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E7767193-0A2F-4AFE-BAF4-288366162E48}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ChameleonTom
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ChameleonTom
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKU\S-1-5-21-3067886581-847020557-550397895-1009\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKU\S-1-5-21-3067886581-847020557-550397895-1009\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-3067886581-847020557-550397895-1009\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80114
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80114
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114
-\\ Mozilla Firefox v19.0.2 (en-US)
File : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\prefs.js
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={0BAA4612-B26C-431F-83DF-372ABBD3[...]
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={0BAA4612-B26C-431F-83DF-372ABBD3B64B}&m[...]
File : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\prefs.js
Found : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Found : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description[...]
Found : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3289847.FF19Solved", "true");
Found : user_pref("CT3289847.FirstTime", "true");
Found : user_pref("CT3289847.FirstTimeFF3", "true");
Found : user_pref("CT3289847.PG_ENABLE.enc", "dHJ1ZQ==");
Found : user_pref("CT3289847.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
Found : user_pref("CT3289847.UserID", "UN68834311713071263");
Found : user_pref("CT3289847.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Found : user_pref("CT3289847.defaultSearch", "true");
Found : user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3289847.enableAlerts", "true");
Found : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Found : user_pref("CT3289847.enableSearchFromAddressBar", "true");
Found : user_pref("CT3289847.firstTimeDialogOpened", "true");
Found : user_pref("CT3289847.fixPageNotFoundError", "true");
Found : user_pref("CT3289847.fixPageNotFoundErrorByUser", "true");
Found : user_pref("CT3289847.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3289847.fixUrls", true);
Found : user_pref("CT3289847.homepageuserchanged", true);
Found : user_pref("CT3289847.hxxp___api16_similarsites_com.pid2.enc", "MzZiZmQwOGU0YzUyM2E0Mg==");
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLC[...]
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoi[...]
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "NzRkZDEyMWUtOTJiMC00NmVkLW[...]
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Found : user_pref("CT3289847.installDate", "10/4/2013 22:46:49");
Found : user_pref("CT3289847.installId", "9818");
Found : user_pref("CT3289847.installType", "conduitnsisintegration");
Found : user_pref("CT3289847.installerVersion", "1.3.7.3");
Found : user_pref("CT3289847.isCheckedStartAsHidden", true);
Found : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3289847.keyword", "true");
Found : user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Found : user_pref("CT3289847.lastVersion", "10.14.380.14");
Found : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM2NTcxNTYwNDkwOA==");
Found : user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
Found : user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
Found : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Found : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Found : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Found : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS40LjQuNg==");
Found : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Found : user_pref("CT3289847.mam_gk_gadgetOpen.enc", "MA==");
Found : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Found : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM2NTcxNTU5OTcxOQ==");
Found : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Found : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Found : user_pref("CT3289847.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Found : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Found : user_pref("CT3289847.mam_gk_userId.enc", "MTFiNmE3MTctOTU1My00MWE0LWJjZjYtNjFiYjViMGNiNjIz");
Found : user_pref("CT3289847.migrateAppsAndComponents", true);
Found : user_pref("CT3289847.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Found : user_pref("CT3289847.openThankYouPage", "false");
Found : user_pref("CT3289847.openUninstallPage", "true");
Found : user_pref("CT3289847.revertSettingsEnabled", "true");
Found : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Found : user_pref("CT3289847.search.searchCount", "0");
Found : user_pref("CT3289847.searchFromAddressBarEnabledByUser", "true");
Found : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
Found : user_pref("CT3289847.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3289847.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3289847.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1365648866123");
Found : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1365648865230");
Found : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1365648865095");
Found : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1365735273807");
Found : user_pref("CT3289847.serviceLayer_services_login_10.14.380.14_lastUpdate", "1365691159439");
Found : user_pref("CT3289847.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365778011762");
Found : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1365648865238");
Found : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1365648854931");
Found : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1365735271492");
Found : user_pref("CT3289847.serviceLayer_services_setupAPI_lastUpdate", "1365648855851");
Found : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1365648865019");
Found : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1365778011208");
Found : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1365735272528");
Found : user_pref("CT3289847.settingsINI", true);
Found : user_pref("CT3289847.shouldFirstTimeDialog", "false");
Found : user_pref("CT3289847.showToolbarPermission", "false");
Found : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Found : user_pref("CT3289847.smartbar.Uninstall", "0");
Found : user_pref("CT3289847.smartbar.homepage", true);
Found : user_pref("CT3289847.smartbar.isHidden", true);
Found : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Found : user_pref("CT3289847.startPage", "true");
Found : user_pref("CT3289847.toolbarBornServerTime", "11-4-2013");
Found : user_pref("CT3289847.toolbarCurrentServerTime", "12-4-2013");
Found : user_pref("CT3289847.toolbarLoginClientTime", "Thu Apr 11 2013 16:35:18 GMT-0400 (Eastern Daylight T[...]
Found : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("CT3294791.1000082.isPlayDisplay", "true");
Found : user_pref("CT3294791.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3294791.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3294791.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3294791.FF19Solved", "true");
Found : user_pref("CT3294791.FirstTime", "true");
Found : user_pref("CT3294791.FirstTimeFF3", "true");
Found : user_pref("CT3294791.PG_ENABLE", "dHJ1ZQ==");
Found : user_pref("CT3294791.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Found : user_pref("CT3294791.SF_STATUS.enc", "RU5BQkxFRA==");
Found : user_pref("CT3294791.SF_USER_ID.enc", "Y2lkXzIyNTIwMTMxOTU1NTgzMzg5MDM=");
Found : user_pref("CT3294791.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329[...]
Found : user_pref("CT3294791.UserID", "UN12355583662464419");
Found : user_pref("CT3294791.YTbyClickFavorites.enc", "W10=");
Found : user_pref("CT3294791.YTbyClickRecent.enc", "W10=");
Found : user_pref("CT3294791.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3294791.autoDisableScopes", 0);
Found : user_pref("CT3294791.browser.search.defaultthis.engineName", "true");
Found : user_pref("CT3294791.cbfirsttime.enc", "V2VkIE1heSAyMiAyMDEzIDE2OjE3OjE1IEdNVC0wNDAwIChFYXN0ZXJuIFN0[...]
Found : user_pref("CT3294791.defaultSearch", "true");
Found : user_pref("CT3294791.embeddedsData", "[{\"appId\":\"130089396748860745\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3294791.enableAlerts", "true");
Found : user_pref("CT3294791.enableFix404ByUser", "TRUE");
Found : user_pref("CT3294791.enableSearchFromAddressBar", "true");
Found : user_pref("CT3294791.firstTimeDialogOpened", "true");
Found : user_pref("CT3294791.fixPageNotFoundError", "true");
Found : user_pref("CT3294791.fixPageNotFoundErrorByUser", "true");
Found : user_pref("CT3294791.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3294791.fixUrls", true);
Found : user_pref("CT3294791.installDate", "22/5/2013 11:15:00");
Found : user_pref("CT3294791.installId", "stub.exe");
Found : user_pref("CT3294791.installSessionId", "{BECD15F8-F851-4052-AD18-7AB94D7C72B5}");
Found : user_pref("CT3294791.installSp", "TRUE");
Found : user_pref("CT3294791.installType", "conduitnsisintegration");
Found : user_pref("CT3294791.installUsage", "2013-05-22T23:17:02.7008829+03:00");
Found : user_pref("CT3294791.installUsageEarly", "2013-05-22T23:17:00.0020483+03:00");
Found : user_pref("CT3294791.installerVersion", "1.4.2.3");
Found : user_pref("CT3294791.isCheckedStartAsHidden", true);
Found : user_pref("CT3294791.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3294791.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3294791.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3294791.keyword", "true");
Found : user_pref("CT3294791.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Found : user_pref("CT3294791.lastVersion", "10.16.2.509");
Found : user_pref("CT3294791.mam_gk_appStateReportTime.enc", "MTM2OTI1MzgyNzc5Mg==");
Found : user_pref("CT3294791.mam_gk_appState_CouponBuddy.enc", "b24=");
Found : user_pref("CT3294791.mam_gk_appState_Easytobook.enc", "b24=");
Found : user_pref("CT3294791.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Found : user_pref("CT3294791.mam_gk_appState_PriceGong.enc", "b24=");
Found : user_pref("CT3294791.mam_gk_appState_WindowShopper.enc", "b24=");
Found : user_pref("CT3294791.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Found : user_pref("CT3294791.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Found : user_pref("CT3294791.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Found : user_pref("CT3294791.mam_gk_currentVersion.enc", "MS42LjAuMQ==");
Found : user_pref("CT3294791.mam_gk_eventsCache.enc", "eyJmMDNmZGY0OC00MmEzLTRiNjQtODM4Ny0xMjY4ZWUxMjU4ZmUiO[...]
Found : user_pref("CT3294791.mam_gk_first_time.enc", "MQ==");
Found : user_pref("CT3294791.mam_gk_gadgetOpen.enc", "d2VsY29tZQ==");
Found : user_pref("CT3294791.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Found : user_pref("CT3294791.mam_gk_lastLoginTime.enc", "MTM2OTI1MzgyMzkxNg==");
Found : user_pref("CT3294791.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Found : user_pref("CT3294791.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Found : user_pref("CT3294791.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT3294791.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Found : user_pref("CT3294791.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");
Found : user_pref("CT3294791.mam_gk_userId.enc", "NjE5MjdkMTUtMjU1NC00ZGMxLWFkMjEtNzY5MzEzZTY3NDRl");
Found : user_pref("CT3294791.migrateAppsAndComponents", true);
Found : user_pref("CT3294791.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Found : user_pref("CT3294791.openThankYouPage", "false");
Found : user_pref("CT3294791.openUninstallPage", "true");
Found : user_pref("CT3294791.originalHomepage", "hxxp://www.yahoo.com/");
Found : user_pref("CT3294791.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT32[...]
Found : user_pref("CT3294791.originalSearchEngine", "Google");
Found : user_pref("CT3294791.revertSettingsEnabled", "false");
Found : user_pref("CT3294791.search.searchAppId", "130089396748860745");
Found : user_pref("CT3294791.search.searchCount", "0");
Found : user_pref("CT3294791.searchFromAddressBarEnabledByUser", "true");
Found : user_pref("CT3294791.searchInNewTabEnabledByUser", "true");
Found : user_pref("CT3294791.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3294791.searchRevert", "false");
Found : user_pref("CT3294791.searchUserMode", "2");
Found : user_pref("CT3294791.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3294791.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3294791.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3294791.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3294791.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3294791.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3294791.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3294791.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1369253811745");
Found : user_pref("CT3294791.serviceLayer_services_appsMetadata_lastUpdate", "1369253812031");
Found : user_pref("CT3294791.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1369253811803");
Found : user_pref("CT3294791.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1369253808[...]
Found : user_pref("CT3294791.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1369253812632")[...]
Found : user_pref("CT3294791.serviceLayer_services_location_lastUpdate", "1370360426073");
Found : user_pref("CT3294791.serviceLayer_services_login_10.16.2.509_lastUpdate", "1370375300137");
Found : user_pref("CT3294791.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1369253811652");
Found : user_pref("CT3294791.serviceLayer_services_searchAPI_lastUpdate", "1369263810153");
Found : user_pref("CT3294791.serviceLayer_services_serviceMap_lastUpdate", "1370360425350");
Found : user_pref("CT3294791.serviceLayer_services_setupAPI_lastUpdate", "1369263809260");
Found : user_pref("CT3294791.serviceLayer_services_toolbarContextMenu_lastUpdate", "1369253811523");
Found : user_pref("CT3294791.serviceLayer_services_toolbarSettings_lastUpdate", "1370375314720");
Found : user_pref("CT3294791.serviceLayer_services_translation_lastUpdate", "1370360427056");
Found : user_pref("CT3294791.settingsINI", true);
Found : user_pref("CT3294791.shouldFirstTimeDialog", "false");
Found : user_pref("CT3294791.showToolbarPermission", "false");
Found : user_pref("CT3294791.smartbar.CTID", "CT3294791");
Found : user_pref("CT3294791.smartbar.Uninstall", "0");
Found : user_pref("CT3294791.smartbar.homepage", "true");
Found : user_pref("CT3294791.smartbar.isHidden", true);
Found : user_pref("CT3294791.smartbar.toolbarName", "Vafmusic2 ");
Found : user_pref("CT3294791.startPage", "true");
Found : user_pref("CT3294791.toolbarBornServerTime", "22-5-2013");
Found : user_pref("CT3294791.toolbarCurrentServerTime", "4-6-2013");
Found : user_pref("CT3294791.toolbarLoginClientTime", "Wed May 22 2013 16:16:52 GMT-0400 (Eastern Standard T[...]
Found : user_pref("CT3294791.url_history0001.enc", "aHR0cDovL3d3dy55YWhvby5jb20vOjo6Y2xpY2toYW5kbGVyOjo6MTM2[...]
Found : user_pref("CT3294791.versionFromInstaller", "10.16.2.9");
Found : user_pref("CT3294791_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "");
Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3294791");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.defaultthis.engineName", "Vafmusic2 Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&CUI[...]
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&SearchSource=2&CU[...]
Found : user_pref("smartbar.addressBarOwnerCTID", "CT3294791");
Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847[...]
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3294791");
Found : user_pref("smartbar.homePageOwnerCTID", "CT3294791");
Found : user_pref("smartbar.machineId", "99IOF5TMEEYUMZZM7CYH67LFITE");
Found : user_pref("smartbar.originalHomepage", "www.yahoo.com");
Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://isearch.avg.com/search?cid={0BAA4612-B26C-431[...]
Found : user_pref("smartbar.originalSearchEngine", "Google");
-\\ Google Chrome v [Unable to get version]
File : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [31513 octets] - [05/06/2013 13:29:55]
########## EOF - C:\AdwCleaner[R1].txt - [31574 octets] ##########
Ok, we'll take a look at MBAM later. In the meantime, please do the following:
1. Please rescan with AdwCleaner so it can remove what was found.
- Double-click AdwCleaner.exe to run the tool.
- Click Delete.
- Everything that was found will be deleted.
- Save any open files and approve the reboot. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1
2. This next tool often picks up additional items that AdwCleaner doesn't see. Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/) to your desktop.
- Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
3. Restart your computer and then
please follow these instructions carefully.Download ComboFix from
here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe).
!!! IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.
Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html).
Now, please run ComboFix:
- Note: If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
- Double-click ComboFix.exe on your desktop and follow the prompts.
- As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
- When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC1.png&hash=29e6fe1eb864e58b4b66611caa7d7b6be84a47f8)
- After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_RC2.png&hash=e111f6aa2d657579d44cabc5fb4258fd1dce26eb)
- Click "Yes" to continue scanning for malware.
- When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.
Here's the AdwCleaner log. I'll be working on the next download.
# AdwCleaner v2.301 - Logfile created 06/05/2013 at 16:38:13
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Compaq_Owner - YOUR-F78BF48CE2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
Deleted on reboot : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\WINDOWS\Tasks\SpeedUpMyPC.job
Folder Deleted : C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\CT3289847
Folder Deleted : C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\CT3294791
Folder Deleted : C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Iminent
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\CT3289847
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\CT3294791
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}(2)
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}(3)
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{7f3f960e-a836-45ca-8911-0accb522246e}
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\Smartbar
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Ilivid
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Chameleon Tom
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\ChameleonTom
Folder Deleted : C:\Program Files\InfoAtoms
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\SingAlong
***** [Registry] *****
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB35C569-5624-4CFC-8043-E5139F55A073}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9732E648-5755-43ED-9003-9E835D22CFE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E7767193-0A2F-4AFE-BAF4-288366162E48}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ChameleonTom
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ChameleonTom
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80114 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80114 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114 --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (en-US)
File : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\prefs.js
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\user.js ... Deleted !
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={0BAA4612-B26C-431F-83DF-372ABBD3[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={0BAA4612-B26C-431F-83DF-372ABBD3B64B}&m[...]
File : C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\prefs.js
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\user.js ... Deleted !
Deleted : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description[...]
Deleted : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3289847.FF19Solved", "true");
Deleted : user_pref("CT3289847.FirstTime", "true");
Deleted : user_pref("CT3289847.FirstTimeFF3", "true");
Deleted : user_pref("CT3289847.PG_ENABLE.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
Deleted : user_pref("CT3289847.UserID", "UN68834311713071263");
Deleted : user_pref("CT3289847.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3289847.defaultSearch", "true");
Deleted : user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3289847.enableAlerts", "true");
Deleted : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3289847.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3289847.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3289847.fixPageNotFoundError", "true");
Deleted : user_pref("CT3289847.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3289847.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3289847.fixUrls", true);
Deleted : user_pref("CT3289847.homepageuserchanged", true);
Deleted : user_pref("CT3289847.hxxp___api16_similarsites_com.pid2.enc", "MzZiZmQwOGU0YzUyM2E0Mg==");
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLC[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoi[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "NzRkZDEyMWUtOTJiMC00NmVkLW[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Deleted : user_pref("CT3289847.installDate", "10/4/2013 22:46:49");
Deleted : user_pref("CT3289847.installId", "9818");
Deleted : user_pref("CT3289847.installType", "conduitnsisintegration");
Deleted : user_pref("CT3289847.installerVersion", "1.3.7.3");
Deleted : user_pref("CT3289847.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3289847.keyword", "true");
Deleted : user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3289847.lastVersion", "10.14.380.14");
Deleted : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM2NTcxNTYwNDkwOA==");
Deleted : user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Deleted : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS40LjQuNg==");
Deleted : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3289847.mam_gk_gadgetOpen.enc", "MA==");
Deleted : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM2NTcxNTU5OTcxOQ==");
Deleted : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3289847.mam_gk_userId.enc", "MTFiNmE3MTctOTU1My00MWE0LWJjZjYtNjFiYjViMGNiNjIz");
Deleted : user_pref("CT3289847.migrateAppsAndComponents", true);
Deleted : user_pref("CT3289847.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT3289847.openThankYouPage", "false");
Deleted : user_pref("CT3289847.openUninstallPage", "true");
Deleted : user_pref("CT3289847.revertSettingsEnabled", "true");
Deleted : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Deleted : user_pref("CT3289847.search.searchCount", "0");
Deleted : user_pref("CT3289847.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3289847.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289847.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3289847.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1365648866123");
Deleted : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1365648865230");
Deleted : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1365648865095");
Deleted : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1365735273807");
Deleted : user_pref("CT3289847.serviceLayer_services_login_10.14.380.14_lastUpdate", "1365691159439");
Deleted : user_pref("CT3289847.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365778011762");
Deleted : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1365648865238");
Deleted : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1365648854931");
Deleted : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1365735271492");
Deleted : user_pref("CT3289847.serviceLayer_services_setupAPI_lastUpdate", "1365648855851");
Deleted : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1365648865019");
Deleted : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1365778011208");
Deleted : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1365735272528");
Deleted : user_pref("CT3289847.settingsINI", true);
Deleted : user_pref("CT3289847.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3289847.showToolbarPermission", "false");
Deleted : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Deleted : user_pref("CT3289847.smartbar.Uninstall", "0");
Deleted : user_pref("CT3289847.smartbar.homepage", true);
Deleted : user_pref("CT3289847.smartbar.isHidden", true);
Deleted : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Deleted : user_pref("CT3289847.startPage", "true");
Deleted : user_pref("CT3289847.toolbarBornServerTime", "11-4-2013");
Deleted : user_pref("CT3289847.toolbarCurrentServerTime", "12-4-2013");
Deleted : user_pref("CT3289847.toolbarLoginClientTime", "Thu Apr 11 2013 16:35:18 GMT-0400 (Eastern Daylight T[...]
Deleted : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3294791.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3294791.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3294791.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3294791.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3294791.FF19Solved", "true");
Deleted : user_pref("CT3294791.FirstTime", "true");
Deleted : user_pref("CT3294791.FirstTimeFF3", "true");
Deleted : user_pref("CT3294791.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3294791.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT3294791.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT3294791.SF_USER_ID.enc", "Y2lkXzIyNTIwMTMxOTU1NTgzMzg5MDM=");
Deleted : user_pref("CT3294791.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT329[...]
Deleted : user_pref("CT3294791.UserID", "UN12355583662464419");
Deleted : user_pref("CT3294791.YTbyClickFavorites.enc", "W10=");
Deleted : user_pref("CT3294791.YTbyClickRecent.enc", "W10=");
Deleted : user_pref("CT3294791.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3294791.autoDisableScopes", 0);
Deleted : user_pref("CT3294791.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3294791.cbfirsttime.enc", "V2VkIE1heSAyMiAyMDEzIDE2OjE3OjE1IEdNVC0wNDAwIChFYXN0ZXJuIFN0[...]
Deleted : user_pref("CT3294791.defaultSearch", "true");
Deleted : user_pref("CT3294791.embeddedsData", "[{\"appId\":\"130089396748860745\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3294791.enableAlerts", "true");
Deleted : user_pref("CT3294791.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3294791.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3294791.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3294791.fixPageNotFoundError", "true");
Deleted : user_pref("CT3294791.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3294791.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3294791.fixUrls", true);
Deleted : user_pref("CT3294791.installDate", "22/5/2013 11:15:00");
Deleted : user_pref("CT3294791.installId", "stub.exe");
Deleted : user_pref("CT3294791.installSessionId", "{BECD15F8-F851-4052-AD18-7AB94D7C72B5}");
Deleted : user_pref("CT3294791.installSp", "TRUE");
Deleted : user_pref("CT3294791.installType", "conduitnsisintegration");
Deleted : user_pref("CT3294791.installUsage", "2013-05-22T23:17:02.7008829+03:00");
Deleted : user_pref("CT3294791.installUsageEarly", "2013-05-22T23:17:00.0020483+03:00");
Deleted : user_pref("CT3294791.installerVersion", "1.4.2.3");
Deleted : user_pref("CT3294791.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3294791.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3294791.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3294791.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3294791.keyword", "true");
Deleted : user_pref("CT3294791.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3294791.lastVersion", "10.16.2.509");
Deleted : user_pref("CT3294791.mam_gk_appStateReportTime.enc", "MTM2OTI1MzgyNzc5Mg==");
Deleted : user_pref("CT3294791.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3294791.mam_gk_appState_Easytobook.enc", "b24=");
Deleted : user_pref("CT3294791.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Deleted : user_pref("CT3294791.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3294791.mam_gk_appState_WindowShopper.enc", "b24=");
Deleted : user_pref("CT3294791.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3294791.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3294791.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Deleted : user_pref("CT3294791.mam_gk_currentVersion.enc", "MS42LjAuMQ==");
Deleted : user_pref("CT3294791.mam_gk_eventsCache.enc", "eyJmMDNmZGY0OC00MmEzLTRiNjQtODM4Ny0xMjY4ZWUxMjU4ZmUiO[...]
Deleted : user_pref("CT3294791.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3294791.mam_gk_gadgetOpen.enc", "d2VsY29tZQ==");
Deleted : user_pref("CT3294791.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3294791.mam_gk_lastLoginTime.enc", "MTM2OTI1MzgyMzkxNg==");
Deleted : user_pref("CT3294791.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3294791.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3294791.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3294791.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3294791.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3294791.mam_gk_userId.enc", "NjE5MjdkMTUtMjU1NC00ZGMxLWFkMjEtNzY5MzEzZTY3NDRl");
Deleted : user_pref("CT3294791.migrateAppsAndComponents", true);
Deleted : user_pref("CT3294791.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"[...]
Deleted : user_pref("CT3294791.openThankYouPage", "false");
Deleted : user_pref("CT3294791.openUninstallPage", "true");
Deleted : user_pref("CT3294791.originalHomepage", "hxxp://www.yahoo.com/");
Deleted : user_pref("CT3294791.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT32[...]
Deleted : user_pref("CT3294791.originalSearchEngine", "Google");
Deleted : user_pref("CT3294791.revertSettingsEnabled", "false");
Deleted : user_pref("CT3294791.search.searchAppId", "130089396748860745");
Deleted : user_pref("CT3294791.search.searchCount", "0");
Deleted : user_pref("CT3294791.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3294791.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3294791.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3294791.searchRevert", "false");
Deleted : user_pref("CT3294791.searchUserMode", "2");
Deleted : user_pref("CT3294791.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3294791.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3294791.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3294791.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3294791.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3294791.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3294791.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3294791.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1369253811745");
Deleted : user_pref("CT3294791.serviceLayer_services_appsMetadata_lastUpdate", "1369253812031");
Deleted : user_pref("CT3294791.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1369253811803");
Deleted : user_pref("CT3294791.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1369253808[...]
Deleted : user_pref("CT3294791.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1369253812632")[...]
Deleted : user_pref("CT3294791.serviceLayer_services_location_lastUpdate", "1370455340858");
Deleted : user_pref("CT3294791.serviceLayer_services_login_10.16.2.509_lastUpdate", "1370455337467");
Deleted : user_pref("CT3294791.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1369253811652");
Deleted : user_pref("CT3294791.serviceLayer_services_searchAPI_lastUpdate", "1369263810153");
Deleted : user_pref("CT3294791.serviceLayer_services_serviceMap_lastUpdate", "1370455337304");
Deleted : user_pref("CT3294791.serviceLayer_services_setupAPI_lastUpdate", "1369263809260");
Deleted : user_pref("CT3294791.serviceLayer_services_toolbarContextMenu_lastUpdate", "1369253811523");
Deleted : user_pref("CT3294791.serviceLayer_services_toolbarSettings_lastUpdate", "1370455337387");
Deleted : user_pref("CT3294791.serviceLayer_services_translation_lastUpdate", "1370455337826");
Deleted : user_pref("CT3294791.settingsINI", true);
Deleted : user_pref("CT3294791.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3294791.showToolbarPermission", "false");
Deleted : user_pref("CT3294791.smartbar.CTID", "CT3294791");
Deleted : user_pref("CT3294791.smartbar.Uninstall", "0");
Deleted : user_pref("CT3294791.smartbar.homepage", "true");
Deleted : user_pref("CT3294791.smartbar.isHidden", true);
Deleted : user_pref("CT3294791.smartbar.toolbarName", "Vafmusic2 ");
Deleted : user_pref("CT3294791.startPage", "true");
Deleted : user_pref("CT3294791.toolbarBornServerTime", "22-5-2013");
Deleted : user_pref("CT3294791.toolbarCurrentServerTime", "5-6-2013");
Deleted : user_pref("CT3294791.toolbarLoginClientTime", "Wed May 22 2013 16:16:52 GMT-0400 (Eastern Standard T[...]
Deleted : user_pref("CT3294791.url_history0001.enc", "aHR0cDovL3d3dy55YWhvby5jb20vOjo6Y2xpY2toYW5kbGVyOjo6MTM2[...]
Deleted : user_pref("CT3294791.versionFromInstaller", "10.16.2.9");
Deleted : user_pref("CT3294791_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3294791");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "Vafmusic2 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&CUI[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3294791");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3294791");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3294791");
Deleted : user_pref("smartbar.machineId", "99IOF5TMEEYUMZZM7CYH67LFITE");
Deleted : user_pref("smartbar.originalHomepage", "www.yahoo.com");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://isearch.avg.com/search?cid={0BAA4612-B26C-431[...]
Deleted : user_pref("smartbar.originalSearchEngine", "Google");
-\\ Google Chrome v [Unable to get version]
File : C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [31644 octets] - [05/06/2013 13:29:55]
AdwCleaner[S1].txt - [32037 octets] - [05/06/2013 16:38:13]
########## EOF - C:\AdwCleaner[S1].txt - [32098 octets] ##########
Here's the JRT log.
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Compaq_Owner on Wed 06/05/2013 at 17:26:08.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uniblue registrybooster 2
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\Compaq_Owner\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\strongvault online backup"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\hot deals"
~~~ FireFox
Successfully deleted: [File] C:\Documents and Settings\Compaq_Owner\Application Data\mozilla\firefox\profiles\gbhvogpj.default\searchplugins\youtube-video-search.xml
Successfully deleted the following from C:\Documents and Settings\Compaq_Owner\Application Data\mozilla\firefox\profiles\gbhvogpj.default\prefs.js
user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
Emptied folder: C:\Documents and Settings\Compaq_Owner\Application Data\mozilla\firefox\profiles\gbhvogpj.default\minidumps [11 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/05/2013 at 17:32:36.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Excellent! The combination of those two tools removed a lot of adware and other "junk" from your computer! Next step is ComboFix and then we'll see where things stand.
The Combo fix scan froze in the window that said that it might take 10 mins or 20 for badly infected computers. I allowed it to stay that way for 2 hrs and it never changed. I disabled the AVG Antivirus and the defender firewall. The antivirus that's with defender wouldn't budge. I opened boxes associated with the antivirus but there were too many choices to make.
Hi, mare-wbpa.
I'm a bit confused by your last reply. Your antivirus is AVG and I don't see any signs of Windows Defender (which would be an anti-spyware program on Windows XP) on your computer. Let's try MBAM again. Based on the database being corrupt, please do the following to install a fresh copy:
Please download
Malwarebytes' Anti-Malware to your desktop from here (http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/dl/7/).
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
-- Update Malwarebytes' Anti-Malware and
-- Launch Malwarebytes' Anti-Malware - Click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, check the following settings:
-- On the Scanner tab, check Perform quick scan.
-- On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal. - When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fimg.photobucket.com%2Falbums%2Fv68%2FCorrine3%2FMBAM_SR_zps573fd52e.jpg&hash=d26a00ef8e57bbd0a0825762e2e3a8ff32d92179) - Click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Please post contents of that file in your next reply.
** Note **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click
OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Sorry about the confusion. AVG is definitely is my antivirus. I mentioned Defender because I thought that the firewall was part of Defender. When I went to security in Help and Support there was Firewall, Anitvirus and Updates (I think). I just remember hearing or reading about Defender and thought it was part of Windows XP. I uninstalled thee Mbam and downloaded and reinstalled as per your instructions. It's scanning now. I'll post results later. I appreciate all the time you're putting into helping me.
Here's the Mbam scan.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.06.06.06
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Owner :: YOUR-F78BF48CE2 [administrator]
6/6/2013 12:17:37 PM
mbam-log-2013-06-06 (12-17-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 239242
Time elapsed: 2 hour(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
I'd still like you to try as instructed previously in Normal Mode ComboFix again.
If it hangs a second time, please try it in Safe Mode: Restart your computer in
SafeMode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
What I called Defender is Windows security center. There are 3 buttons Firewall. Virus Protection & Automatic updates. I'm can disable Firewall and Updates but cant seem to disable Virus protection, do I need to disable that before I try to dothe Combo Fix scan? I have no problem disableing AVG.
AVG is your antivirus and that is all you want to disable. Leave the Firewall enabled and leave Windows Updates alone -- it is just AVG. :)
The Combo fix scan again failed in normal mode. I am having a problem diabeling AVG in Safe Mode. When in Safe Mode the AVG icon doesn't appear on the desktop. I tried to move it in normal mode but when I restart in Safe Mode, it isn't in the position where I placed it. I tried temporarilly disableing in normal mode, but when I restart in Safe Mode and start the scan a warning message pops up saying that it has detected AVG and that continuing may damage machine.
AVG should not be active in safe mode. Go ahead and run ComboFix.
Just started the Combofix scan again. The warning box that popped up said that it detected AVG and it is active. Should I proceed?
Yes, although you could check Task Manager and close it if you see it there under processes. (Ctrl+Shift+Esc brings up Task Manager. Select AVG and click End Process.) If you don't see it and if AVG prompts you to block a change, deny AVG actions.
I ran the scan in safe mode. It deleted a lot of files and produced a scan. It gave me a location to find locate it later. I copied and pasted it into a document just in case. Computer won't connect to the internet in safe mode. When I try to start normally it goes into a loop from the safe mode screen to the opening screen. If I do a system restore to b4 the scan I assume that the logs will be lost in the file location. Will I also loose the document I created?
I did an end around and copied the scan log onto an SD card. Here it is.
ComboFix 13-06-05.04 - Compaq_Owner 06/07/2013 20:10:13.1.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.223 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\37ba2fe3
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Owner\Application Data\.#
c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@24C@A141C0.###
c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@24C@A141F0.###
c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@24C@A14220.###
c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@E80@A141C0.###
c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@E80@A141F0.###
c:\documents and settings\Compaq_Owner\Application Data\.#\MBX@E80@A14220.###
c:\documents and settings\Compaq_Owner\Application Data\c3a2569b
c:\documents and settings\Compaq_Owner\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\program files\Messenger\msmsgs .exe
c:\program files\Shared
c:\windows\explorer(2).exe
c:\windows\explorer(3).exe
c:\windows\system32\Cache
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2fe7b40ac5d87f2f.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\8b195b08c9d11fd8.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a0b3310061560f9b.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b69159d6037995ae.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\ctfmon(3).exe
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\linkinfo(3).dll
c:\windows\system32\ps2.bat
c:\windows\system32\SETA3.tmp
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\usp10(2).dll
c:\windows\system32\usp10(3).dll
c:\windows\wt
c:\windows\wt\updater\wcmdmgr.exe
c:\windows\wt\updater\wcmdmgrl.exe
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wtdmmp.dll
c:\windows\wt\webdriver\wtdmmpv.dll
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtvh.dll
D:\Autorun.inf
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\proquota.exe
.
c:\windows\system32\drivers\intelppm.sys was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\intelppm.sys
.
.
((((((((((((((((((((((((( Files Created from 2013-05-08 to 2013-06-08 )))))))))))))))))))))))))))))))
.
.
2013-06-08 00:25 . 2008-04-13 18:31 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2013-06-08 00:25 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2013-06-07 01:04 . 2013-06-07 01:04 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-06 15:53 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-05 21:24 . 2013-06-05 21:24 -------- d-----w- c:\windows\ERUNT
2013-06-05 21:23 . 2013-06-05 21:23 -------- d-----w- C:\JRT
2013-06-03 23:42 . 2013-06-03 23:42 -------- d-----w- c:\windows\system32\wbem\Repository
2013-06-03 23:36 . 2013-06-06 16:24 -------- d-----w- c:\windows\system32\CatRoot_bak
2013-06-03 15:59 . 2013-06-03 23:16 -------- d-----w- c:\program files\SpywareBlaster
2013-06-02 16:20 . 2006-12-29 04:31 19569 ----a-w- c:\windows\005403_.tmp
2013-06-02 15:57 . 2013-06-02 16:01 -------- d-----w- C:\8b92052dd8fbc345a9bdf0e9
2013-05-31 00:45 . 2013-05-31 00:45 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Wildtangent
2013-05-31 00:13 . 2004-07-17 15:40 19528 ----a-w- c:\windows\000001_.tmp
2013-05-30 23:57 . 2013-05-31 00:02 -------- d-----w- C:\d321eb98beeded867b1c1470
2013-05-28 21:52 . 2013-05-28 21:52 -------- d-----w- c:\windows\system32\scripting
2013-05-28 21:52 . 2013-05-28 21:52 -------- d-----w- c:\windows\l2schemas
2013-05-28 21:43 . 2006-12-29 04:31 19569 ----a-w- c:\windows\002709_.tmp
2013-05-24 17:41 . 2013-05-24 19:37 -------- d-----w- c:\program files\Norton Security Scan
2013-05-24 17:39 . 2013-05-24 19:37 -------- d-----w- c:\program files\NortonInstaller
2013-05-22 23:54 . 2013-05-22 23:54 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\RealNetworks
2013-05-22 23:52 . 2013-05-22 23:52 -------- d-----w- c:\program files\RealNetworks
2013-05-22 23:51 . 2013-05-22 23:51 -------- d-----w- c:\program files\Common Files\xing shared
2013-05-22 23:50 . 2013-05-22 23:50 153736 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2013-05-22 23:50 . 2013-05-22 23:50 124504 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2013-05-22 23:49 . 2013-05-22 23:51 -------- d-----w- c:\program files\real
2013-05-22 15:31 . 2013-05-22 17:39 -------- d-----w- c:\program files\Uninstaller
2013-05-22 15:23 . 2013-05-22 15:23 -------- d-----w- c:\program files\Uniblue
2013-05-22 15:21 . 2013-05-22 17:39 -------- d-----w- c:\program files\Vafmusic2
2013-05-21 22:49 . 2013-05-21 22:49 262552 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-28 21:55 . 2013-05-28 21:55 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2013-05-28 21:55 . 2013-05-28 21:55 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2013-05-22 23:50 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-05-22 23:50 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-05-21 00:06 . 2012-12-11 16:33 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-15 01:31 . 2012-06-24 14:34 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 01:31 . 2012-01-28 16:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-29 06:53 . 2011-12-23 17:32 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-21 07:08 . 2011-02-10 11:54 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2005-01-07 19:20 . 2005-01-07 19:20 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
2005-01-07 19:20 . 2005-01-07 19:20 143360 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
.
<pre>
c:\program files\AVG\AVG10\avgtray .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\QuickTime\qttask .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\documents and settings\All Users\Application Data\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-05-22 295512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDgwNjAyMDYyLVQxLUJBKzEtS1YzKzctWEwrMS1VQ0FMTCsxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNw&prod=90&ver=10.0.1204" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
Canon IJ Status Monitor Canon MX310 series Printer.lnk - c:\windows\system32\rundll32.exe [2009-1-29 33280]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2011-11-10 1130496]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2011-10-5 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\Smilebox\\SmileboxStarter.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\OfficeGuardianV2N\\Reminder\\SacNetAgent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"53271:UDP"= 53271:UDP:SacNetAgentCommunicationPort1
"53272:TCP"= 53272:TCP:SacNetAgentCommunicationPort2
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 4:46 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 4:32 AM 39224]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [12/11/2012 12:33 PM 37664]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 170808]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 7:54 AM 182072]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [5/14/2013 12:54 AM 4937264]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [4/18/2013 4:34 AM 283136]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [4/16/2013 3:07 AM 39056]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\documents and settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe [4/30/2011 4:09 PM 163664]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/6/2013 9:04 PM 40776]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 01:31]
.
2013-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2009-10-14 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 19:04]
.
2013-06-07 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 16:45]
.
2013-05-24 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 16:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-13 21:42; rapportive@rapportive.com; c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\rapportive@rapportive.com
FF - ExtSQL: 2013-04-13 21:44; newtabgoogle@graememcc.co.uk; c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\newtabgoogle@graememcc.co.uk.xpi
FF - ExtSQL: !HIDDEN! 2009-09-01 21:11; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-07 20:29
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,92,b8,11,a5,4d,2a,42,9e,94,4e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,92,b8,11,a5,4d,2a,42,9e,94,4e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(832)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\browselc.dll
c:\windows\system32\msi.dll
.
Completion time: 2013-06-07 20:36:16 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-08 00:35
.
Pre-Run: 135,351,443,456 bytes free
Post-Run: 136,749,899,776 bytes free
.
- - End Of File - - 01CDB82F09BDB87FC719FEFE84FD9ECE
It will take me a while to review your log.
As to accessing the Internet in Safe Mode that won't work. You would need to select Safe Mode with networking.
Oh, OK, I didn't know that. I hope I didn't screw up. Without thinking that it may be important to keep the computer in the condition it was in, and just shut down, I did a System Restore. I'm kicking myself around the block as I type.
I didn't see anything in the log you saved that would result in any problems, although I'm not quite certain what you meant when you said,
QuoteWhen I try to start normally it goes into a loop from the safe mode screen to the opening screen.
When you run ComboFix, it will automatically restart your computer. When it restarts, you will want to select Normal Mode. So, please run ComboFix again, trying Normal Mode again. If unable to run in Normal Mode, select Safe Mode with Networking. That way, if you are prompted to update ComboFix, it will be able to download the latest version.
Whether in Normal Mode or Safe Mode, please disable AVG via the AVG program rather than the icon in the system tray. See http://www.avg.com/ww-en/faq.num-4497 for instructions.
What I meant by loop is that when I click start manually in the safe mode it takes me to the opening windows screen with the little progress bar under the logo, it stays there for a few secs, then goes back to the safe mode screen, then back to the opening screen, etc. I repeated the Combofix scan with the Avg disabled. After the scan it shut down, and restarted din safe mode and is doing the loop thing again. I shut down in safe mode. Here is the log.
ComboFix 13-06-05.04 - Compaq_Owner 06/08/2013 16:47:55.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.149 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
c:\program files\Messenger\msmsgs .exe
c:\program files\Shared
c:\windows\explorer(2).exe
c:\windows\explorer(3).exe
c:\windows\system32\Cache
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\ctfmon(3).exe
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\linkinfo(3).dll
c:\windows\system32\ps2.bat
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\usp10(2).dll
c:\windows\system32\usp10(3).dll
c:\windows\wt
c:\windows\wt\updater\wcmdmgr.exe
c:\windows\wt\updater\wcmdmgrl.exe
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wtdmmp.dll
c:\windows\wt\webdriver\wtdmmpv.dll
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtvh.dll
D:\Autorun.inf
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\proquota.exe
.
c:\windows\system32\drivers\intelppm.sys was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\intelppm.sys
.
.
((((((((((((((((((((((((( Files Created from 2013-05-08 to 2013-06-08 )))))))))))))))))))))))))))))))
.
.
2013-06-08 21:09 . 2013-06-08 21:09 -------- d-----w- c:\windows\LastGood.Tmp
2013-06-08 21:09 . 2004-08-04 02:59 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2013-06-08 21:09 . 2004-08-04 02:59 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2013-06-08 21:09 . 2004-08-04 04:00 50176 ----a-w- c:\windows\system32\proquota.exe
2013-06-08 21:09 . 2004-08-04 04:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2013-06-08 01:54 . 2013-06-08 01:54 -------- d-----w- c:\windows\system32\wbem\Repository
2013-06-06 15:53 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-05 21:24 . 2013-06-05 21:24 -------- d-----w- c:\windows\ERUNT
2013-06-05 21:23 . 2013-06-05 21:23 -------- d-----w- C:\JRT
2013-06-03 23:36 . 2013-06-06 16:24 -------- d-----w- c:\windows\system32\CatRoot_bak
2013-06-03 15:59 . 2013-06-03 23:16 -------- d-----w- c:\program files\SpywareBlaster
2013-06-02 16:20 . 2006-12-29 04:31 19569 ----a-w- c:\windows\005403_.tmp
2013-06-02 15:57 . 2013-06-02 16:01 -------- d-----w- C:\8b92052dd8fbc345a9bdf0e9
2013-05-31 00:13 . 2004-07-17 15:40 19528 ----a-w- c:\windows\000001_.tmp
2013-05-30 23:57 . 2013-05-31 00:02 -------- d-----w- C:\d321eb98beeded867b1c1470
2013-05-28 21:52 . 2013-05-28 21:52 -------- d-----w- c:\windows\system32\scripting
2013-05-28 21:52 . 2013-05-28 21:52 -------- d-----w- c:\windows\l2schemas
2013-05-28 21:43 . 2006-12-29 04:31 19569 ----a-w- c:\windows\002709_.tmp
2013-05-24 17:41 . 2013-05-24 19:37 -------- d-----w- c:\program files\Norton Security Scan
2013-05-24 17:39 . 2013-05-24 19:37 -------- d-----w- c:\program files\NortonInstaller
2013-05-22 23:52 . 2013-05-22 23:52 -------- d-----w- c:\program files\RealNetworks
2013-05-22 23:51 . 2013-05-22 23:51 -------- d-----w- c:\program files\Common Files\xing shared
2013-05-22 23:50 . 2013-05-22 23:50 153736 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2013-05-22 23:50 . 2013-05-22 23:50 124504 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2013-05-22 23:49 . 2013-05-22 23:51 -------- d-----w- c:\program files\real
2013-05-22 15:31 . 2013-05-22 17:39 -------- d-----w- c:\program files\Uninstaller
2013-05-22 15:23 . 2013-05-22 15:23 -------- d-----w- c:\program files\Uniblue
2013-05-22 15:21 . 2013-05-22 17:39 -------- d-----w- c:\program files\Vafmusic2
2013-05-21 22:49 . 2013-05-21 22:49 262552 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-28 21:55 . 2013-05-28 21:55 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2013-05-28 21:55 . 2013-05-28 21:55 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2013-05-22 23:50 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-05-22 23:50 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-05-21 00:06 . 2012-12-11 16:33 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-15 01:31 . 2012-06-24 14:34 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 01:31 . 2012-01-28 16:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-29 06:53 . 2011-12-23 17:32 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-21 07:08 . 2011-02-10 11:54 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2005-01-07 19:20 . 2005-01-07 19:20 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
2005-01-07 19:20 . 2005-01-07 19:20 143360 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
.
<pre>
c:\program files\AVG\AVG10\avgtray .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\QuickTime\qttask .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\documents and settings\All Users\Application Data\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-05-22 295512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDgwNjAyMDYyLVQxLUJBKzEtS1YzKzctWEwrMS1VQ0FMTCsxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNw&prod=90&ver=10.0.1204" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\Smilebox\\SmileboxStarter.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\OfficeGuardianV2N\\Reminder\\SacNetAgent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"53271:UDP"= 53271:UDP:SacNetAgentCommunicationPort1
"53272:TCP"= 53272:TCP:SacNetAgentCommunicationPort2
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 4:46 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 4:32 AM 39224]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [12/11/2012 12:33 PM 37664]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 170808]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 7:54 AM 182072]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [5/14/2013 12:54 AM 4937264]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [4/18/2013 4:34 AM 283136]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [4/16/2013 3:07 AM 39056]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\documents and settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe [4/30/2011 4:09 PM 163664]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 01:31]
.
2013-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2009-10-14 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 19:04]
.
2013-06-08 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 16:45]
.
2013-05-24 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 16:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-13 21:42; rapportive@rapportive.com; c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\rapportive@rapportive.com
FF - ExtSQL: 2013-04-13 21:44; newtabgoogle@graememcc.co.uk; c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\newtabgoogle@graememcc.co.uk.xpi
FF - ExtSQL: !HIDDEN! 2009-09-01 21:11; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-08 18:52
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,92,b8,11,a5,4d,2a,42,9e,94,4e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,92,b8,11,a5,4d,2a,42,9e,94,4e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1532)
c:\windows\system32\WININET.dll
.
Completion time: 2013-06-08 18:57:00 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-08 22:56
ComboFix2.txt 2013-06-08 00:36
.
Pre-Run: 136,207,355,904 bytes free
Post-Run: 136,609,689,600 bytes free
.
- - End Of File - - 5C5736D89342761231F198F54809BBC8
Please navigate to C:\Qoobox and locate ComboFix-quarantined-files.txt. Copy/paste the results in your next reply.
Here it is:
2013-06-08 22:55:46 . 2013-06-08 22:55:46 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2013-06-08 22:55:46 . 2013-06-08 22:55:46 132 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat
2013-06-08 21:04:13 . 2013-06-08 21:04:13 6,052 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-06-08 03:30:17 . 2009-02-06 04:17:07 24,613 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\LOCALS~1\temp\IadHide5.dll.vir
2013-06-08 00:29:58 . 2004-04-30 10:01:14 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir
2013-06-05 22:18:23 . 2013-06-08 20:43:26 408 ----a-w- C:\Qoobox\Quarantine\catchme.log
2013-05-21 00:12:31 . 2013-05-21 00:06:11 11,064 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\b69159d6037995ae.fb.vir
2013-02-18 18:45:15 . 2013-05-21 00:06:10 577 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\95f567698be8a182.fb.vir
2013-02-18 18:45:15 . 2013-05-21 00:06:09 636 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\26c630d098e22dd5.fb.vir
2013-02-18 18:45:15 . 2013-02-18 18:43:38 10,783 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\8b195b08c9d11fd8.fb.vir
2013-02-10 16:09:42 . 2013-02-10 16:08:02 10,993 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\2fe7b40ac5d87f2f.fb.vir
2013-01-30 16:33:34 . 2013-05-21 00:06:10 639 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\590ba23ce359fd0c.fb.vir
2013-01-30 16:33:34 . 2013-05-21 00:06:10 630 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\272512937d9e61a4.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:09 398 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\6c59ac5e7e7a3ad0.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:09 627 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\651c5d3cdbfb8bd1.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:10 1,045 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d201ef9910cd39de.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:09 586 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\c4d28dca2e7648be.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:09 663 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\c1fa887b03019701.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:10 668 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\6d03dad1035885d3.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:09 1,071 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\f998975c9cc711ee.fb.vir
2013-01-30 16:33:33 . 2013-05-21 00:06:10 661 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\32c84fe32bb74d60.fb.vir
2013-01-30 16:33:32 . 2013-05-21 00:06:10 366 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\ad10a52aff5e038d.fb.vir
2013-01-30 16:33:32 . 2013-05-21 00:06:09 622 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\287204568329e189.fb.vir
2013-01-30 16:33:32 . 2013-05-21 00:06:10 628 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\31a0997e9a5b5eb3.fb.vir
2013-01-30 16:33:32 . 2013-05-21 00:06:09 365 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\610289e025a3ee9a.fb.vir
2013-01-30 16:33:32 . 2013-05-21 00:06:09 627 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d79b9dfe81484ec4.fb.vir
2013-01-30 16:33:32 . 2013-05-21 00:06:09 567 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\d2e94710a5708128.fb.vir
2013-01-30 16:33:31 . 2013-05-21 00:06:09 1,022 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\3917078cb68ec657.fb.vir
2013-01-30 16:33:31 . 2013-05-21 00:06:09 1,291 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\28bc8f716fd76a47.fb.vir
2013-01-30 16:33:31 . 2013-01-30 16:29:56 10,511 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\cache\a0b3310061560f9b.fb.vir
2012-01-13 16:34:27 . 2012-01-13 17:37:02 10,950 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\c3a2569b.vir
2012-01-13 16:34:27 . 2012-01-13 17:37:03 10,984 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\37ba2fe3.vir
2010-10-17 01:20:20 . 2010-10-17 01:20:20 2,048 -c--atw- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\.#\MBX@E80@A14220.###.vir
2010-10-17 01:20:19 . 2010-10-17 01:20:19 2,048 -c--atw- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\.#\MBX@E80@A141C0.###.vir
2010-10-17 01:20:19 . 2010-10-17 01:20:19 2,048 -c--atw- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\.#\MBX@E80@A141F0.###.vir
2010-10-14 03:31:23 . 2010-10-14 03:31:23 2,048 -c--atw- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\.#\MBX@24C@A14220.###.vir
2010-10-14 03:31:22 . 2010-10-14 03:31:22 2,048 -c--atw- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\.#\MBX@24C@A141C0.###.vir
2010-10-14 03:31:21 . 2010-10-14 03:31:21 2,048 -c--atw- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner\Application Data\.#\MBX@24C@A141F0.###.vir
2010-07-14 19:53:23 . 2004-02-16 16:47:09 251 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wt3d.ini.vir
2010-07-14 19:53:23 . 2004-05-19 00:30:04 71 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver.dll.vir
2010-07-14 19:53:23 . 2004-05-19 00:30:04 71 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wt3d.dll.vir
2010-07-14 19:53:23 . 2004-05-14 14:56:07 98,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\sound.dll.vir
2010-07-14 19:53:23 . 2004-02-16 17:47:09 53,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtvh.dll.vir
2010-07-14 19:53:23 . 2004-02-16 17:47:10 53,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax.vir
2010-07-14 19:53:23 . 2004-02-16 16:49:28 87 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini.vir
2010-07-14 19:53:23 . 2004-03-10 01:57:23 73,728 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll.vir
2010-07-14 19:53:23 . 2004-04-26 21:19:34 57,344 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll.vir
2010-07-14 19:53:23 . 2004-04-26 21:19:30 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\wthost.exe.vir
2010-07-14 19:53:23 . 2004-05-14 14:58:03 712,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\webdriver.dll.vir
2010-07-14 19:53:23 . 2004-05-14 14:55:19 737,280 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\wdengine.dll.vir
2010-07-14 19:53:22 . 2003-08-20 21:53:48 159,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\rdriver.dll.vir
2010-07-14 19:53:22 . 2004-05-14 14:55:31 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll.vir
2010-07-14 19:53:22 . 2003-08-20 21:53:16 167,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\jdriver.dll.vir
2010-07-14 19:53:22 . 2004-05-14 14:55:43 65,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll.vir
2010-07-14 19:53:22 . 2004-05-14 14:56:14 45,056 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll.vir
2010-07-14 19:53:22 . 2004-05-14 14:56:25 102,400 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\4.1.1\actorobject.dll.vir
2010-07-14 19:53:22 . 2010-07-14 19:53:26 677 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\updater\wt.ini.vir
2010-07-14 19:53:21 . 2003-11-11 01:38:24 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\wtdmmpv.dll.vir
2010-07-14 19:53:21 . 2003-10-27 19:42:44 36,864 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\webdriver\wtdmmp.dll.vir
2010-07-14 19:53:03 . 2005-09-02 20:50:11 9,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\updater\wcmdmgrl.exe.vir
2010-07-14 19:53:03 . 2005-09-02 20:50:11 9,168 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\updater\wcmdmgr.exe.vir
2009-06-28 23:40:46 . 2009-06-28 23:40:46 7,680 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Thumbs.db.vir
2009-02-06 04:01:05 . 2003-09-12 19:13:20 98,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ps2.bat.vir
2009-02-06 03:45:03 . 2009-02-06 03:45:03 0 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
2009-02-06 03:45:03 . 2003-02-21 12:42:22 348,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
2009-02-06 03:45:03 . 2003-02-21 03:06:20 282,624 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir
2009-02-06 03:45:03 . 2003-02-21 03:06:24 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
2009-02-06 03:45:03 . 2003-02-21 03:09:18 77,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
2009-02-06 03:45:03 . 2003-02-21 03:08:32 2,482,176 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
2009-01-29 05:12:54 . 2004-08-04 04:00:00 406,528 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\usp10(2).dll.vir
2009-01-29 05:12:54 . 2004-08-04 04:00:00 406,528 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\usp10(3).dll.vir
2009-01-29 05:08:53 . 2004-08-04 04:00:00 18,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\linkinfo(2).dll.vir
2009-01-29 05:08:53 . 2004-08-04 04:00:00 18,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\linkinfo(3).dll.vir
2009-01-29 05:08:06 . 2004-08-04 04:00:00 1,032,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\explorer(2).exe.vir
2009-01-29 05:08:06 . 2004-08-04 04:00:00 1,032,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\explorer(3).exe.vir
2009-01-29 05:06:47 . 2004-08-04 04:00:00 15,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ctfmon(2).exe.vir
2009-01-29 05:06:47 . 2004-08-04 04:00:00 15,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ctfmon(3).exe.vir
2006-10-19 01:47:20 . 2006-10-19 01:47:20 99,840 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETA3.tmp.vir
2004-08-04 15:06:34 . 2004-10-13 16:24:37 1,694,208 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Messenger\msmsgs .exe.vir
2004-05-19 00:30:04 . 2004-05-19 00:30:04 71 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll.vir
2004-05-19 00:30:04 . 2004-05-19 00:30:04 71 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll.vir
2004-05-14 14:58:03 . 2004-05-14 14:58:03 712,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\webdriver.dll.vir
2004-05-14 14:56:25 . 2004-05-14 14:56:25 102,400 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\actorobject.dll.vir
2004-05-14 14:56:14 . 2004-05-14 14:56:14 45,056 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll.vir
2004-05-14 14:56:07 . 2004-05-14 14:56:07 98,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\Sound.dll.vir
2004-05-14 14:55:43 . 2004-05-14 14:55:43 65,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll.vir
2004-05-14 14:55:31 . 2004-05-14 14:55:31 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll.vir
2004-05-14 14:55:19 . 2004-05-14 14:55:19 737,280 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wdengine.dll.vir
2004-04-26 21:19:34 . 2004-04-26 21:19:34 57,344 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll.vir
2004-04-26 21:19:30 . 2004-04-26 21:19:30 61,440 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\WTHost.exe.vir
2004-04-26 21:19:26 . 2004-04-26 21:19:26 32,768 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll.vir
2004-03-10 01:57:23 . 2004-03-10 01:57:23 73,728 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll.vir
2004-02-16 17:47:10 . 2004-02-16 17:47:10 53,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax.vir
2004-02-16 17:47:09 . 2004-02-16 17:47:09 53,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll.vir
2004-02-16 16:49:28 . 2004-02-16 16:49:28 87 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini.vir
2004-02-16 16:47:09 . 2004-02-16 16:47:09 251 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wt3d.ini.vir
2003-11-11 01:38:24 . 2003-11-11 01:38:24 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll.vir
2003-10-27 19:42:44 . 2003-10-27 19:42:44 36,864 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll.vir
2003-09-04 23:14:01 . 2003-09-04 23:14:01 24,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll.vir
2003-09-04 23:13:57 . 2003-09-04 23:13:57 24,576 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll.vir
2003-09-04 23:12:09 . 2003-09-04 23:12:09 21,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll.vir
2003-08-20 21:53:48 . 2003-08-20 21:53:48 159,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\rdriver.dll.vir
2003-08-20 21:53:16 . 2003-08-20 21:53:16 167,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll.vir
It looks as though the log may have been cut off by the forum software. Is there anything below the following entry from the end of the log? If so, please copy/paste anything else.
C:\Qoobox\Quarantine\C\WINDOWS\wt\wtupdates\Webd\4.1.1\files\jdriver.dll.vir
Entries that I researched showed the possibility of a worm. Do you recall the purpose for ps2.bat? The date of the file is from 2009.
I have to do a system restore and get back to normal mode to run the scan again, to see if there's anything after the line you provided. When I went back to check the log again there was only one line in the file. Don't know what happened. When I looked at the document I copied to paste it into the reply the line you gave was the last line.
ps2.bat doesn't ring any bells
Here is the latest log: When I pasted it was complete.
ComboFix 13-06-05.04 - Compaq_Owner 06/09/2013 17:33:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.148 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll
c:\program files\Messenger\msmsgs .exe
c:\program files\Shared
c:\windows\explorer(2).exe
c:\windows\explorer(3).exe
c:\windows\system32\Cache
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\ctfmon(3).exe
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\linkinfo(3).dll
c:\windows\system32\ps2.bat
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\usp10(2).dll
c:\windows\system32\usp10(3).dll
c:\windows\wt
c:\windows\wt\updater\wcmdmgr.exe
c:\windows\wt\updater\wcmdmgrl.exe
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wtdmmp.dll
c:\windows\wt\webdriver\wtdmmpv.dll
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtvh.dll
D:\Autorun.inf
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\proquota.exe
.
c:\windows\system32\drivers\intelppm.sys was missing
Restored copy from - c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\intelppm.sys
.
.
((((((((((((((((((((((((( Files Created from 2013-05-09 to 2013-06-09 )))))))))))))))))))))))))))))))
.
.
2013-06-09 21:59 . 2013-06-09 21:59 -------- d-----w- c:\windows\LastGood.Tmp
2013-06-09 21:58 . 2004-08-04 02:59 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2013-06-09 21:58 . 2004-08-04 02:59 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2013-06-09 21:58 . 2004-08-04 04:00 50176 ----a-w- c:\windows\system32\proquota.exe
2013-06-09 21:58 . 2004-08-04 04:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2013-06-09 20:54 . 2013-06-09 20:54 -------- d-----w- c:\windows\system32\wbem\Repository
2013-06-06 15:53 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-05 21:24 . 2013-06-05 21:24 -------- d-----w- c:\windows\ERUNT
2013-06-05 21:23 . 2013-06-05 21:23 -------- d-----w- C:\JRT
2013-06-03 23:36 . 2013-06-06 16:24 -------- d-----w- c:\windows\system32\CatRoot_bak
2013-06-03 15:59 . 2013-06-03 23:16 -------- d-----w- c:\program files\SpywareBlaster
2013-06-02 16:20 . 2006-12-29 04:31 19569 ----a-w- c:\windows\005403_.tmp
2013-06-02 15:57 . 2013-06-02 16:01 -------- d-----w- C:\8b92052dd8fbc345a9bdf0e9
2013-05-31 00:13 . 2004-07-17 15:40 19528 ----a-w- c:\windows\000001_.tmp
2013-05-30 23:57 . 2013-05-31 00:02 -------- d-----w- C:\d321eb98beeded867b1c1470
2013-05-28 21:52 . 2013-05-28 21:52 -------- d-----w- c:\windows\system32\scripting
2013-05-28 21:52 . 2013-05-28 21:52 -------- d-----w- c:\windows\l2schemas
2013-05-28 21:43 . 2006-12-29 04:31 19569 ----a-w- c:\windows\002709_.tmp
2013-05-24 17:41 . 2013-05-24 19:37 -------- d-----w- c:\program files\Norton Security Scan
2013-05-24 17:39 . 2013-05-24 19:37 -------- d-----w- c:\program files\NortonInstaller
2013-05-22 23:52 . 2013-05-22 23:52 -------- d-----w- c:\program files\RealNetworks
2013-05-22 23:51 . 2013-05-22 23:51 -------- d-----w- c:\program files\Common Files\xing shared
2013-05-22 23:50 . 2013-05-22 23:50 153736 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2013-05-22 23:50 . 2013-05-22 23:50 124504 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2013-05-22 23:49 . 2013-05-22 23:51 -------- d-----w- c:\program files\real
2013-05-22 15:31 . 2013-05-22 17:39 -------- d-----w- c:\program files\Uninstaller
2013-05-22 15:23 . 2013-05-22 15:23 -------- d-----w- c:\program files\Uniblue
2013-05-22 15:21 . 2013-05-22 17:39 -------- d-----w- c:\program files\Vafmusic2
2013-05-21 22:49 . 2013-05-21 22:49 262552 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-28 21:55 . 2013-05-28 21:55 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2013-05-28 21:55 . 2013-05-28 21:55 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2013-05-22 23:50 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-05-22 23:50 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-05-21 00:06 . 2012-12-11 16:33 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-15 01:31 . 2012-06-24 14:34 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 01:31 . 2012-01-28 16:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-29 06:53 . 2011-12-23 17:32 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-03-21 07:08 . 2011-02-10 11:54 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2005-01-07 19:20 . 2005-01-07 19:20 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
2005-01-07 19:20 . 2005-01-07 19:20 143360 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
.
<pre>
c:\program files\AVG\AVG10\avgtray .exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\QuickTime\qttask .exe
c:\program files\WildTangent\Apps\GameChannel .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SacReminderHDDV2N"="c:\documents and settings\All Users\Application Data\OfficeGuardianV2N\reminder\SacReminder.exe" [2010-11-18 862032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-05-22 295512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDgwNjAyMDYyLVQxLUJBKzEtS1YzKzctWEwrMS1VQ0FMTCsxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMS1MSUMrNw&prod=90&ver=10.0.1204" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\Smilebox\\SmileboxStarter.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\OfficeGuardianV2N\\Reminder\\SacNetAgent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"53271:UDP"= 53271:UDP:SacNetAgentCommunicationPort1
"53272:TCP"= 53272:TCP:SacNetAgentCommunicationPort2
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 4:46 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 4:32 AM 39224]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 7:54 AM 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [12/11/2012 12:33 PM 37664]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 170808]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [5/14/2013 12:54 AM 4937264]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [4/18/2013 4:34 AM 283136]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [4/16/2013 3:07 AM 39056]
S2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\documents and settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe [4/30/2011 4:09 PM 163664]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 01:31]
.
2013-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2009-10-14 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 19:04]
.
2013-06-09 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 16:45]
.
2013-05-24 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 16:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-13 21:42; rapportive@rapportive.com; c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\rapportive@rapportive.com
FF - ExtSQL: 2013-04-13 21:44; newtabgoogle@graememcc.co.uk; c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\newtabgoogle@graememcc.co.uk.xpi
FF - ExtSQL: !HIDDEN! 2009-09-01 21:11; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-09 18:02
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,92,b8,11,a5,4d,2a,42,9e,94,4e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,92,b8,11,a5,4d,2a,42,9e,94,4e,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1616)
c:\windows\system32\WININET.dll
c:\windows\system32\browselc.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
Completion time: 2013-06-09 18:06:00 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-09 22:05
ComboFix2.txt 2013-06-08 22:57
ComboFix3.txt 2013-06-08 00:36
.
Pre-Run: 135,953,690,624 bytes free
Post-Run: 136,316,665,856 bytes free
.
- - End Of File - - C7791445018C1FC739C197C3C1754682
Ok, well, you didn't need to restore your computer again. I just wanted to know if the Qoobox log was complete because I thought there were a couple of things shown as removed that I didn't see in there.
Let's take a different route for a 2nd opinion. Please go
here (http://www.eset.com/onlinescan/) to run an on-line scan from ESET.
- Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
- Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
- Click Scan
- Wait for the scan to finish
- Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
- Copy and paste that log as a reply to this topic.
When I did the Combofix scan it restarts me in Safe Mode and it does the loop thing when I try to start in normal mode. The only way I know to get it back to normal mode is to restore back to B4 the Combofix scan. Should I restore or go to the site you recommend in safe mode?
Sorry, I thought from what you posted above that you had already restored your system. There is something I'm not seeing for some reason that is causing the problem after the CF run so restore and then do the ESET online scan, please.
I expected more resulta after taking so long.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e634b24b43be7748bdeb426e718753c0
# engine=14043
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-11 02:18:19
# local_time=2013-06-10 10:18:19 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1039 16777213 100 92 0 57107883 0 0
# scanned=121908
# found=10
# cleaned=0
# scan_time=5537
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\ffprotect(2)\application.js"
sh=A28567F233D64A4482C574696B8E549EB91956CD ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\bof.jar-434810dc-643e2586.zip"
sh=A28567F233D64A4482C574696B8E549EB91956CD ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\bof.jar-77db3132-6682a91a.zip"
sh=90CE0734569A266BDF36EA15997C382A6C0F60D6 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\gsb2.jar-1a66cb03-4610fcc3.zip"
sh=90CE0734569A266BDF36EA15997C382A6C0F60D6 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\gsb2.jar-56fc4ab7-4e96aea4.zip"
sh=01C0C2F547E8409F0A5C6B3793DBBD00071D2954 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBU trojan" ac=I fn="C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\rox.jar-66dd3c33-793e908e.zip"
sh=F2DB072276BFDEFD7FE6AB25EA5D4DB5D00B3742 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\mario.jar-3846d239-44735a8f.zip"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\Program Files\Mozilla Firefox\browser\nsprotector.js"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\Program Files\SearchProtect(2)\ffprotect(2)\application.js"
sh=9BE388785D8E5D6BDE3257968D3D91BBE384B86F ft=1 fh=c1c0958652e76fa0 vn="a variant of Win32/AdInstaller application" ac=I fn="D:\I386\APPS\APP17381\src\HPSummer2005.exe"
Well, now, things are showing up that were removed before so it appears the System Restore point used may have been prior to running other tools. I'm also seeing Java files in the ESET scan that have not shown up since we started this process. So, let's try yet a different angle with a completely different tool. Do note, however, that the logs are long and it will take me a fair amount of time to complete my review.
Please download
OTL (http://oldtimer.geekstogo.com/OTL.exe) by Old Timer.
Save it to your Desktop.
- Double-click on OTL.exe to run it.
- Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
- Click on Run Scan at the top left hand corner.
- When done, two Notepad files will open.
- OTL.txt <-- Will be opened, maximized
- Extras.txt <-- Will be minimized on task bar.
- Please post the contents of both OTL.txt and Extras.txt files in your next reply.
You're helping me, so take however long you need. I'm at your disposal.
OTL logfile created on: 6/11/2013 7:55:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
383.48 Mb Total Physical Memory | 91.23 Mb Available Physical Memory | 23.79% Memory free
943.36 Mb Paging File | 275.75 Mb Available in Paging File | 29.23% Paging File free
Paging file location(s): C:\pagefile.sys 600 1200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.41 Gb Total Space | 126.08 Gb Free Space | 69.88% Space Free | Partition Type: NTFS
Drive D: | 5.88 Gb Total Space | 0.87 Gb Free Space | 14.85% Space Free | Partition Type: FAT32
Computer Name: YOUR-F78BF48CE2 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/06/11 19:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe
PRC - [2013/05/22 19:50:25 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2013/05/21 18:49:07 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/16 03:09:06 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/03/14 03:16:34 | 000,215,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\fixcfg.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/06/04 09:31:40 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/11/10 20:19:14 | 001,130,496 | ---- | M] (Zhorn Software) -- C:\Program Files\Stickies\stickies.exe
PRC - [2011/10/05 10:25:42 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
PRC - [2010/11/18 05:05:07 | 000,862,032 | R--- | M] (Storage Appliance Corp.) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe
PRC - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2004/08/04 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013/05/21 18:49:02 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/10/11 12:15:58 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8eca92a64c232f34b5b559625b022369\System.Xml.Linq.ni.dll
MOD - [2012/10/11 12:15:57 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2012/10/11 12:12:19 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll
MOD - [2012/10/11 12:12:07 | 017,629,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2012/10/11 12:11:40 | 000,721,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\09a97525ae5583cc2685e2c39a3078bd\System.Security.ni.dll
MOD - [2012/10/11 12:11:35 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/10/11 12:11:24 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/10/11 12:11:11 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/10/11 12:11:02 | 013,006,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/10/11 12:10:47 | 001,651,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/10/11 12:10:35 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/10/11 12:10:10 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/10/11 12:09:43 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2011/11/10 20:18:30 | 000,049,152 | ---- | M] () -- C:\Program Files\Stickies\shook70.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/06 00:17:07 | 000,147,493 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll
MOD - [2009/02/06 00:17:07 | 000,094,243 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll
MOD - [2009/02/06 00:17:07 | 000,061,496 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll
MOD - [2009/02/06 00:17:07 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\frext-6750491.dll
MOD - [2009/02/06 00:17:07 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\BWfiles-6750491.dll
MOD - [2009/02/06 00:17:02 | 000,126,976 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\HPClientExt.dll
MOD - [2004/08/04 00:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/21 18:49:03 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 21:31:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\intelppm.sys -- (intelppm)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2013/05/20 20:06:25 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/07/12 13:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/04/20 12:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/04/12 12:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 12:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/03/09 10:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/19 14:21:56 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/06/29 13:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/11 18:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/29 17:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4cc4603f&v=6.11.25.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4cc4603f&v=6.11.25.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes,DefaultScope = {3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes\{3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLH
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/05/22 19:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/05/22 19:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/22 19:50:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks [2010/01/31 19:07:40 | 000,000,000 | ---D | M]
[2009/08/29 18:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2013/04/13 21:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions
[2010/06/12 16:20:39 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2013/04/13 21:10:44 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)
[2013/06/05 16:39:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions
[2012/11/29 19:36:49 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 10:58:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 16:20:39 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2013/04/13 21:42:47 | 000,000,000 | ---D | M] (Rapportive) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\rapportive@rapportive.com
[2013/04/13 21:44:24 | 000,019,225 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\newtabgoogle@graememcc.co.uk.xpi
[2013/05/21 18:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/21 18:49:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/22 19:50:40 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - homepage:
CHR - homepage:
CHR - Extension: No name found = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl(2)\5(2).0_0\
O1 HOSTS File: ([2013/06/09 18:02:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3067886581-847020557-550397895-1009..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background File not found
O4 - HKU\S-1-5-21-3067886581-847020557-550397895-1009..\Run: [SacReminderHDDV2N] C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D9CC6F-26E4-4C91-A6EC-9E1BA6683FAC}: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/27 00:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\AutoRun\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\install\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualEnglish\command - "" = K:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualFrench\command - "" = K:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualSpanish\command - "" = K:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell - "" = AutoRun
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell\AutoRun\command - "" = K:\StartClickFreeBackup.exe
O33 - MountPoints2\{a3ee96ed-8aa7-11de-b65c-0013d41842a8}\Shell\AutoRun\command - "" = L:\MI.exe
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/06/11 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/10 20:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/10 19:13:34 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/06/10 19:13:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\.#
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\WINDOWS
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Shared
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2013/06/09 18:06:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/06/06 11:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/06 11:53:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/05 18:18:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/05 18:18:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/05 18:18:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/05 18:18:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/05 18:18:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/05 18:17:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/06/05 17:24:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/06/05 17:23:19 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/03 19:36:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2013/06/03 11:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/06/02 21:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/06/02 11:57:25 | 000,000,000 | ---D | C] -- C:\8b92052dd8fbc345a9bdf0e9
[2013/05/30 20:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Wildtangent
[2013/05/30 19:57:50 | 000,000,000 | ---D | C] -- C:\d321eb98beeded867b1c1470
[2013/05/28 17:52:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2013/05/28 17:52:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2013/05/28 17:39:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013/05/26 13:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2013/05/24 13:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2013/05/24 13:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/05/22 19:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\RealNetworks
[2013/05/22 19:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/05/22 19:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks
[2013/05/22 19:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/05/22 19:50:51 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/05/22 19:50:33 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/05/22 19:50:33 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/05/22 19:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2013/05/22 19:50:29 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/05/22 19:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2013/05/22 19:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2013/05/22 19:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/05/22 11:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/05/22 11:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013/05/22 11:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Vafmusic2
[2013/05/22 11:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Web Backups
[2013/05/20 10:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2010/07/27 17:25:12 | 000,055,296 | ---- | C] (CANON INC.) -- C:\Documents and Settings\Compaq_Owner\cnmss Canon MX310 series Printer (Local).dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/06/11 20:25:13 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/11 19:16:18 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MX310 series Printer.lnk
[2013/06/11 19:13:42 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/06/11 19:13:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/11 19:13:23 | 402,182,144 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/10 19:16:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/10 11:39:29 | 000,003,592 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/09 18:09:26 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combofix4.5.wps
[2013/06/09 18:09:26 | 000,007,232 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2013/06/09 18:02:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/09 13:21:17 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Comvofix 3 log.wps
[2013/06/08 19:06:43 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\comdo fix2.wps
[2013/06/07 20:42:11 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combo fix log.wps
[2013/06/06 11:55:08 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/03 15:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/02 21:22:00 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/02 21:03:44 | 000,503,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/02 21:03:44 | 000,088,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/28 17:45:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/05/24 13:38:42 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:52:40 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/05/22 19:50:51 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/05/22 19:50:33 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/05/22 19:50:33 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/05/22 19:50:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/05/20 20:06:25 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/05/20 10:50:14 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/05/14 21:31:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/14 21:31:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/06/10 19:15:55 | 402,182,144 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/09 18:09:26 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combofix4.5.wps
[2013/06/09 13:21:17 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Comvofix 3 log.wps
[2013/06/08 19:06:43 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\comdo fix2.wps
[2013/06/07 20:42:11 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combo fix log.wps
[2013/06/06 11:55:08 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/05 18:18:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/05 18:18:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/05 18:18:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/05 18:18:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/05 18:18:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/28 17:45:45 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2013/05/28 17:45:42 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2013/05/22 20:02:24 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:54:22 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:52:40 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/05/13 19:16:04 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/28 15:00:20 | 000,003,592 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/12 19:54:54 | 000,244,382 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3067886581-847020557-550397895-1009-0.dat
[2012/10/11 21:54:45 | 000,244,382 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/13 12:34:27 | 000,011,058 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\af8798e8
[2011/04/09 21:40:52 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\23Cegp.dat
[2010/10/20 23:15:45 | 000,009,194 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\.recently-used.xbel
[2009/03/14 22:28:40 | 000,007,232 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2009/03/12 21:41:24 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2009/02/05 23:45:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/18 12:20:31 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
OTL Extras logfile created on: 6/11/2013 7:55:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
383.48 Mb Total Physical Memory | 91.23 Mb Available Physical Memory | 23.79% Memory free
943.36 Mb Paging File | 275.75 Mb Available in Paging File | 29.23% Paging File free
Paging file location(s): C:\pagefile.sys 600 1200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.41 Gb Total Space | 126.08 Gb Free Space | 69.88% Space Free | Partition Type: NTFS
Drive D: | 5.88 Gb Total Space | 0.87 Gb Free Space | 14.85% Space Free | Partition Type: FAT32
Computer Name: YOUR-F78BF48CE2 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" (InterMute, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"53271:UDP" = 53271:UDP:*:Enabled:SacNetAgentCommunicationPort1
"53272:TCP" = 53272:TCP:*:Enabled:SacNetAgentCommunicationPort2
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Compaq_Owner\Application Data\Smilebox\SmileboxStarter.exe" = C:\Documents and Settings\Compaq_Owner\Application Data\Smilebox\SmileboxStarter.exe:*:Disabled:Smilebox -- (Smilebox, Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zS33.tmp\SymNRT.exe" = C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zS33.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe" = C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe:*:Enabled:SacNetAgentService -- (Storage Appliance Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AE79B77-E3FA-4F9C-93D7-4FC643516D6A}" = AVG 2013
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3C678CC5-CCA1-4FA3-BFDF-5623AACA28A3}" = Serif AlbumPlus SE PRO
"{3DBE74CE-8983-11D4-9410-0000C03AAEB6}" = Pattern Maker for cross stitch Update - V3.10
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{416D80BA-6F6
while you're poking around these logs, were you able to see where someone got into my computer to access my credit card ?
Malwarebytes detects some keyloggers as does ESET Online, neither of which found anything. Credit card information can be obtained from skimmers attached to card readers, dishonest employees at stores and phishing. It is critical that you use a different password for every site and a complex password for your bank, credit card accounts and any sites where you make online purchases.
Regarding your logs, the Extras.txt log got cut off due to character limits by the forum software. Please either copy/paste the log again or locate the "HKEY_LOCAL_MACHINE Uninstall List" section and copy/paste from "{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader to the end.
I'm repasting the whole Extras log. End of report is on the bottom when I pasted, so I'm hoping that the whole thing is there after I hit post. I'll check and do it in 2 parts if needed.
OTL Extras logfile created on: 6/11/2013 7:55:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
383.48 Mb Total Physical Memory | 91.23 Mb Available Physical Memory | 23.79% Memory free
943.36 Mb Paging File | 275.75 Mb Available in Paging File | 29.23% Paging File free
Paging file location(s): C:\pagefile.sys 600 1200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.41 Gb Total Space | 126.08 Gb Free Space | 69.88% Space Free | Partition Type: NTFS
Drive D: | 5.88 Gb Total Space | 0.87 Gb Free Space | 14.85% Space Free | Partition Type: FAT32
Computer Name: YOUR-F78BF48CE2 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" (InterMute, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"53271:UDP" = 53271:UDP:*:Enabled:SacNetAgentCommunicationPort1
"53272:TCP" = 53272:TCP:*:Enabled:SacNetAgentCommunicationPort2
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Compaq_Owner\Application Data\Smilebox\SmileboxStarter.exe" = C:\Documents and Settings\Compaq_Owner\Application Data\Smilebox\SmileboxStarter.exe:*:Disabled:Smilebox -- (Smilebox, Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zS33.tmp\SymNRT.exe" = C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zS33.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe" = C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe:*:Enabled:SacNetAgentService -- (Storage Appliance Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AE79B77-E3FA-4F9C-93D7-4FC643516D6A}" = AVG 2013
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3C678CC5-CCA1-4FA3-BFDF-5623AACA28A3}" = Serif AlbumPlus SE PRO
"{3DBE74CE-8983-11D4-9410-0000C03AAEB6}" = Pattern Maker for cross stitch Update - V3.10
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5360DF11-A876-460B-9953-6817AA2BF9D5}" = Photo Explosion Deluxe
"{5C3E7689-3832-4962-AE35-85EBE4C846BE}" = SA30xx Media Converter
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{661F85B9-FB7F-4884-BFCB-09C71930BA8F}" = ArcSoft MediaImpression for Kodak
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6A91A0E8-6B1B-4968-89B3-D0A4436FFC27}" = SA30xx Media Converter
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{708B7143-D316-459C-9CD1-BA41DFF521E5}" = Deal or No Deal - Secret Vault Games
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80AAD9DF-7E64-40D2-80D2-BECA41593EEB}" = AMT 2.0
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{92D8437A-9070-43EC-B9D6-9CCD47F981BA}" = calibre
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBACCC0D-7B8B-4C3E-AA96-B6C64DCF19BB}" = LS_HSI
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D6E3D6E6-8AFA-11D4-9410-0000C03AAEB6}" = Pattern Maker for cross stitch - Std
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEE76D44-8D7C-4A32-8FAE-A813817631FC}" = AVG 2013
"{E78FC917-C21B-11D2-99FE-00105A98B681}" = Microsoft Picture It! 2000
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FFC7BA3F-3B0E-4BD8-B638-8547F4E841C0}" = Nickelodeon Toon Twister 3-D
"045C89A0-CA37-443C-8826-F750227DE69C" = Shooting Stars Pool from Compaq (remove only)
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only)
"3330A279-CC39-4A17-AE19-DA464B26AD9A" = Polar Golfer from Compaq (remove only)
"657A0149-EEC7-4FB2-AB4F-CB7AA027748E" = Final Drive Nitro from Compaq (remove only)
"66195170-D19D-46C5-8FB7-8A4630071ADC" = Tradewinds from Compaq (remove only)
"75528D5F-DD82-402E-BA7C-045B7DC6A712" = Blasterball 2 from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E" = Slyder from Compaq (remove only)
"9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9" = Blasterball 2 Remix from Compaq (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_PhotoShop_Album" = Remove Adobe Photoshop Album 2.0 Starter Edition installer
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Amazon Kindle" = Amazon Kindle
"AVG" = AVG 2013
"BackWeb-6750491 Uninstaller" = Compaq Connections
"BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF" = Blackhawk Striker 2 from Compaq (remove only)
"C43D84CD-EBFC-48D3-A330-7868C8AD415A" = Crystal Maze from Compaq (remove only)
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCCDE323-C76D-44DA-BB5B-B8ABE767756E" = Phoenix Assault from Compaq (remove only)
"CCleaner" = CCleaner
"D06AB82F-D68E-405A-9886-AB8804291B6D" = Blasterball 2 Holidays from Compaq (remove only)
"DE87FA96-7840-420C-86F9-33F3B7B3CED1" = Super Granny from Compaq (remove only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"EZ Tape Converter by MixMeister_is1" = EZ Tape Converter 2.0.0 by MixMeister
"F05A08BF-E600-4FBD-A53A-3D47296B1275" = Lexibox Deluxe from Compaq (remove only)
"FA7F5211-C629-4711-BD82-7DFFB08CB518" = Overball from Compaq (remove only)
"Free Convert MOV AVI to FLV Flash WMV Converter_is1" = Free Convert MOV AVI to FLV Flash WMV Converter 5.8
"GameChannel" = WildTangent GameChannel (remove only)
"Help and Support Additions" = Help and Support Additions
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Money" = Remove Microsoft Money 2005 installer
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.83
"SCRABBLE" = SCRABBLE
"SiS VGA Driver" = SiS VGA Utilities
"Sure Cuts A Lot 2_is1" = Sure Cuts A Lot 2.029
"The File Splitter 1.31_is1" = The File Splitter 1.31
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"WeatherBug" = Remove WeatherBug installer
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"ZhornStickies" = Stickies 7.1b
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Smilebox" = Smilebox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/8/2013 12:57:36 PM | Computer Name = YOUR-F78BF48CE2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 6/8/2013 12:57:36 PM | Computer Name = YOUR-F78BF48CE2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16531
Error - 6/8/2013 12:57:36 PM | Computer Name = YOUR-F78BF48CE2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16531
Error - 6/8/2013 1:54:33 PM | Computer Name = YOUR-F78BF48CE2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 6/8/2013 1:54:33 PM | Computer Name = YOUR-F78BF48CE2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3434047
Error - 6/8/2013 1:54:33 PM | Computer Name = YOUR-F78BF48CE2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3434047
Error - 6/9/2013 5:22:49 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application avgui.exe, version 13.0.0.3333, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/10/2013 7:43:13 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/10/2013 7:43:34 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/10/2013 7:46:05 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ Application Events ]
Error - 6/8/2013 12:57:36 PM | Computer Name = YOUR-F78BF48CE2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 6/8/2013 12:57:36 PM | Computer Name = YOUR-F78BF48CE2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16531
Error - 6/8/2013 12:57:36 PM | Computer Name = YOUR-F78BF48CE2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16531
Error - 6/8/2013 1:54:33 PM | Computer Name = YOUR-F78BF48CE2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 6/8/2013 1:54:33 PM | Computer Name = YOUR-F78BF48CE2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3434047
Error - 6/8/2013 1:54:33 PM | Computer Name = YOUR-F78BF48CE2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3434047
Error - 6/9/2013 5:22:49 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application avgui.exe, version 13.0.0.3333, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/10/2013 7:43:13 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/10/2013 7:43:34 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/10/2013 7:46:05 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 6/10/2013 7:17:16 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%2
Error - 6/10/2013 7:17:16 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.2.0 service failed to start due to the following
error: %%2
Error - 6/10/2013 7:18:58 PM | Computer Name = YOUR-F78BF48CE2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 6/10/2013 7:35:51 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avgwd service.
Error - 6/10/2013 7:36:07 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the service.
Error - 6/10/2013 8:44:38 PM | Computer Name = YOUR-F78BF48CE2 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MARYANN-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{14D9CC6F-26E4-4C9. The master browser is stopping or an election is
being forced.
Error - 6/11/2013 7:16:00 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%2
Error - 6/11/2013 7:16:00 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.2.0 service failed to start due to the following
error: %%2
Error - 6/11/2013 7:46:00 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.
Error - 6/11/2013 8:16:50 PM | Computer Name = YOUR-F78BF48CE2 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MARYANN-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{14D9CC6F-26E4-4C9. The master browser is stopping or an election is
being forced.
< End of report >
Perfect, thank you.
Considering the problems running ComboFix along with the fact that your OS was installed 6.5 years ago and the problem that originally brought you here was installing SP3, I'm questioning some of the results I'm seeing when researching your log.
Please do the following:
1. Download
TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
2. Please download
RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) by Tigzy and save it to your desktop.
- Allow the download if prompted by your security software and please close all your programs.
- Right click on RogueKiller.exe and select " Run as administrator " to run it.
- If it does not run, please try a few times.
- Wait for PreScan to finish, then click on Scan.
- Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
- Please copy and paste the contents of that log in your next reply.
Actually, the reason that started me on this quest was that I was having warning boxes popping up that there were unresponsive scripts ans unresponsive plugins and that the computer was freezing up frequently, still is, did some plugin updates but there was no improvement. That's when I tried the SP# update. You know the rest.
I didn't delete anything, just scanned.
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Compaq_Owner [Admin rights]
Mode : Scan -- Date : 06/13/2013 21:00:58
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SacReminderHDDV2N (C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe) [7] -> FOUND
[RUN][BLACKLISTDLL] HKLM\[...]\Run : SiSPower (Rundll32.exe SiSPower.dll,ModeAgent) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3067886581-847020557-550397895-1009[...]\Run : SacReminderHDDV2N (C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe) [7] -> FOUND
[STARTUP][BLACKLISTDLL] Canon IJ Status Monitor Canon MX310 series Printer.lnk @Compaq_Owner : C:\WINDOWS\system32\rundll32.exe|C:\DOCUME~1\COMPAQ~1\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon MX310 series Printer;cnmss Canon MX310 series Printer (Local).dll;Canon IJ Status Monitor Canon MX310 series Printer.lnk -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Maxtor 6B200M0 +++++
--- User ---
[MBR] ff7306455d543e27efc136c8cb80a620
[BSP] fbc19e186ef813516e4cbafbeed61857 : Toshiba MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 6031 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12353040 | Size: 184740 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_06132013_02d2100.txt >>
RKreport[1]_S_06132013_02d2100.txt
Good, I didn't want you to remove anything. The main purpose was to check the MBR.
I've asked a friend to add a second pair of eyes to the OTL log to see if she sees something that I'm missing. She works long days so please continue your patience.
No problem. Whatever works for you.
Donna suggested that updating Firefox from the outdated version 19 to the current version 21 may solve the unresponsive issue. To get the update, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."
Note that since we started, Adobe Flash Player has been updated. If you haven't updated Flash Player yet, following are the direct download links. You need both.
Non-IE (Opera, Firefox, Etc.): http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_plugin.exe
Windows XP, Vista and 7:
Flash Player For Internet Explorer 7, 8, 9, 10: http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_active_x.exe
Donna also commented on the removal of Uniblue Registry Booster by JRT. We've both seen where it has resulted in doing damage to systems so there is no way of knowing if that is the case, particularly after re-reading your thread at G-W where you ran into the same "loop from the startup screen to the Safe Mode page" as when you ran ComboFix.
After you update Firefox and Adobe Flash Player, please run TFC. Your computer will restart after TFC. If you are still getting any "unresponsive" messages, please note what they messages are and provide that information in your next reply.
Download
TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
I'm also wondering, after so many system restore operations how security updates (at least for IE8) you have lost as I'm not seeing KB 953356 in the logs.
I checked Firefox and it seems I'm up to date with version 21. I couldn't seem to find the Uniblue Registry Booster by JRT. I looked in All Programs and control panel, add/remove programs. Is there another way to find it? I
downloaded and installed both versions of Adobe Flash and ran the TFC. I checked my downloads and KB 953356 has been downloaded. That's the patch for AMD processors before the SP3 update, Isn't it? Should I reinstall it and try the SP3 again?
Sorry for the confusion. JRT (Junkware Removal Tool) very nicely removed the Uniblue Registry Booster item from the registry. Uniblue has been known to be overzealous in what it removes. If you still have a Uniblue folder in C:\Program Files, you can delete it as there were no add/remove entries listed for it.
Yes, KB 953356 is the patch for AMD processors. You can certainly reinstall KB 953356. However, before you try SP3 again, what other updates are you missing? Do you have important files backed up? You will need to be directly connected to the router, not on a wireless connection and you will need to disable AVG.
What is the setting you have for Windows Updates?
Also, seeing as how you elected not to install SP3 when it was released, is the update hidden? If so, rather than the larger IT package, check to see if it is hidden: on the Automatic Updates tab, click Restore Hidden Items. Except for language packs, which you don't need to install, are there any updates that were hidden?
I did a search for the Uniblue Regristry Booster. It didn't show up in the results, but I could swear I saw it whiz by when I was waiting for it to be finished. I have my documents backed up on an external hard drive. I have my updates set to automatic but couldn't find where to click to Restore Hidden Items. I am directly connected to a router. Didn't reinstall the KB 953356 patch, or try to install SP3. When I booted up today I got a Warning Unresponsive Script that said:
Script:http//l.yimg.com//zzcombo?cv/eng/externals/yfpad/combo/120702/yfpadobject.js&cv/engexternals/yfad/combo120703/yfpad_util.js&cv/eng/externals/yfpad/combo/120702/yfpad_flash.js&cv/eng/externals/yfpad/combp/120702/yfpaD_COOKIES.JS:S
It froze on my home page.
Hi mare_wbpa,
Pleasure to me you! :hallo: Corrine has done a great job here so far.
I'm afraid this post is going to appear a bit overwhelming, so please read carefully and thoroughly and take it a step at a time.
First of all, from what I've seen in the AdwCleaner and Junkware Removal Tool (JRT) logs, it appears that Uniblue is no longer a problem, so let's focus on that script error in Firefox and getting SP3 installed the best we can without having to reinstall XP.
The script error may be a tad bit tedious to track down since you have so many plugins installed in your Firefox browser. I would suggest uninstalling any that you do not remember installing or use to make it easier. To check each and every one indiviually, you can enter Firefox Safe Mode. This will disable them all at once, then you will have to enable each one at a time, browse around a bit, then go on to the next one, and when you get to the one that is causing the problem, just uninstall it.
Please note: Firefox Safe Mode is not the same as Windows Safe Mode. To enter Firefox Safe, please follow the instructions in the link below:
How to start Firefox in Safe Mode (https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode#w_how-to-start-firefox-in-safe-mode)
If you do not see the
Firefox button in the upper left corner of your screen, just click on the
Help button as discussed in the link and follow the instructions from there.
Do you use the
RealPlayer plugin? If not uninstall that one. I read not long ago that one could cause issues for some.
Now, about the updates:
I do recall in one of your posts that you mentioned that you have your Windows Updates set for
Automatic (Recommended), though I believe I read that the time was set for 3:00am. If you turn your computer off at night teh updates are unable to download and install at that time and they should download and install the next time your computer is booted up. This doesn't always happen though.
To check for hidden updates:
- Click on your Start button, then click on Control Panel.
- In the Control Panel, look for and click on System. The System Properties window should open.
- Look for and click on the Automatic Updates tab that I have placed a red rectangle around as shown in the image below.
- Next, in the lower left hand corner of the Automatic Updates windows look for Offer updates again that I've previously hidden that I have displayed with a blue rectangle as shown below.
Just tell us if there are any hidden updates and we'll go from there. :D
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi1211.photobucket.com%2Falbums%2Fcc438%2Fdonnajb3%2FAutoupdatetab_zpsa6d0906b.jpg&hash=07b76d647e537ed9b0cd9ea6a3a9240122629bb2) (http://s1211.photobucket.com/user/donnajb3/media/Autoupdatetab_zpsa6d0906b.jpg.html)
Donna, thanks for helping. I tried what I thought was the quickest job 1st. I got into the system properties and clicked on automatic updates, but the "Offer updates again that I've previously hidden" wasn't highlighted and couldn't be clicked. I will start working on the update process and let you know how that goes. Please don't think that I'm not appreciative of the help that you and Corinne are giving me if you don't hear from me quickly. I'm dealing with back issues presently and can't sit at the computer for long.
Your health comes first before anything else. I hope your back is better soon.
Since it has been many, many years since I've used Windows XP and Donna has more experience with helping with SP problems, please wait until you hear from her before proceeding.
Quote from: mare_wbpa on June 17, 2013, 06:14:43 PM
... I got into the system properties and clicked on automatic updates, but the "Offer updates again that I've previously hidden" wasn't highlighted and couldn't be clicked ...
If memory serves, the link will be greyed out/disabled if you have not hidden any updates ...
Your memory serves you well winchester73! You are spot on! :thumbsup:
And yes, mare_wbpa, I agree with Corrine, your health and well being is first priority. Please don't worry about us. We're here for you whenever you need us. So please take your time.
I don't think that SP3 update is going to install at the moment so you might be wasting your time.
If you haven't started working on the update issue, please focus on my instructions concerning getting Firefox into safe mode and checking the plugins to see which might be causing issues.
Thanks for your understanding Corrine and Donna. I've been playing around with the plugins. The one that definitely messes things up is Shockwave Flash. It runs best with all the plugins disabled. I have 2 that are Garmin related. Do I need both? There are 6 that are Realdownloader related, I don't know what they are and don't remember downloading them There are 2 exactly the same that are titled Microsoft DRM don't know what they are. There is also 1 called Windows Presentation Foundation that I'm not familiar with.
Hi mare_wbpa,
Sorry for the delay.
Do you recall if Shockwave Flash was one of the plugins you had updated earlier? If not, please do so.
The 2 plugins for Garmin may both depend on Garmin. Do you use Garmin? It's a GPS (global positioning system) used for maps. If not, you can uninstall it.Let me know if you do in your next post.
As for the plugins related to RealPlayer, go ahead and uninstall all of those since they may have been installed along with downloads as foistware.
Also, go to Start > Add/Remove Programs and uninstall RealPlayer 16.0.
Microsoft DRM is related to Windows Media Player 9 (WMP) and above. Hear tell that of you remove or disable it WMP may crash, so I'd leave that.
As for the Windows Presentation Foundation plugin, give me moment to ask about that. I believe that plugin is more for developers than typical users such as you and I. Disabling it won't hurt.
Let me know when your are finished and we'll continue from there.
Donna :)
Hi Donna. Yes, I use Garmin. I recently bought one with lifetime maps and had to register it to be able to update the maps. There are 2 versions on the update list 4.0.3.0 &4.0.4.0. The 4.0.4.0 was the latest updated. Shockwave was updated on 6/15/13. There are 6 plugins starting with Real in the beginning of their name the only one that appears in the add/remove list is Real Player. When I clicked on remove, a list popped up asking to check the components I wanted to remove. There were Real Player, My Library and Favorites. I only checked Real player. and it wouldn't uninstall. A box popped up with a progress bar, it came across 2 segments and stayed there.
I retried the Real Player uninstall and it was successful. I checked the plugin list and the others with Real as a prefix now have an option to remove from the plugin list. I thought I'd check before I removed the other Reals, there's a RealDownloader plugin, RealNetworks RealDownloader Chrome Bacckground, RealNetworks RealDownloader HTMLVideo Shim Pl, RealNetworks RealDownloader Pepper flash video shi
Yes, please. Go ahead and remove the other "reals". After you've done that, a fresh OTL log would be helpful.
Please do the following to provide fresh OTL logs:
- Right-click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
- Click the Scan All Users checkbox
and
- Check the option for All under the "Extra Registry" section
- Click Run Scan at the top left hand corner.
- When done, two Notepad files will open.
- OTL.txt <-- Will be opened, maximized
- Extras.txt <-- Will be minimized on task bar.
- Please post the contents of both OTL.txt and Extras.txt files in your next reply.
Before I do anything else I want to mention that while I was in the Add/remove list I noticed that there are no Windows updates listed after 2010, except the ones I've done recently.
Since you have CCleaner installed, I suspect that you had "Windows Log Files" checked under Cleaner > System, which would have removed the name of the updates from the list.
I wish they would rethink some of the default settings in Ccleaner. Those Windows Log files are very important as they document many events and activities, such as access, policy changes, Internet use, tasks, and so on. It is also designed by default to clear out Memory Dumps as well which are useful when trying to track down causes of Blue Screens too!
Personally, I would uninstall Ccleaner and use TFC by Oldtimer (http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/) which is not as aggressive though the choice is yours.
We'll see what we can do about getting SP3 installed as soon as we succeed in removing all the unwanted plugins.
OTL logfile created on: 6/24/2013 10:32:29 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
383.48 Mb Total Physical Memory | 88.95 Mb Available Physical Memory | 23.20% Memory free
1.03 Gb Paging File | 0.49 Gb Available in Paging File | 47.38% Paging File free
Paging file location(s): C:\pagefile.sys 600 1200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.41 Gb Total Space | 126.33 Gb Free Space | 70.02% Space Free | Partition Type: NTFS
Drive D: | 5.88 Gb Total Space | 0.87 Gb Free Space | 14.85% Space Free | Partition Type: FAT32
Computer Name: YOUR-F78BF48CE2 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Processes (SafeList) ==========
PRC - [2013/06/11 19:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/06/04 09:31:40 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/11/10 20:19:14 | 001,130,496 | ---- | M] (Zhorn Software) -- C:\Program Files\Stickies\stickies.exe
PRC - [2011/10/05 10:25:42 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
PRC - [2010/11/18 05:05:07 | 000,862,032 | R--- | M] (Storage Appliance Corp.) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe
PRC - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2004/08/04 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/11 12:15:58 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8eca92a64c232f34b5b559625b022369\System.Xml.Linq.ni.dll
MOD - [2012/10/11 12:15:57 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2012/10/11 12:12:19 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll
MOD - [2012/10/11 12:12:07 | 017,629,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2012/10/11 12:11:40 | 000,721,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\09a97525ae5583cc2685e2c39a3078bd\System.Security.ni.dll
MOD - [2012/10/11 12:11:35 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/10/11 12:11:24 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/10/11 12:11:11 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/10/11 12:11:02 | 013,006,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/10/11 12:10:47 | 001,651,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/10/11 12:10:35 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/10/11 12:10:10 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/10/11 12:09:43 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2011/11/10 20:18:30 | 000,049,152 | ---- | M] () -- C:\Program Files\Stickies\shook70.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/06 00:17:07 | 000,147,493 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll
MOD - [2009/02/06 00:17:07 | 000,094,243 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll
MOD - [2009/02/06 00:17:07 | 000,061,496 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll
MOD - [2009/02/06 00:17:07 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\frext-6750491.dll
MOD - [2009/02/06 00:17:07 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\BWfiles-6750491.dll
MOD - [2009/02/06 00:17:02 | 000,126,976 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\HPClientExt.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/15 13:12:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/21 18:49:03 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\intelppm.sys -- (intelppm)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2013/05/20 20:06:25 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/07/12 13:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/04/20 12:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/04/12 12:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 12:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/03/09 10:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/19 14:21:56 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/06/29 13:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/11 18:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/29 17:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4cc4603f&v=6.11.25.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4cc4603f&v=6.11.25.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes,DefaultScope = {3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes\{3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLH
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/22 20:26:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks [2010/01/31 19:07:40 | 000,000,000 | ---D | M]
[2009/08/29 18:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2013/04/13 21:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions
[2010/06/12 16:20:39 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2013/04/13 21:10:44 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)
[2013/06/21 10:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions
[2012/11/29 19:36:49 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 10:58:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 16:20:39 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2013/04/13 21:44:24 | 000,019,225 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\newtabgoogle@graememcc.co.uk.xpi
[2013/06/21 10:53:55 | 000,178,105 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\rapportive@rapportive.com.xpi
[2013/05/21 18:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/21 18:49:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - homepage:
CHR - homepage:
CHR - Extension: No name found = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl(2)\5(2).0_0\
O1 HOSTS File: ([2013/06/09 18:02:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKU\S-1-5-21-3067886581-847020557-550397895-1009..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background File not found
O4 - HKU\S-1-5-21-3067886581-847020557-550397895-1009..\Run: [SacReminderHDDV2N] C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D9CC6F-26E4-4C91-A6EC-9E1BA6683FAC}: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/27 00:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\AutoRun\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\install\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualEnglish\command - "" = K:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualFrench\command - "" = K:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualSpanish\command - "" = K:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell - "" = AutoRun
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell\AutoRun\command - "" = K:\StartClickFreeBackup.exe
O33 - MountPoints2\{a3ee96ed-8aa7-11de-b65c-0013d41842a8}\Shell\AutoRun\command - "" = L:\MI.exe
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 360 Days ==========
[2013/06/13 20:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\RK_Quarantine
[2013/06/13 17:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/06/11 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/10 20:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/10 19:13:34 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/06/10 19:13:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\.#
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\WINDOWS
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Shared
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2013/06/09 18:06:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/06/06 11:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/06 11:53:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/05 18:18:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/05 18:18:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/05 18:18:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/05 18:18:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/05 18:18:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/05 18:17:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/06/05 17:24:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/06/05 17:23:19 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/03 19:36:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2013/06/03 11:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/06/02 21:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/06/02 11:57:25 | 000,000,000 | ---D | C] -- C:\8b92052dd8fbc345a9bdf0e9
[2013/05/30 20:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Wildtangent
[2013/05/30 19:57:50 | 000,000,000 | ---D | C] -- C:\d321eb98beeded867b1c1470
[2013/05/28 17:52:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2013/05/28 17:52:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2013/05/28 17:39:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013/05/26 13:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2013/05/24 13:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2013/05/24 13:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/05/22 19:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2013/05/22 19:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2013/05/22 19:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/05/22 11:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/05/22 11:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013/05/22 11:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Vafmusic2
[2013/05/22 11:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Web Backups
[2013/04/14 13:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/13 21:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Smilebox
[2013/04/13 21:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Smilebox
[2013/04/13 21:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2013/04/13 21:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Scholastic
[2013/04/13 21:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Scholastic
[2013/04/13 21:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft MediaImpression for Kodak
[2013/04/13 20:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SwvUpdater(2)
[2013/04/13 20:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_New(2)
[2013/04/13 20:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect(2)
[2013/04/13 20:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)
[2012/12/11 12:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\AVG2013
[2012/12/11 12:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Avg2013
[2012/12/11 12:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software
[2012/12/11 12:33:10 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/12/11 11:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Avg2013
[2012/12/05 11:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\AlbumPlusCache
[2012/10/25 03:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2012/10/11 18:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2012/10/11 18:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garmin
[2012/10/11 18:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2012/10/11 12:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/10/11 11:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Garmin
[2012/09/29 11:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/09/29 11:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\MFAData
[2012/09/21 04:46:00 | 000,245,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
[2012/08/27 19:36:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2012/08/16 14:12:06 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2010/07/27 17:25:12 | 000,055,296 | ---- | C] (CANON INC.) -- C:\Documents and Settings\Compaq_Owner\cnmss Canon MX310 series Printer (Local).dll
========== Files - Modified Within 360 Days ==========
[2013/06/24 10:25:04 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/23 12:43:37 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MX310 series Printer.lnk
[2013/06/23 12:35:11 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/06/23 12:34:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/23 12:34:52 | 402,182,144 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/22 12:22:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/15 13:11:49 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/06/15 13:11:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/06/13 21:06:18 | 000,007,532 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2013/06/13 21:06:17 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Rogue Killer ScAN.wps
[2013/06/13 17:41:46 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/06/12 19:15:47 | 000,174,872 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Log 2.wps
[2013/06/11 22:41:37 | 000,082,779 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL log.rtf
[2013/06/10 11:39:29 | 000,003,592 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/09 18:09:26 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combofix4.5.wps
[2013/06/09 18:02:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/09 13:21:17 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Comvofix 3 log.wps
[2013/06/08 19:06:43 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\comdo fix2.wps
[2013/06/07 20:42:11 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combo fix log.wps
[2013/06/06 11:55:08 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/03 15:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/02 21:22:00 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/02 21:03:44 | 000,503,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/02 21:03:44 | 000,088,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/28 17:45:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/05/24 13:38:42 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/20 20:06:25 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/04/15 14:08:06 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Install Windows Password Recovery.lnk
[2013/04/13 20:41:36 | 000,001,657 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2013/03/09 20:47:47 | 000,000,058 | ---- | M] () -- C:\Config_BackUp.ini
[2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
[2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2013/01/15 21:16:02 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/01/02 19:55:16 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Untitled Document 5.wps
[2012/12/05 11:20:02 | 000,246,272 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\My Album.sap
[2012/10/25 03:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2012/10/11 18:12:25 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Garmin Lifetime Updater.lnk
[2012/10/09 21:57:55 | 000,001,095 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Clickfree BackupLink.lnk
[2012/09/06 19:37:37 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\To Kill A Mockingbird.wps
[2012/08/16 14:12:06 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
========== Files Created - No Company Name ==========
[2013/06/13 21:06:14 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Rogue Killer ScAN.wps
[2013/06/11 22:48:14 | 000,174,872 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Log 2.wps
[2013/06/11 22:38:53 | 000,082,779 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL log.rtf
[2013/06/10 19:15:55 | 402,182,144 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/09 18:09:26 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combofix4.5.wps
[2013/06/09 13:21:17 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Comvofix 3 log.wps
[2013/06/08 19:06:43 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\comdo fix2.wps
[2013/06/07 20:42:11 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combo fix log.wps
[2013/06/06 11:55:08 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/05 18:18:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/05 18:18:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/05 18:18:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/05 18:18:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/05 18:18:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/28 17:45:45 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2013/05/28 17:45:42 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2013/05/22 20:02:24 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:54:22 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/13 19:16:04 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/15 14:07:48 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Install Windows Password Recovery.lnk
[2013/04/10 22:50:59 | 000,001,657 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/01/15 21:16:01 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/01/15 21:15:59 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/02 19:55:15 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Untitled Document 5.wps
[2012/12/28 15:00:20 | 000,003,592 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/11 12:33:48 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/10/12 19:54:54 | 000,244,382 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3067886581-847020557-550397895-1009-0.dat
[2012/10/11 21:54:45 | 000,244,382 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/10/11 18:12:24 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Garmin Lifetime Updater.lnk
[2012/09/06 19:37:37 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\To Kill A Mockingbird.wps
[2012/01/13 12:34:27 | 000,011,058 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\af8798e8
[2011/04/09 21:40:52 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\23Cegp.dat
[2010/10/20 23:15:45 | 000,009,194 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\.recently-used.xbel
[2009/03/14 22:28:40 | 000,007,532 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2009/03/12 21:41:24 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2009/02/05 23:45:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/18 12:20:31 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
OTL Extras logfile created on: 6/24/2013 10:32:29 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
383.48 Mb Total Physical Memory | 88.95 Mb Available Physical Memory | 23.20% Memory free
1.03 Gb Paging File | 0.49 Gb Available in Paging File | 47.38% Paging File free
Paging file location(s): C:\pagefile.sys 600 1200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.41 Gb Total Space | 126.33 Gb Free Space | 70.02% Space Free | Partition Type: NTFS
Drive D: | 5.88 Gb Total Space | 0.87 Gb Free Space | 14.85% Space Free | Partition Type: FAT32
Computer Name: YOUR-F78BF48CE2 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (All) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" (InterMute, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"53271:UDP" = 53271:UDP:*:Enabled:SacNetAgentCommunicationPort1
"53272:TCP" = 53272:TCP:*:Enabled:SacNetAgentCommunicationPort2
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Compaq_Owner\Application Data\Smilebox\SmileboxStarter.exe" = C:\Documents and Settings\Compaq_Owner\Application Data\Smilebox\SmileboxStarter.exe:*:Disabled:Smilebox -- (Smilebox, Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zS33.tmp\SymNRT.exe" = C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zS33.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe" = C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe:*:Enabled:SacNetAgentService -- (Storage Appliance Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2AE79B77-E3FA-4F9C-93D7-4FC643516D6A}" = AVG 2013
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3C678CC5-CCA1-4FA3-BFDF-5623AACA28A3}" = Serif AlbumPlus SE PRO
"{3DBE74CE-8983-11D4-9410-0000C03AAEB6}" = Pattern Maker for cross stitch Update - V3.10
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5360DF11-A876-460B-9953-6817AA2BF9D5}" = Photo Explosion Deluxe
"{5C3E7689-3832-4962-AE35-85EBE4C846BE}" = SA30xx Media Converter
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{661F85B9-FB7F-4884-BFCB-09C71930BA8F}" = ArcSoft MediaImpression for Kodak
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6A91A0E8-6B1B-4968-89B3-D0A4436FFC27}" = SA30xx Media Converter
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{708B7143-D316-459C-9CD1-BA41DFF521E5}" = Deal or No Deal - Secret Vault Games
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80AAD9DF-7E64-40D2-80D2-BECA41593EEB}" = AMT 2.0
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{92D8437A-9070-43EC-B9D6-9CCD47F981BA}" = calibre
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9AAD03E8-4F65-4DE2-8F6C-1B079C0C8521}" = Garmin Lifetime Updater
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBACCC0D-7B8B-4C3E-AA96-B6C64DCF19BB}" = LS_HSI
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D6E3D6E6-8AFA-11D4-9410-0000C03AAEB6}" = Pattern Maker for cross stitch - Std
"{D774186B-031F-4186-BC4D-B256B9831B85}" = AVG 2013
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E78FC917-C21B-11D2-99FE-00105A98B681}" = Microsoft Picture It! 2000
"{E8972F40-874D-4FA6-A6F4-52A8C99D8DDA}" = Serif PhotoPlus X3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FFC7BA3F-3B0E-4BD8-B638-8547F4E841C0}" = Nickelodeon Toon Twister 3-D
"045C89A0-CA37-443C-8826-F750227DE69C" = Shooting Stars Pool from Compaq (remove only)
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only)
"3330A279-CC39-4A17-AE19-DA464B26AD9A" = Polar Golfer from Compaq (remove only)
"657A0149-EEC7-4FB2-AB4F-CB7AA027748E" = Final Drive Nitro from Compaq (remove only)
"66195170-D19D-46C5-8FB7-8A4630071ADC" = Tradewinds from Compaq (remove only)
"75528D5F-DD82-402E-BA7C-045B7DC6A712" = Blasterball 2 from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E" = Slyder from Compaq (remove only)
"9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9" = Blasterball 2 Remix from Compaq (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_PhotoShop_Album" = Remove Adobe Photoshop Album 2.0 Starter Edition installer
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Amazon Kindle" = Amazon Kindle
"AVG" = AVG 2013
"BackWeb-6750491 Uninstaller" = Compaq Connections
"BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF" = Blackhawk Striker 2 from Compaq (remove only)
"C43D84CD-EBFC-48D3-A330-7868C8AD415A" = Crystal Maze from Compaq (remove only)
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCCDE323-C76D-44DA-BB5B-B8ABE767756E" = Phoenix Assault from Compaq (remove only)
"CCleaner" = CCleaner
"D06AB82F-D68E-405A-9886-AB8804291B6D" = Blasterball 2 Holidays from Compaq (remove only)
"DE87FA96-7840-420C-86F9-33F3B7B3CED1" = Super Granny from Compaq (remove only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"EZ Tape Converter by MixMeister_is1" = EZ Tape Converter 2.0.0 by MixMeister
"F05A08BF-E600-4FBD-A53A-3D47296B1275" = Lexibox Deluxe from Compaq (remove only)
"FA7F5211-C629-4711-BD82-7DFFB08CB518" = Overball from Compaq (remove only)
"Free Convert MOV AVI to FLV Flash WMV Converter_is1" = Free Convert MOV AVI to FLV Flash WMV Converter 5.8
"GameChannel" = WildTangent GameChannel (remove only)
"Help and Support Additions" = Help and Support Additions
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Money" = Remove Microsoft Money 2005 installer
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Revo Uninstaller" = Revo Uninstaller 1.83
"SCRABBLE" = SCRABBLE
"SiS VGA Driver" = SiS VGA Utilities
"Sure Cuts A Lot 2_is1" = Sure Cuts A Lot 2.029
"The File Splitter 1.31_is1" = The File Splitter 1.31
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"WeatherBug" = Remove WeatherBug installer
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"ZhornStickies" = Stickies 7.1b
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Smilebox" = Smilebox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/22/2013 1:24:23 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application r1puninst.exe, version 16.0.2.32, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/22/2013 1:25:40 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/22/2013 8:24:51 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application r1puninst.exe, version 16.0.2.32, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/22/2013 8:46:56 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/22/2013 10:02:14 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application PhotoPls.exe, version 13.0.2.12, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/22/2013 10:02:14 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application PhotoPls.exe, version 13.0.2.12, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/22/2013 10:02:14 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application PhotoPls.exe, version 13.0.2.12, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/23/2013 6:38:10 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 21.0.0.4879, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/23/2013 6:38:10 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 21.0.0.4879, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/23/2013 6:38:10 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 21.0.0.4879, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ Application Events ]
Error - 6/22/2013 1:24:23 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application r1puninst.exe, version 16.0.2.32, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/22/2013 1:25:40 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/22/2013 8:24:51 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application r1puninst.exe, version 16.0.2.32, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/22/2013 8:46:56 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/22/2013 10:02:14 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application PhotoPls.exe, version 13.0.2.12, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/22/2013 10:02:14 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application PhotoPls.exe, version 13.0.2.12, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/22/2013 10:02:14 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application PhotoPls.exe, version 13.0.2.12, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 6/23/2013 6:38:10 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 21.0.0.4879, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/23/2013 6:38:10 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 21.0.0.4879, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 6/23/2013 6:38:10 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 21.0.0.4879, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 6/21/2013 1:54:18 PM | Computer Name = YOUR-F78BF48CE2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 6/22/2013 12:25:21 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%2
Error - 6/22/2013 12:25:21 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.2.0 service failed to start due to the following
error: %%2
Error - 6/22/2013 1:30:23 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%2
Error - 6/22/2013 1:30:23 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.2.0 service failed to start due to the following
error: %%2
Error - 6/22/2013 1:32:05 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7022
Description = The AVGIDSAgent service hung on starting.
Error - 6/23/2013 12:37:28 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7000
Description = The Aspi32 service failed to start due to the following error: %%2
Error - 6/23/2013 12:37:28 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.2.0 service failed to start due to the following
error: %%2
Error - 6/23/2013 1:54:20 PM | Computer Name = YOUR-F78BF48CE2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.
Error - 6/24/2013 10:15:30 AM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.
< End of report >
Hi mare_wbpa,
Thanks for the logs. :smiley:
Please do the following to remove all the residuals that might be lurking in the back ground. There's quite a bit to copy, so please take your time and make sure that all is highlighted.
- Double click on the (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FComputer%2520Help%2FOTLicon.jpg&hash=6db21fc4deae732f2a139118f47a41c2a6631dd4) to open the program.
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Quote
:Commands
[createrestorepoint}
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/05/22 19:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/05/22 19:52:14 | 000,000,000 | ---D | M]
[2013/04/13 21:10:44 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)
[2013/05/22 19:50:40 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
[2013/05/22 19:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\RealNetworks
[2013/05/22 19:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/05/22 19:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks
[2013/05/22 19:50:51 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/05/22 19:50:33 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/05/22 19:50:33 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/05/22 19:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2013/05/22 19:50:29 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/05/24 13:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2013/05/24 13:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/05/22 19:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2013/05/22 19:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2013/05/22 11:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013/06/11 19:13:42 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/24 13:38:42 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:52:40 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/05/22 19:50:51 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/05/22 19:50:33 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/05/22 19:50:33 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/05/22 19:50:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/05/22 20:02:24 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:54:22 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:52:40 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/04/13 20:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_New(2)
[2013/04/13 20:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect(2)
[2013/04/13 20:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)
[2013/06/23 12:35:11 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 16.0]
:commands
[emptytemp]
- Make sure all other windows are closed.
- Click the Run Fix button at the top
- Let the program run uninterupted. The computer should reboot when the scan is done. If not, please reboot the computer.
- Post the log that is found in C:\_OTL\Moved Files in your next reply.
- Open OTL again and click the Quick Scan button. Please post the log it produces in your next reply along with the fix log.
In your next post, let us know if you are still receiving errors. Also post the following log:
C:\_OTL\Moved Files\Fix log (dated for time ran)
New OTL.txt logThank you,
Donna :)
This is the scan after the Run/Fix scan:
OTL logfile created on: 6/24/2013 10:32:29 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
383.48 Mb Total Physical Memory | 88.95 Mb Available Physical Memory | 23.20% Memory free
1.03 Gb Paging File | 0.49 Gb Available in Paging File | 47.38% Paging File free
Paging file location(s): C:\pagefile.sys 600 1200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.41 Gb Total Space | 126.33 Gb Free Space | 70.02% Space Free | Partition Type: NTFS
Drive D: | 5.88 Gb Total Space | 0.87 Gb Free Space | 14.85% Space Free | Partition Type: FAT32
Computer Name: YOUR-F78BF48CE2 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Processes (SafeList) ==========
PRC - [2013/06/11 19:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/06/04 09:31:40 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/11/10 20:19:14 | 001,130,496 | ---- | M] (Zhorn Software) -- C:\Program Files\Stickies\stickies.exe
PRC - [2011/10/05 10:25:42 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
PRC - [2010/11/18 05:05:07 | 000,862,032 | R--- | M] (Storage Appliance Corp.) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe
PRC - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2004/08/04 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/11 12:15:58 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8eca92a64c232f34b5b559625b022369\System.Xml.Linq.ni.dll
MOD - [2012/10/11 12:15:57 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2012/10/11 12:12:19 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll
MOD - [2012/10/11 12:12:07 | 017,629,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2012/10/11 12:11:40 | 000,721,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\09a97525ae5583cc2685e2c39a3078bd\System.Security.ni.dll
MOD - [2012/10/11 12:11:35 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/10/11 12:11:24 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/10/11 12:11:11 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/10/11 12:11:02 | 013,006,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/10/11 12:10:47 | 001,651,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/10/11 12:10:35 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/10/11 12:10:10 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/10/11 12:09:43 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2011/11/10 20:18:30 | 000,049,152 | ---- | M] () -- C:\Program Files\Stickies\shook70.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/06 00:17:07 | 000,147,493 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll
MOD - [2009/02/06 00:17:07 | 000,094,243 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll
MOD - [2009/02/06 00:17:07 | 000,061,496 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll
MOD - [2009/02/06 00:17:07 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\frext-6750491.dll
MOD - [2009/02/06 00:17:07 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\BWfiles-6750491.dll
MOD - [2009/02/06 00:17:02 | 000,126,976 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\HPClientExt.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/15 13:12:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/21 18:49:03 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\intelppm.sys -- (intelppm)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2013/05/20 20:06:25 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/07/12 13:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/04/20 12:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/04/12 12:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 12:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/03/09 10:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/19 14:21:56 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/06/29 13:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/11 18:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/29 17:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4cc4603f&v=6.11.25.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4cc4603f&v=6.11.25.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes,DefaultScope = {3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes\{3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLH
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3067886581-847020557-550397895-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/22 20:26:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks [2010/01/31 19:07:40 | 000,000,000 | ---D | M]
[2009/08/29 18:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2013/04/13 21:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions
[2010/06/12 16:20:39 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2013/04/13 21:10:44 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)
[2013/06/21 10:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions
[2012/11/29 19:36:49 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 10:58:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 16:20:39 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2013/04/13 21:44:24 | 000,019,225 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\newtabgoogle@graememcc.co.uk.xpi
[2013/06/21 10:53:55 | 000,178,105 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\rapportive@rapportive.com.xpi
[2013/05/21 18:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/21 18:49:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - homepage:
CHR - homepage:
CHR - Extension: No name found = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl(2)\5(2).0_0\
O1 HOSTS File: ([2013/06/09 18:02:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKU\S-1-5-21-3067886581-847020557-550397895-1009..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background File not found
O4 - HKU\S-1-5-21-3067886581-847020557-550397895-1009..\Run: [SacReminderHDDV2N] C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3067886581-847020557-550397895-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D9CC6F-26E4-4C91-A6EC-9E1BA6683FAC}: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/27 00:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\AutoRun\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\install\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualEnglish\command - "" = K:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualFrench\command - "" = K:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualSpanish\command - "" = K:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell - "" = AutoRun
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell\AutoRun\command - "" = K:\StartClickFreeBackup.exe
O33 - MountPoints2\{a3ee96ed-8aa7-11de-b65c-0013d41842a8}\Shell\AutoRun\command - "" = L:\MI.exe
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 360 Days ==========
[2013/06/13 20:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\RK_Quarantine
[2013/06/13 17:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/06/11 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/10 20:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/10 19:13:34 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/06/10 19:13:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\.#
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\WINDOWS
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Shared
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2013/06/09 18:06:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/06/06 11:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/06 11:53:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/05 18:18:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/05 18:18:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/05 18:18:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/05 18:18:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/05 18:18:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/05 18:17:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/06/05 17:24:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/06/05 17:23:19 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/03 19:36:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2013/06/03 11:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/06/02 21:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/06/02 11:57:25 | 000,000,000 | ---D | C] -- C:\8b92052dd8fbc345a9bdf0e9
[2013/05/30 20:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Wildtangent
[2013/05/30 19:57:50 | 000,000,000 | ---D | C] -- C:\d321eb98beeded867b1c1470
[2013/05/28 17:52:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2013/05/28 17:52:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2013/05/28 17:39:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013/05/26 13:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2013/05/24 13:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2013/05/24 13:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/05/22 19:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2013/05/22 19:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2013/05/22 19:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/05/22 11:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/05/22 11:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013/05/22 11:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Vafmusic2
[2013/05/22 11:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Web Backups
[2013/04/14 13:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/13 21:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Smilebox
[2013/04/13 21:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Smilebox
[2013/04/13 21:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2013/04/13 21:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Scholastic
[2013/04/13 21:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Scholastic
[2013/04/13 21:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft MediaImpression for Kodak
[2013/04/13 20:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SwvUpdater(2)
[2013/04/13 20:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_New(2)
[2013/04/13 20:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect(2)
[2013/04/13 20:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)
[2012/12/11 12:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\AVG2013
[2012/12/11 12:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Avg2013
[2012/12/11 12:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software
[2012/12/11 12:33:10 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/12/11 11:42:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Avg2013
[2012/12/05 11:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\AlbumPlusCache
[2012/10/25 03:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2012/10/11 18:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2012/10/11 18:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Garmin
[2012/10/11 18:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2012/10/11 12:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/10/11 11:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Garmin
[2012/09/29 11:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/09/29 11:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\MFAData
[2012/09/21 04:46:00 | 000,245,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
[2012/08/27 19:36:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2012/08/16 14:12:06 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2010/07/27 17:25:12 | 000,055,296 | ---- | C] (CANON INC.) -- C:\Documents and Settings\Compaq_Owner\cnmss Canon MX310 series Printer (Local).dll
========== Files - Modified Within 360 Days ==========
[2013/06/24 10:25:04 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/23 12:43:37 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MX310 series Printer.lnk
[2013/06/23 12:35:11 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/06/23 12:34:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/23 12:34:52 | 402,182,144 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/22 12:22:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/15 13:11:49 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/06/15 13:11:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/06/13 21:06:18 | 000,007,532 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2013/06/13 21:06:17 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Rogue Killer ScAN.wps
[2013/06/13 17:41:46 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/06/12 19:15:47 | 000,174,872 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Log 2.wps
[2013/06/11 22:41:37 | 000,082,779 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL log.rtf
[2013/06/10 11:39:29 | 000,003,592 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/09 18:09:26 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combofix4.5.wps
[2013/06/09 18:02:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/09 13:21:17 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Comvofix 3 log.wps
[2013/06/08 19:06:43 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\comdo fix2.wps
[2013/06/07 20:42:11 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combo fix log.wps
[2013/06/06 11:55:08 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/03 15:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/02 21:22:00 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/02 21:03:44 | 000,503,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/02 21:03:44 | 000,088,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/28 17:45:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/05/24 13:38:42 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/20 20:06:25 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/04/15 14:08:06 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Install Windows Password Recovery.lnk
[2013/04/13 20:41:36 | 000,001,657 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys
[2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2013/03/09 20:47:47 | 000,000,058 | ---- | M] () -- C:\Config_BackUp.ini
[2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avglogx.sys
[2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidshx.sys
[2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2013/01/15 21:16:02 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/01/02 19:55:16 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Untitled Document 5.wps
[2012/12/05 11:20:02 | 000,246,272 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\My Album.sap
[2012/10/25 03:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2012/10/11 18:12:25 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Garmin Lifetime Updater.lnk
[2012/10/09 21:57:55 | 000,001,095 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Clickfree BackupLink.lnk
[2012/09/06 19:37:37 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\To Kill A Mockingbird.wps
[2012/08/16 14:12:06 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
========== Files Created - No Company Name ==========
[2013/06/13 21:06:14 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Rogue Killer ScAN.wps
[2013/06/11 22:48:14 | 000,174,872 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Log 2.wps
[2013/06/11 22:38:53 | 000,082,779 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL log.rtf
[2013/06/10 19:15:55 | 402,182,144 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/09 18:09:26 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combofix4.5.wps
[2013/06/09 13:21:17 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Comvofix 3 log.wps
[2013/06/08 19:06:43 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\comdo fix2.wps
[2013/06/07 20:42:11 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combo fix log.wps
[2013/06/06 11:55:08 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/05 18:18:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/05 18:18:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/05 18:18:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/05 18:18:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/05 18:18:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/28 17:45:45 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2013/05/28 17:45:42 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2013/05/22 20:02:24 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:54:22 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/13 19:16:04 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/15 14:07:48 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Install Windows Password Recovery.lnk
[2013/04/10 22:50:59 | 000,001,657 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/01/15 21:16:01 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/01/15 21:15:59 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/02 19:55:15 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Untitled Document 5.wps
[2012/12/28 15:00:20 | 000,003,592 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/11 12:33:48 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/10/12 19:54:54 | 000,244,382 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3067886581-847020557-550397895-1009-0.dat
[2012/10/11 21:54:45 | 000,244,382 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/10/11 18:12:24 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Garmin Lifetime Updater.lnk
[2012/09/06 19:37:37 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\To Kill A Mockingbird.wps
[2012/01/13 12:34:27 | 000,011,058 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\af8798e8
[2011/04/09 21:40:52 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\23Cegp.dat
[2010/10/20 23:15:45 | 000,009,194 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\.recently-used.xbel
[2009/03/14 22:28:40 | 000,007,532 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2009/03/12 21:41:24 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2009/02/05 23:45:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/18 12:20:31 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Disregard the previous post. Here's the right log for Run/Fix:
All processes killed
========== COMMANDS ==========
Error: Unable to interpret < [createrestorepoint}> in the current context!
Error: Unable to interpret < FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)> in the current context!
Error: Unable to interpret < FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)> in the current context!
Error: Unable to interpret < FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)> in the current context!
Error: Unable to interpret < FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)> in the current context!
Error: Unable to interpret < FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)> in the current context!
Error: Unable to interpret < FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)> in the current context!
Error: Unable to interpret < FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/05/22 19:52:14 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret < FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/05/22 19:52:14 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret < [2013/04/13 21:10:44 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:40 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret < O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret < O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret < [2013/05/22 19:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\RealNetworks> in the current context!
Error: Unable to interpret < [2013/05/22 19:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks> in the current context!
Error: Unable to interpret < [2013/05/22 19:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:51 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:33 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:33 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:29 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll> in the current context!
Error: Unable to interpret < [2013/05/24 13:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan> in the current context!
Error: Unable to interpret < [2013/05/24 13:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller> in the current context!
Error: Unable to interpret < [2013/05/22 19:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\real> in the current context!
Error: Unable to interpret < [2013/05/22 19:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real> in the current context!
Error: Unable to interpret < [2013/05/22 11:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue> in the current context!
Error: Unable to interpret < [2013/06/11 19:13:42 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job> in the current context!
Error: Unable to interpret < [2013/05/24 13:38:42 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job> in the current context!
Error: Unable to interpret < [2013/05/22 19:52:40 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:51 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:33 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:33 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll> in the current context!
Error: Unable to interpret < [2013/05/22 20:02:24 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job> in the current context!
Error: Unable to interpret < [2013/05/22 19:54:22 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job> in the current context!
Error: Unable to interpret < [2013/05/22 19:52:40 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk> in the current context!
Error: Unable to interpret < [2013/04/13 20:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_New(2)> in the current context!
Error: Unable to interpret < [2013/04/13 20:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect(2)> in the current context!
Error: Unable to interpret < [2013/04/13 20:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)> in the current context!
Error: Unable to interpret < [2013/06/23 12:35:11 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job> in the current context!
Error: Unable to interpret < :reg> in the current context!
Error: Unable to interpret < [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}]> in the current context!
Error: Unable to interpret < [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}]> in the current context!
Error: Unable to interpret < [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 16.0]> in the current context!
Error: Unable to interpret < :commands> in the current context!
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Compaq_Owner
->Temp folder emptied: 11692158 bytes
->Temporary Internet Files folder emptied: 2717105 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64508080 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3334 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 964 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4888832 bytes
Total Files Cleaned = 80.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06252013_110645
Files\Folders moved on Reboot...
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Well jeezy pete's! Have you ever had one of those days? Yesterday was one of those for me and I am so glad it is behind me. I'd tell you all about my day but I'd have to write you a novel.
I'm going to have to have you run the script again. I am so sorry.
- Double click on the (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FComputer%2520Help%2FOTLicon.jpg&hash=6db21fc4deae732f2a139118f47a41c2a6631dd4) to open the program.
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Quote
:Commands
[CREATERESTOREPOINT]
:OTL
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/05/22 19:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/05/22 19:52:14 | 000,000,000 | ---D | M]
[2013/04/13 21:10:44 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)
[2013/05/22 19:50:40 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
[2013/05/22 19:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\RealNetworks
[2013/05/22 19:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/05/22 19:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks
[2013/05/22 19:50:51 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/05/22 19:50:33 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/05/22 19:50:33 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/05/22 19:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2013/05/22 19:50:29 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/05/24 13:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2013/05/24 13:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/05/22 19:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2013/05/22 19:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2013/05/22 11:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013/06/11 19:13:42 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/24 13:38:42 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:52:40 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/05/22 19:50:51 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/05/22 19:50:33 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/05/22 19:50:33 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/05/22 19:50:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/05/22 20:02:24 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:54:22 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:52:40 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/04/13 20:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_New(2)
[2013/04/13 20:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect(2)
[2013/04/13 20:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)
[2013/06/23 12:35:11 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 16.0]
:commands
[emptytemp]
- Make sure all other windows are closed.
- Click the Run Fix button at the top
- Let the program run uninterupted. The computer should reboot when the scan is done. If not, please reboot the computer.
- Post the log that is found in C:\_OTL\Moved Files in your next reply.
- Open OTL again and click the Quick Scan button. Please post the log it produces in your next reply along with the fix log.
Thank you so very much for your patience,
Donna :)
I'm the one who needs your patience. I can't believe that you and Corinne are hanging in with me this long. Here's the Run/fix scan:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)> in the current context!
Error: Unable to interpret < FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)> in the current context!
Error: Unable to interpret < FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)> in the current context!
Error: Unable to interpret < FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)> in the current context!
Error: Unable to interpret < FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)> in the current context!
Error: Unable to interpret < FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)> in the current context!
Error: Unable to interpret < FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/05/22 19:52:14 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret < FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/05/22 19:52:14 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret < [2013/04/13 21:10:44 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:40 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret < O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret < O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret < [2013/05/22 19:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\RealNetworks> in the current context!
Error: Unable to interpret < [2013/05/22 19:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks> in the current context!
Error: Unable to interpret < [2013/05/22 19:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:51 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:33 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:33 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:29 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll> in the current context!
Error: Unable to interpret < [2013/05/24 13:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan> in the current context!
Error: Unable to interpret < [2013/05/24 13:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller> in the current context!
Error: Unable to interpret < [2013/05/22 19:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\real> in the current context!
Error: Unable to interpret < [2013/05/22 19:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real> in the current context!
Error: Unable to interpret < [2013/05/22 11:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue> in the current context!
Error: Unable to interpret < [2013/06/11 19:13:42 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job> in the current context!
Error: Unable to interpret < [2013/05/24 13:38:42 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job> in the current context!
Error: Unable to interpret < [2013/05/22 19:52:40 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:51 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:33 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:33 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll> in the current context!
Error: Unable to interpret < [2013/05/22 19:50:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll> in the current context!
Error: Unable to interpret < [2013/05/22 20:02:24 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job> in the current context!
Error: Unable to interpret < [2013/05/22 19:54:22 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job> in the current context!
Error: Unable to interpret < [2013/05/22 19:52:40 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk> in the current context!
Error: Unable to interpret < [2013/04/13 20:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_New(2)> in the current context!
Error: Unable to interpret < [2013/04/13 20:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect(2)> in the current context!
Error: Unable to interpret < [2013/04/13 20:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)> in the current context!
Error: Unable to interpret < [2013/06/23 12:35:11 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job> in the current context!
Error: Unable to interpret < :reg> in the current context!
Error: Unable to interpret < [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}]> in the current context!
Error: Unable to interpret < [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}]> in the current context!
Error: Unable to interpret < [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 16.0]> in the current context!
Error: Unable to interpret < :commands> in the current context!
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Compaq_Owner
->Temp folder emptied: 26003 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19190597 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 18.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06252013_185550
Files\Folders moved on Reboot...
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Here's the Quik Scan log. It's quite lenghty for a Qiuk Scan
OTL logfile created on: 6/25/2013 7:18:54 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
383.48 Mb Total Physical Memory | 44.29 Mb Available Physical Memory | 11.55% Memory free
943.36 Mb Paging File | 245.94 Mb Available in Paging File | 26.07% Paging File free
Paging file location(s): C:\pagefile.sys 600 1200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.41 Gb Total Space | 126.34 Gb Free Space | 70.03% Space Free | Partition Type: NTFS
Drive D: | 5.88 Gb Total Space | 0.87 Gb Free Space | 14.85% Space Free | Partition Type: FAT32
Computer Name: YOUR-F78BF48CE2 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/06/11 19:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe
PRC - [2013/05/21 18:49:07 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2011/11/10 20:19:14 | 001,130,496 | ---- | M] (Zhorn Software) -- C:\Program Files\Stickies\stickies.exe
PRC - [2011/10/05 10:25:42 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
PRC - [2010/11/18 05:05:07 | 000,862,032 | R--- | M] (Storage Appliance Corp.) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe
PRC - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2004/08/04 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013/06/15 12:52:30 | 016,033,160 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/05/21 18:49:02 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/10 20:18:30 | 000,049,152 | ---- | M] () -- C:\Program Files\Stickies\shook70.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/06 00:17:07 | 000,147,493 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll
MOD - [2009/02/06 00:17:07 | 000,094,243 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll
MOD - [2009/02/06 00:17:07 | 000,061,496 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll
MOD - [2009/02/06 00:17:07 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\frext-6750491.dll
MOD - [2009/02/06 00:17:07 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\BWfiles-6750491.dll
MOD - [2009/02/06 00:17:02 | 000,126,976 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\HPClientExt.dll
MOD - [2004/08/04 00:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/15 13:12:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/21 18:49:03 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\intelppm.sys -- (intelppm)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2013/05/20 20:06:25 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/07/12 13:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/04/20 12:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/04/12 12:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 12:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/03/09 10:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/19 14:21:56 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/06/29 13:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/11 18:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/29 17:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLH
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/22 20:26:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks [2010/01/31 19:07:40 | 000,000,000 | ---D | M]
[2009/08/29 18:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2013/04/13 21:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions
[2010/06/12 16:20:39 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2013/04/13 21:10:44 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)
[2013/06/21 10:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions
[2012/11/29 19:36:49 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 10:58:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 16:20:39 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2013/04/13 21:44:24 | 000,019,225 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\newtabgoogle@graememcc.co.uk.xpi
[2013/06/21 10:53:55 | 000,178,105 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\rapportive@rapportive.com.xpi
[2013/05/21 18:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/21 18:49:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - homepage:
CHR - homepage:
CHR - Extension: No name found = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl(2)\5(2).0_0\
O1 HOSTS File: ([2013/06/09 18:02:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background File not found
O4 - HKCU..\Run: [SacReminderHDDV2N] C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D9CC6F-26E4-4C91-A6EC-9E1BA6683FAC}: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/27 00:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\AutoRun\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\install\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualEnglish\command - "" = K:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualFrench\command - "" = K:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualSpanish\command - "" = K:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell - "" = AutoRun
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell\AutoRun\command - "" = K:\StartClickFreeBackup.exe
O33 - MountPoints2\{a3ee96ed-8aa7-11de-b65c-0013d41842a8}\Shell\AutoRun\command - "" = L:\MI.exe
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/06/25 11:06:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/13 20:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\RK_Quarantine
[2013/06/13 17:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/06/11 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/10 20:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/10 19:13:34 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/06/10 19:13:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\.#
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\WINDOWS
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Shared
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2013/06/09 18:06:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/06/06 11:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/06 11:53:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/05 18:18:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/05 18:18:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/05 18:18:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/05 18:18:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/05 18:18:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/05 18:17:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/06/05 17:24:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/06/05 17:23:19 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/03 19:36:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2013/06/03 11:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/06/02 21:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/06/02 11:57:25 | 000,000,000 | ---D | C] -- C:\8b92052dd8fbc345a9bdf0e9
[2013/05/30 20:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Wildtangent
[2013/05/30 19:57:50 | 000,000,000 | ---D | C] -- C:\d321eb98beeded867b1c1470
[2013/05/28 17:52:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2013/05/28 17:52:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2013/05/28 17:39:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/07/27 17:25:12 | 000,055,296 | ---- | C] (CANON INC.) -- C:\Documents and Settings\Compaq_Owner\cnmss Canon MX310 series Printer (Local).dll
========== Files - Modified Within 30 Days ==========
[2013/06/25 19:25:27 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/25 19:00:45 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MX310 series Printer.lnk
[2013/06/25 18:59:12 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/06/25 18:58:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/25 18:58:52 | 402,182,144 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/25 12:54:11 | 000,007,996 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2013/06/25 12:27:24 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Quik Scan.wps
[2013/06/24 10:52:23 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL 6.wps
[2013/06/22 12:22:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/13 21:06:17 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Rogue Killer ScAN.wps
[2013/06/13 17:41:46 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/06/12 19:15:47 | 000,174,872 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Log 2.wps
[2013/06/11 22:41:37 | 000,082,779 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL log.rtf
[2013/06/10 11:39:29 | 000,003,592 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/09 18:09:26 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combofix4.5.wps
[2013/06/09 18:02:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/09 13:21:17 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Comvofix 3 log.wps
[2013/06/08 19:06:43 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\comdo fix2.wps
[2013/06/07 20:42:11 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combo fix log.wps
[2013/06/06 11:55:08 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/03 15:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/02 21:22:00 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/02 21:03:44 | 000,503,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/02 21:03:44 | 000,088,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/28 17:45:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
========== Files Created - No Company Name ==========
[2013/06/25 12:27:19 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Quik Scan.wps
[2013/06/24 10:50:48 | 000,184,832 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL 6.wps
[2013/06/13 21:06:14 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Rogue Killer ScAN.wps
[2013/06/11 22:48:14 | 000,174,872 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Log 2.wps
[2013/06/11 22:38:53 | 000,082,779 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL log.rtf
[2013/06/10 19:15:55 | 402,182,144 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/09 18:09:26 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combofix4.5.wps
[2013/06/09 13:21:17 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Comvofix 3 log.wps
[2013/06/08 19:06:43 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\comdo fix2.wps
[2013/06/07 20:42:11 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combo fix log.wps
[2013/06/06 11:55:08 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/05 18:18:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/05 18:18:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/05 18:18:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/05 18:18:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/05 18:18:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/28 17:45:45 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2013/05/28 17:45:42 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2012/12/28 15:00:20 | 000,003,592 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/12 19:54:54 | 000,244,382 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3067886581-847020557-550397895-1009-0.dat
[2012/10/11 21:54:45 | 000,244,382 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/13 12:34:27 | 000,011,058 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\af8798e8
[2011/04/09 21:40:52 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\23Cegp.dat
[2010/10/20 23:15:45 | 000,009,194 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\.recently-used.xbel
[2009/03/14 22:28:40 | 000,007,996 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2009/03/12 21:41:24 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2009/02/05 23:45:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/18 12:20:31 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/12/11 12:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2009/02/12 00:15:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/24 12:35:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/09/25 12:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CraftEdge
[2013/06/25 18:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/09/14 20:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2012/10/09 22:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N
[2009/02/09 00:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/06/10 19:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/15 13:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/08/31 14:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/12/26 21:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/19 18:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/12 19:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/06/10 19:13:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\.#
[2012/12/11 12:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\AVG2013
[2012/04/30 12:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\calibre
[2009/03/13 11:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Canon
[2009/08/26 16:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Clone2Go Video Converter Professional
[2013/05/26 14:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Garmin
[2010/10/20 23:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\inkscape
[2009/02/05 23:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute
[2009/02/09 17:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterVideo
[2009/02/06 12:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2010/08/08 20:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller
[2009/02/22 23:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\NewSoft
[2009/09/14 20:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Nova Development
[2010/01/11 21:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ooVoo Details
[2009/02/05 23:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2013/04/13 21:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)
[2010/10/17 21:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Serif
[2013/04/13 21:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Smilebox
[2013/06/25 18:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\stickies
[2013/04/13 21:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SwvUpdater(2)
[2009/03/14 22:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2012/12/11 12:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software
[2009/09/15 13:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Ulead Systems
[2013/05/22 11:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Uniblue
========== Purity Check ==========
< End of report >
Hm? That's still not right. I now see that OTL was downloaded to the Downloads folder, as shown below, instead of the desktop.
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
Could you go to the Downloads folder and drag and drop OTL onto the desktop please, and run the fix again? I'm quite sure that is the problem, though I am going to look into this error further, just in case.
I'll post the fix here so you don't have to go looking in the other post for it.
- Double click on the (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FComputer%2520Help%2FOTLicon.jpg&hash=6db21fc4deae732f2a139118f47a41c2a6631dd4) to open the program.
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Quote
:Commands
[CREATERESTOREPOINT]
:OTL
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/05/22 19:52:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/05/22 19:52:14 | 000,000,000 | ---D | M]
[2013/04/13 21:10:44 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)
[2013/05/22 19:50:40 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
[2013/05/22 19:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\RealNetworks
[2013/05/22 19:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/05/22 19:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks
[2013/05/22 19:50:51 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/05/22 19:50:33 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/05/22 19:50:33 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/05/22 19:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2013/05/22 19:50:29 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/05/24 13:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2013/05/24 13:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/05/22 19:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2013/05/22 19:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2013/05/22 11:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013/06/11 19:13:42 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/24 13:38:42 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:52:40 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/05/22 19:50:51 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/05/22 19:50:33 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/05/22 19:50:33 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/05/22 19:50:29 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/05/22 20:02:24 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:54:22 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job
[2013/05/22 19:52:40 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/04/13 20:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_New(2)
[2013/04/13 20:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect(2)
[2013/04/13 20:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)
[2013/06/23 12:35:11 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 16.0]
:commands
[emptytemp]
- Make sure all other windows are closed.
- Click the Run Fix button at the top
- Let the program run uninterupted. The computer should reboot when the scan is done. If not, please reboot the computer.
- Post the log that is found in C:\_OTL\Moved Files in your next reply.
- Open OTL again and click the Quick Scan button. Please post the log it produces in your next reply along with the fix log.
I copied this log from the notepad that popped up after the scan and reboot. Is that OK?
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32\ not found.
File c:\program files\real\realplayer\Netscape6\nppl3260.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2\ not found.
File C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2\ not found.
File C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2\ not found.
File C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32\ not found.
File c:\program files\real\realplayer\Netscape6\nprpplugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1\ not found.
File C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCE04E1F-9378-4f39-96F6-5689A9159E45}\ not found.
File C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABDE892B-13A8-4d1b-88E6-365A6E755758}\ not found.
File C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext not found.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\getsavin(2)\lib(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\getsavin(2)\data(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\getsavin(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\api-utils(2)\lib(2)\windows(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\api-utils(2)\lib(2)\window(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\api-utils(2)\lib(2)\utils(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\api-utils(2)\lib(2)\traits(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\api-utils(2)\lib(2)\tabs(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\api-utils(2)\lib(2)\system(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\api-utils(2)\lib(2)\private-browsing(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\api-utils(2)\lib(2)\l10n(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\api-utils(2)\lib(2)\events(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\api-utils(2)\lib(2)\event(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\api-utils(2)\lib(2)\dom(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\api-utils(2)\lib(2)\content(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\api-utils(2)\lib(2)\addon(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\api-utils(2)\lib(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\api-utils(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\addon-kit(2)\lib(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2)\addon-kit(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\resources(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\defaults(2)\preferences(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2)\defaults(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\getsavin@jetpack(2) folder moved successfully.
File C:\Program Files\mozilla firefox\plugins\nprpplugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Folder C:\Documents and Settings\Compaq_Owner\Application Data\RealNetworks\ not found.
Folder C:\Program Files\RealNetworks\ not found.
Folder C:\Documents and Settings\All Users\Application Data\RealNetworks\ not found.
File C:\WINDOWS\System32\rmoc3260.dll not found.
File C:\WINDOWS\System32\pndx5016.dll not found.
File C:\WINDOWS\System32\pndx5032.dll not found.
Folder C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks\ not found.
File C:\WINDOWS\System32\pncrt.dll not found.
C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\4.0.1.16 folder moved successfully.
C:\Program Files\Norton Security Scan\Norton Security Scan\Engine folder moved successfully.
C:\Program Files\Norton Security Scan\Norton Security Scan folder moved successfully.
C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1(3).16\09(2)\01(2) folder moved successfully.
C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1(3).16\09(2) folder moved successfully.
C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1(3).16 folder moved successfully.
C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1(2).16\09\01 folder moved successfully.
C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1(2).16\09 folder moved successfully.
C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\4.0.1(2).16 folder moved successfully.
C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType folder moved successfully.
C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS folder moved successfully.
C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35} folder moved successfully.
C:\Program Files\NortonInstaller folder moved successfully.
C:\Program Files\real\realplayer\Update folder moved successfully.
C:\Program Files\real\realplayer folder moved successfully.
C:\Program Files\real folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Real\Update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Real\RealUpgrade folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Real\RealPlayer folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Real folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\Third party Terms folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\se\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\se folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\ru\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\ru folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\no\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\no folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\nl\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\nl folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\jp\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\jp folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\it\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\it folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\fr\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\fr folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\fi\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\fi folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\es\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\es folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\en\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\en folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\dk\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\dk folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\de\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\de folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\br\LC_MESSAGES folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale\br folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC\locale folder moved successfully.
C:\Program Files\Uniblue\SpeedUpMyPC folder moved successfully.
C:\Program Files\Uniblue folder moved successfully.
C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job moved successfully.
C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job moved successfully.
File C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk not found.
File C:\WINDOWS\System32\rmoc3260.dll not found.
File C:\WINDOWS\System32\pndx5016.dll not found.
File C:\WINDOWS\System32\pndx5032.dll not found.
File C:\WINDOWS\System32\pncrt.dll not found.
File C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job not found.
File C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3067886581-847020557-550397895-1009.job not found.
File C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk not found.
C:\Program Files\WhiteSmoke_New(2) folder moved successfully.
C:\Program Files\SearchProtect(2)\ffprotect(2) folder moved successfully.
C:\Program Files\SearchProtect(2)\Dialogs(2)\spsd(2)\images(2) folder moved successfully.
C:\Program Files\SearchProtect(2)\Dialogs(2)\spsd(2) folder moved successfully.
C:\Program Files\SearchProtect(2)\Dialogs(2)\spbd(2)\images(2) folder moved successfully.
C:\Program Files\SearchProtect(2)\Dialogs(2)\spbd(2) folder moved successfully.
C:\Program Files\SearchProtect(2)\Dialogs(2)\lib(2) folder moved successfully.
C:\Program Files\SearchProtect(2)\Dialogs(2) folder moved successfully.
C:\Program Files\SearchProtect(2)\bin(2) folder moved successfully.
C:\Program Files\SearchProtect(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\ffprotect(2)\SProtectorRepository(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\ffprotect(2)\Dialogs(2)\spsd(2)\images(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\ffprotect(2)\Dialogs(2)\spsd(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\ffprotect(2)\Dialogs(2)\spbd(2)\images(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\ffprotect(2)\Dialogs(2)\spbd(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\ffprotect(2)\Dialogs(2)\lib(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\ffprotect(2)\Dialogs(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\ffprotect(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\Dialogs(2)\spsd(2)\images(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\Dialogs(2)\spsd(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\Dialogs(2)\spbd(2)\images(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\Dialogs(2)\spbd(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\Dialogs(2)\lib(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\Dialogs(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2)\bin(2) folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SearchProtect(2) folder moved successfully.
File C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3067886581-847020557-550397895-1009.job not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 16.0\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Compaq_Owner
->Temp folder emptied: 12902958 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 121868841 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 754 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 129.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06262013_111145
Files\Folders moved on Reboot...
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
This is the log from the Quik Scan, it is also from the Notepad pop up.
OTL logfile created on: 6/26/2013 11:33:44 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
383.48 Mb Total Physical Memory | 115.09 Mb Available Physical Memory | 30.01% Memory free
943.36 Mb Paging File | 507.75 Mb Available in Paging File | 53.82% Paging File free
Paging file location(s): C:\pagefile.sys 600 1200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.41 Gb Total Space | 125.98 Gb Free Space | 69.83% Space Free | Partition Type: NTFS
Drive D: | 5.88 Gb Total Space | 0.87 Gb Free Space | 14.85% Space Free | Partition Type: FAT32
Computer Name: YOUR-F78BF48CE2 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/06/11 19:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/06/04 09:31:40 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/11/10 20:19:14 | 001,130,496 | ---- | M] (Zhorn Software) -- C:\Program Files\Stickies\stickies.exe
PRC - [2011/10/05 10:25:42 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
PRC - [2010/11/18 05:05:07 | 000,862,032 | R--- | M] (Storage Appliance Corp.) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe
PRC - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2004/08/04 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/11 12:15:58 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8eca92a64c232f34b5b559625b022369\System.Xml.Linq.ni.dll
MOD - [2012/10/11 12:15:57 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2012/10/11 12:12:19 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll
MOD - [2012/10/11 12:12:07 | 017,629,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2012/10/11 12:11:40 | 000,721,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\09a97525ae5583cc2685e2c39a3078bd\System.Security.ni.dll
MOD - [2012/10/11 12:11:35 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/10/11 12:11:24 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/10/11 12:11:11 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/10/11 12:11:02 | 013,006,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/10/11 12:10:47 | 001,651,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/10/11 12:10:35 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/10/11 12:10:10 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/10/11 12:09:43 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2011/11/10 20:18:30 | 000,049,152 | ---- | M] () -- C:\Program Files\Stickies\shook70.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/06 00:17:07 | 000,147,493 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll
MOD - [2009/02/06 00:17:07 | 000,094,243 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll
MOD - [2009/02/06 00:17:07 | 000,061,496 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll
MOD - [2009/02/06 00:17:07 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\frext-6750491.dll
MOD - [2009/02/06 00:17:07 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\BWfiles-6750491.dll
MOD - [2009/02/06 00:17:02 | 000,126,976 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\HPClientExt.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/15 13:12:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/21 18:49:03 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Start_Pending] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\intelppm.sys -- (intelppm)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2013/05/20 20:06:25 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/07/12 13:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/04/20 12:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/04/12 12:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 12:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/03/09 10:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/19 14:21:56 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/06/29 13:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/11 18:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/29 17:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLH
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/22 20:26:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks [2010/01/31 19:07:40 | 000,000,000 | ---D | M]
[2009/08/29 18:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2013/06/26 11:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions
[2010/06/12 16:20:39 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2013/06/21 10:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions
[2012/11/29 19:36:49 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 10:58:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 16:20:39 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2013/04/13 21:44:24 | 000,019,225 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\newtabgoogle@graememcc.co.uk.xpi
[2013/06/21 10:53:55 | 000,178,105 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\rapportive@rapportive.com.xpi
[2013/05/21 18:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/21 18:49:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - homepage:
CHR - homepage:
CHR - Extension: No name found = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl(2)\5(2).0_0\
O1 HOSTS File: ([2013/06/09 18:02:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background File not found
O4 - HKCU..\Run: [SacReminderHDDV2N] C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D9CC6F-26E4-4C91-A6EC-9E1BA6683FAC}: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/27 00:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\AutoRun\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\install\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualEnglish\command - "" = K:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualFrench\command - "" = K:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualSpanish\command - "" = K:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell - "" = AutoRun
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell\AutoRun\command - "" = K:\StartClickFreeBackup.exe
O33 - MountPoints2\{a3ee96ed-8aa7-11de-b65c-0013d41842a8}\Shell\AutoRun\command - "" = L:\MI.exe
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/06/25 11:06:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/13 20:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\RK_Quarantine
[2013/06/13 17:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/06/11 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/11 19:39:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2013/06/10 20:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/10 19:13:34 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/06/10 19:13:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\.#
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\WINDOWS
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Shared
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2013/06/09 18:06:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/06/06 11:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/06 11:53:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/05 18:18:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/05 18:18:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/05 18:18:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/05 18:18:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/05 18:18:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/05 18:17:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/06/05 17:24:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/06/05 17:23:19 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/03 19:36:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2013/06/03 11:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/06/02 21:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/06/02 11:57:25 | 000,000,000 | ---D | C] -- C:\8b92052dd8fbc345a9bdf0e9
[2013/05/30 20:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Wildtangent
[2013/05/30 19:57:50 | 000,000,000 | ---D | C] -- C:\d321eb98beeded867b1c1470
[2013/05/28 17:52:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2013/05/28 17:52:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2013/05/28 17:39:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/07/27 17:25:12 | 000,055,296 | ---- | C] (CANON INC.) -- C:\Documents and Settings\Compaq_Owner\cnmss Canon MX310 series Printer (Local).dll
========== Files - Modified Within 30 Days ==========
[2013/06/26 11:30:17 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MX310 series Printer.lnk
[2013/06/26 11:26:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/26 11:26:03 | 402,182,144 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/26 10:25:29 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/25 12:54:11 | 000,007,996 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2013/06/25 12:27:24 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Quik Scan.wps
[2013/06/24 10:52:23 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL 6.wps
[2013/06/22 12:22:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/13 21:06:17 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Rogue Killer ScAN.wps
[2013/06/13 17:41:46 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/06/12 19:15:47 | 000,174,872 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Log 2.wps
[2013/06/11 22:41:37 | 000,082,779 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL log.rtf
[2013/06/11 19:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2013/06/10 11:39:29 | 000,003,592 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/09 18:09:26 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combofix4.5.wps
[2013/06/09 18:02:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/09 13:21:17 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Comvofix 3 log.wps
[2013/06/08 19:06:43 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\comdo fix2.wps
[2013/06/07 20:42:11 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combo fix log.wps
[2013/06/06 11:55:08 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/03 15:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/02 21:22:00 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/02 21:03:44 | 000,503,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/02 21:03:44 | 000,088,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/28 17:45:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
========== Files Created - No Company Name ==========
[2013/06/25 12:27:19 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Quik Scan.wps
[2013/06/24 10:50:48 | 000,184,832 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL 6.wps
[2013/06/13 21:06:14 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Rogue Killer ScAN.wps
[2013/06/11 22:48:14 | 000,174,872 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Log 2.wps
[2013/06/11 22:38:53 | 000,082,779 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL log.rtf
[2013/06/10 19:15:55 | 402,182,144 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/09 18:09:26 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combofix4.5.wps
[2013/06/09 13:21:17 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Comvofix 3 log.wps
[2013/06/08 19:06:43 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\comdo fix2.wps
[2013/06/07 20:42:11 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combo fix log.wps
[2013/06/06 11:55:08 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/05 18:18:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/05 18:18:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/05 18:18:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/05 18:18:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/05 18:18:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/28 17:45:45 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2013/05/28 17:45:42 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2012/12/28 15:00:20 | 000,003,592 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/12 19:54:54 | 000,244,382 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3067886581-847020557-550397895-1009-0.dat
[2012/10/11 21:54:45 | 000,244,382 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/13 12:34:27 | 000,011,058 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\af8798e8
[2011/04/09 21:40:52 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\23Cegp.dat
[2010/10/20 23:15:45 | 000,009,194 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\.recently-used.xbel
[2009/03/14 22:28:40 | 000,007,996 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2009/03/12 21:41:24 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2009/02/05 23:45:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/18 12:20:31 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/12/11 12:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2009/02/12 00:15:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/24 12:35:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/09/25 12:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CraftEdge
[2013/06/26 10:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/09/14 20:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2012/10/09 22:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N
[2009/02/09 00:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/06/10 19:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/15 13:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/08/31 14:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/12/26 21:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/19 18:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/12 19:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/06/10 19:13:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\.#
[2012/12/11 12:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\AVG2013
[2012/04/30 12:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\calibre
[2009/03/13 11:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Canon
[2009/08/26 16:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Clone2Go Video Converter Professional
[2013/05/26 14:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Garmin
[2010/10/20 23:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\inkscape
[2009/02/05 23:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute
[2009/02/09 17:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterVideo
[2009/02/06 12:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2010/08/08 20:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller
[2009/02/22 23:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\NewSoft
[2009/09/14 20:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Nova Development
[2010/01/11 21:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ooVoo Details
[2009/02/05 23:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2010/10/17 21:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Serif
[2013/04/13 21:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Smilebox
[2013/06/26 10:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\stickies
[2013/04/13 21:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SwvUpdater(2)
[2009/03/14 22:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2012/12/11 12:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software
[2009/09/15 13:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Ulead Systems
[2013/05/22 11:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Uniblue
========== Purity Check ==========
< End of report >
QuoteI copied this log from the notepad that popped up after the scan and reboot. Is that OK?
Yes! That is perfect! Thank you! :cheesy:
Give me a moment or 2 to look over the new OTL log before we move on to the SP3 issue.
I don't recall if you ever mentioned that you have the installation discs, or not, just in case they are ever needed. Do you have them?
If you're asking about the Windows Recovery Discs, yes, I have them. I really hope we don't have to use them tho.
I thought oof something that may or may not be significant to the scans I did. I had most of the plugins disabled when I did the scans. Would that make a difference? The computer runs so much better with most of them disabled. Just thought I'd mention it.
The discs that you have, how many are there and what does each disc say on them? Did they come with the computer?
The reason I ask is that when we get to the point of working on the Windows Updates we may come across the need to repair files that might have been damaged when the Uniblue registry cleaner was used, if the program was used.
The plugins being disabled would not make a difference. The tools we use are designed to find the files and will display if they are disabled or not.
Presently we're discussing some files that keep showing up in the logs, past and present. Please do not perform a System Restore. This will undo everything that has been accomplished thus far and we'll have to start over.
Back shortly with further instructions. :) So hang in there, please!
Well, there are 9 total discs, 8 came with the computer and I had to buy a supplemental disc when I did the recovery after trying to install the SP2 and it didn't work. The recovery didn't work either. Thus the supplemental disc. They say "System Recovery Microsoft windows XP Home Edition Service Pack 2 Discs, 1-8.
Hm. Ok. I don't think those 8 discs will help for what I'd like to try though I have a friend I can reach out to that would know for sure. May I please ask what the 9th disc says on it?
Hopefully this is the last time that I have to ask you to run the following fix in OTL for me. We have just a few more files to remove that I think had been restored from the system restore.
- Double click on the (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FComputer%2520Help%2FOTLicon.jpg&hash=6db21fc4deae732f2a139118f47a41c2a6631dd4) to open the program.
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Quote
:Commands
[CREATERESTOREPOINT]
:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes,DefaultScope = {3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLH
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[2013/06/10 19:13:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\.#
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\WINDOWS
[2013/06/10 19:13:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\.#
[2013/05/22 11:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Uniblue
[2012/12/11 12:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software
[emptytemp]
- Make sure all other windows are closed.
- Click the Run Fix button at the top
- Let the program run uninterupted. The computer should reboot when the scan is done. If not, please reboot the computer.
- Post the log that is found in C:\_OTL\Moved Files in your next reply.
- Open OTL again and click the Quick Scan button. Please post the log it produces in your next reply along with the fix log.
Thank you,
Donna :)
The 9th disc says"Compaq Presario PC Supplemental Recovery Disc". I haven't done the scans yet.
:thumbsup: Thanks for the info. I have a feeling that 9th disc is a driver disc.
I'll wait for the scans. No hurry. :)
Here's the Run/Fix scan:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D26BC94-09CF-4C60-B9E3-206E5C0CCB0F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
C:\Documents and Settings\Compaq_Owner\Application Data\.# folder moved successfully.
C:\Documents and Settings\Compaq_Owner\WINDOWS\system folder moved successfully.
C:\Documents and Settings\Compaq_Owner\WINDOWS folder moved successfully.
Folder C:\Documents and Settings\Compaq_Owner\Application Data\.#\ not found.
C:\Documents and Settings\Compaq_Owner\Application Data\Uniblue\SpeedUpMyPC folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Uniblue\Registry Booster2 folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Uniblue folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software\TU2012 folder moved successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\TuneUp Software folder moved successfully.
File ptytemp] not found.
OTL by OldTimer - Version 3.2.69.0 log created on 06282013_115650
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Quik Scan log:
OTL logfile created on: 6/28/2013 12:54:28 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
383.48 Mb Total Physical Memory | 75.77 Mb Available Physical Memory | 19.76% Memory free
943.36 Mb Paging File | 254.84 Mb Available in Paging File | 27.01% Paging File free
Paging file location(s): C:\pagefile.sys 600 1200 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.41 Gb Total Space | 125.93 Gb Free Space | 69.80% Space Free | Partition Type: NTFS
Drive D: | 5.88 Gb Total Space | 0.87 Gb Free Space | 14.85% Space Free | Partition Type: FAT32
Computer Name: YOUR-F78BF48CE2 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/06/11 19:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2013/05/21 18:49:07 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/06/04 09:31:40 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/11/10 20:19:14 | 001,130,496 | ---- | M] (Zhorn Software) -- C:\Program Files\Stickies\stickies.exe
PRC - [2011/10/05 10:25:42 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
PRC - [2010/11/18 05:05:07 | 000,862,032 | R--- | M] (Storage Appliance Corp.) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe
PRC - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2004/08/04 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013/05/21 18:49:02 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/11 12:15:58 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8eca92a64c232f34b5b559625b022369\System.Xml.Linq.ni.dll
MOD - [2012/10/11 12:15:57 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2012/10/11 12:12:19 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll
MOD - [2012/10/11 12:12:07 | 017,629,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2012/10/11 12:11:40 | 000,721,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\09a97525ae5583cc2685e2c39a3078bd\System.Security.ni.dll
MOD - [2012/10/11 12:11:35 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/10/11 12:11:24 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/10/11 12:11:11 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/10/11 12:11:02 | 013,006,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/10/11 12:10:47 | 001,651,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/10/11 12:10:35 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/10/11 12:10:10 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/10/11 12:09:43 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2011/11/10 20:18:30 | 000,049,152 | ---- | M] () -- C:\Program Files\Stickies\shook70.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/06 00:17:07 | 000,147,493 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll
MOD - [2009/02/06 00:17:07 | 000,094,243 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll
MOD - [2009/02/06 00:17:07 | 000,061,496 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll
MOD - [2009/02/06 00:17:07 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\frext-6750491.dll
MOD - [2009/02/06 00:17:07 | 000,024,615 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\BWfiles-6750491.dll
MOD - [2009/02/06 00:17:02 | 000,126,976 | ---- | M] () -- C:\Program Files\Compaq Connections\6750491\Program\HPClientExt.dll
MOD - [2004/08/04 00:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/15 13:12:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/21 18:49:03 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/18 05:05:06 | 000,163,664 | R--- | M] (Storage Appliance Corporation) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacNetAgent.exe -- (SacNetAgentService_C57C4F854F53)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\intelppm.sys -- (intelppm)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2013/05/20 20:06:25 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/07/12 13:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/06 18:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/04/20 12:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/04/12 12:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 12:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/03/09 10:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/19 14:21:56 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/06/29 13:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/11 18:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/07/29 17:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/22 20:26:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks [2010/01/31 19:07:40 | 000,000,000 | ---D | M]
[2009/08/29 18:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2013/06/26 11:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions
[2010/06/12 16:20:39 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\0az38696.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2013/06/21 10:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions
[2012/11/29 19:36:49 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 10:58:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 16:20:39 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}
[2013/04/13 21:44:24 | 000,019,225 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\newtabgoogle@graememcc.co.uk.xpi
[2013/06/21 10:53:55 | 000,178,105 | ---- | M] () (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\gbhvogpj.default\extensions\rapportive@rapportive.com.xpi
[2013/05/21 18:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/21 18:49:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - homepage:
CHR - homepage:
CHR - Extension: No name found = C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl(2)\5(2).0_0\
O1 HOSTS File: ([2013/06/09 18:02:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background File not found
O4 - HKCU..\Run: [SacReminderHDDV2N] C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N\Reminder\SacReminder.exe (Storage Appliance Corp.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D9CC6F-26E4-4C91-A6EC-9E1BA6683FAC}: DhcpNameServer = 192.168.2.1 24.229.54.212 216.144.187.199 204.186.80.229
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/27 00:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\AutoRun\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\install\command - "" = K:\rcaeasyrip_setup.exe
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualEnglish\command - "" = K:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualFrench\command - "" = K:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{043c605b-7e20-11de-b651-0013d41842a8}\Shell\usermanualSpanish\command - "" = K:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell - "" = AutoRun
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0db5fbff-7353-11e0-b969-0013d41842a8}\Shell\AutoRun\command - "" = K:\StartClickFreeBackup.exe
O33 - MountPoints2\{a3ee96ed-8aa7-11de-b65c-0013d41842a8}\Shell\AutoRun\command - "" = L:\MI.exe
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9b408d0-bc63-11d9-842c-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/06/25 11:06:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/13 20:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\RK_Quarantine
[2013/06/13 17:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/06/11 19:53:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/06/11 19:39:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2013/06/10 20:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/10 19:13:34 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Shared
[2013/06/10 19:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2013/06/09 18:06:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/06/06 11:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/06 11:53:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/06/05 18:18:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/06/05 18:18:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/06/05 18:18:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/06/05 18:18:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/06/05 18:18:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/05 18:17:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/06/05 17:24:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/06/05 17:23:19 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/03 19:36:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2013/06/03 11:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/06/02 21:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/06/02 11:57:25 | 000,000,000 | ---D | C] -- C:\8b92052dd8fbc345a9bdf0e9
[2013/05/30 20:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Wildtangent
[2013/05/30 19:57:50 | 000,000,000 | ---D | C] -- C:\d321eb98beeded867b1c1470
[2010/07/27 17:25:12 | 000,055,296 | ---- | C] (CANON INC.) -- C:\Documents and Settings\Compaq_Owner\cnmss Canon MX310 series Printer (Local).dll
========== Files - Modified Within 30 Days ==========
[2013/06/28 12:25:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/28 12:24:28 | 000,001,767 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Canon IJ Status Monitor Canon MX310 series Printer.lnk
[2013/06/28 12:21:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/28 12:21:28 | 402,182,144 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/25 12:54:11 | 000,007,996 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2013/06/25 12:27:24 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Quik Scan.wps
[2013/06/24 10:52:23 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL 6.wps
[2013/06/22 12:22:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/13 21:06:17 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Rogue Killer ScAN.wps
[2013/06/13 17:41:46 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/06/12 19:15:47 | 000,174,872 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Log 2.wps
[2013/06/11 22:41:37 | 000,082,779 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL log.rtf
[2013/06/11 19:39:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2013/06/10 11:39:29 | 000,003,592 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/09 18:09:26 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combofix4.5.wps
[2013/06/09 18:02:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/06/09 13:21:17 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Comvofix 3 log.wps
[2013/06/08 19:06:43 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\comdo fix2.wps
[2013/06/07 20:42:11 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combo fix log.wps
[2013/06/06 11:55:08 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/03 15:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/02 21:22:00 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/02 21:03:44 | 000,503,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/02 21:03:44 | 000,088,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2013/06/25 12:27:19 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Quik Scan.wps
[2013/06/24 10:50:48 | 000,184,832 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL 6.wps
[2013/06/13 21:06:14 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Rogue Killer ScAN.wps
[2013/06/11 22:48:14 | 000,174,872 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL Log 2.wps
[2013/06/11 22:38:53 | 000,082,779 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\OTL log.rtf
[2013/06/10 19:15:55 | 402,182,144 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/09 18:09:26 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combofix4.5.wps
[2013/06/09 13:21:17 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Comvofix 3 log.wps
[2013/06/08 19:06:43 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\comdo fix2.wps
[2013/06/07 20:42:11 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\My Documents\Combo fix log.wps
[2013/06/06 11:55:08 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/05 18:18:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/06/05 18:18:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/06/05 18:18:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/06/05 18:18:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/06/05 18:18:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/12/28 15:00:20 | 000,003,592 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/12 19:54:54 | 000,244,382 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3067886581-847020557-550397895-1009-0.dat
[2012/10/11 21:54:45 | 000,244,382 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/13 12:34:27 | 000,011,058 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\af8798e8
[2011/04/09 21:40:52 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\23Cegp.dat
[2010/10/20 23:15:45 | 000,009,194 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\.recently-used.xbel
[2009/03/14 22:28:40 | 000,007,996 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2009/03/12 21:41:24 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2009/02/05 23:45:11 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/18 12:20:31 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 00:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/12/11 12:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2009/02/12 00:15:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/24 12:35:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/09/25 12:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CraftEdge
[2013/06/28 10:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/09/14 20:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2012/10/09 22:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardianV2N
[2009/02/09 00:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/06/10 19:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/15 13:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/08/31 14:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/12/26 21:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/19 18:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/12 19:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/12/11 12:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\AVG2013
[2012/04/30 12:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\calibre
[2009/03/13 11:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Canon
[2009/08/26 16:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Clone2Go Video Converter Professional
[2013/05/26 14:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Garmin
[2010/10/20 23:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\inkscape
[2009/02/05 23:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute
[2009/02/09 17:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterVideo
[2009/02/06 12:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2010/08/08 20:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MSNInstaller
[2009/02/22 23:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\NewSoft
[2009/09/14 20:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Nova Development
[2010/01/11 21:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ooVoo Details
[2009/02/05 23:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2010/10/17 21:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Serif
[2013/04/13 21:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Smilebox
[2013/06/28 10:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\stickies
[2013/04/13 21:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SwvUpdater(2)
[2009/03/14 22:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2009/09/15 13:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Ulead Systems
========== Purity Check ==========
< End of report >
Hi mare_wbpa,
The logs look really good! You did a great there. Now the fun begins!
Let's remove all the tools that have been used here, flush your restore points and create a new for you.
To uninstall Combofix:
- Double-click OTL (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FComputer%2520Help%2FOTLicon.jpg&hash=6db21fc4deae732f2a139118f47a41c2a6631dd4) to start the program.
- Copy and paste the following text below into the Custom Scans/Fixes box at the bottom of OTL.
Quote
:Commands
[ClearAllRestorePoints]
- Then click the Run Fix button.
- Allow the program run uninterrupted. When finished click on OK and close the log that appears.
- Note: I do not need to review the log produced.
- Now close all other programs apart from OTL as this step will require a reboot.
- On the OTL main screen, press the (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi982.photobucket.com%2Falbums%2Fae307%2FQuasar516%2FComputer%2520Help%2FCleanUpButtonOTL.jpg&hash=2f46b158a4cd2c63b157cfee217ee653e8924410) button.
- Say Yes to the prompt and then allow the program to reboot your computer.
The above process will flush old System Restore Points and create a new, clean one as well as uninstalling the tools used in this process including OTL itself.
Next:Please do the following to uninstall AdwCleaner.
- Double-click AdwCleaner.exe to run the tool.
- Click the Uninstall button as shown below.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fi1211.photobucket.com%2Falbums%2Fcc438%2Fdonnajb3%2FAdwCleaneruninstall1_zpsd90d7d15.jpg&hash=a14cee672be6a0acde58d725ba0a0481763f56bd) (http://s1211.photobucket.com/user/donnajb3/media/AdwCleaneruninstall1_zpsd90d7d15.jpg.html)
- Confirm with yes
AdwCleaner will now be uninstalled.
Next:To uninstall Combofix:
- Click Start > Run and type combofix /uninstall in the Run box.
- Press Enter
This will remove Combofix from your computer.
Next:To uninstall JRT (Junkware Removal Tool):
Right click and choose
DeleteAt this time, please delete any logs on your desktop and those found on your
C:\ drive.
When you are finished uninstalling the tools that were used, we'll begin on the Windows Updates issues. Let me know when you're finished and we'll proceed. :)
I uninstalled OTL and Adwcleaner. When I tried to uninstall combofix as per instructions I get a pop-up box saying that combofix can't be found, check that it is typed correctly and try again. I tried several times with the slash in both directions, no go. I stopped there. Will continue when I get next set of instructions. Thanks again for taking all this time to help me.
QuoteWhen I tried to uninstall combofix as per instructions I get a pop-up box saying that combofix can't be found, check that it is typed correctly and try again.
That's fine. OTL CleanUp obviously removed CombFix for us. Now. let's see what we can do about getting SP3 installed.
Next:
Please download
Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe) to
your desktop.
Double click the desktop icon and do the following:
Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defenders
- Other Services
Press "
Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Just want to be sure b4 I do anything to mess up what we've already done. The Combofix logo is still on the desktop, while the OTL and Adwcleaner logos/shortcuts are gone. Would that still be there if it was removed by OTL cleanup?
Quick question ... when you tried to uninstall Combofix, did you include the space between "combofix" and "/uninstall" when you typed it into the Run box? If you copy/pasted the instructions then the space would have been inserted and there is something else going on ...
You're right on Winchester73. When I typed it in I didn't leave a space. I copied and pasted from the email and I didn't get the previous message. Something ran, don't know if Combofix uninstalled tho. When the Combofix box came up, another box also popped up asking if I want to update to a newer version. I clicked "no" and let it run, but uninstall did not appear anywhere, the logo is still on the desktop and nothing came up to say that the uninstall was successful.
There is no "uninstall" like you see with other programs when removing ComboFix. Go ahead and follow the removal instructions again.
Click Start > Run and copy/paste the following bold text into the Run box and click OK:
ComboFix /Uninstall
If you're still having trouble uninstalling Combofix, please do the following:
- Delete the current copy of ComboFix on your desktop.
- Download a fresh copy from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your desktop.
- Click Start > Run and type combofix /uninstall in the Run box.
- Press Enter
Please keep us informed. :)
I finally got Combofix uninstalled w/o having to install another one. I deleted all the logs I could find on the desktop. How do I get them off the C: drive. I know, it's a dumb question, one I shouldn't have to ask.
The instructions Donna provided is the best way since there are files that ComboFix includes that you wouldn't know by name.
It's also less risky than trying to manually delete the files and ending up with a new doorstop or plant stand instead of a computer :D
FSS log:
Farbar Service Scanner Version: 27-06-2013
Ran by Compaq_Owner (administrator) on 02-07-2013 at 11:04:40
Running from "C:\Documents and Settings\Compaq_Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2009-01-29 01:54] - [2008-08-14 05:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702
C:\WINDOWS\system32\Drivers\netbt.sys
[2009-01-29 01:09] - [2004-08-04 00:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\system32\Drivers\tcpip.sys
[2009-01-29 01:12] - [2008-06-20 06:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9
C:\WINDOWS\system32\Drivers\ipsec.sys
[2009-01-29 01:08] - [2004-08-04 00:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\system32\dnsrslvr.dll
[2009-01-29 01:07] - [2004-08-04 00:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D
C:\WINDOWS\system32\ipnathlp.dll
[2009-01-29 01:08] - [2004-08-04 00:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF
C:\WINDOWS\system32\netman.dll
[2009-01-29 01:09] - [2004-08-04 00:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-01-29 01:13] - [2004-08-04 00:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E
C:\WINDOWS\system32\srsvc.dll
[2009-01-29 01:11] - [2004-08-04 00:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838
C:\WINDOWS\system32\Drivers\sr.sys
[2009-01-29 01:11] - [2004-08-04 00:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24
C:\WINDOWS\system32\wscsvc.dll
[2009-01-29 01:13] - [2004-08-04 00:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2009-01-29 01:13] - [2004-08-04 00:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E
C:\WINDOWS\system32\wuauserv.dll
[2009-01-29 01:13] - [2004-08-04 00:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8
C:\WINDOWS\system32\qmgr.dll
[2009-01-29 01:10] - [2004-08-04 00:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA
C:\WINDOWS\system32\es.dll
[2009-01-29 01:08] - [2008-07-07 16:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C
C:\WINDOWS\system32\cryptsvc.dll
[2009-01-29 01:06] - [2004-08-04 00:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B
C:\WINDOWS\system32\svchost.exe
[2009-01-29 01:11] - [2004-08-04 00:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\system32\rpcss.dll
[2009-01-29 01:10] - [2009-02-09 06:20] - 0399360 ____A (Microsoft Corporation) 01095FEBF33BEEA00C2A0730B9B3EC28
C:\WINDOWS\system32\services.exe
[2009-01-29 01:10] - [2009-02-06 13:14] - 0110592 ____A (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE
Extra List:
=======
Avgtdix(10) fssfltr(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0A00000004000000010000000200000003000000090000000A00000005000000060000000700000008000000
IpSec Tag value is correct.
**** End of log ****
Geesh! I'm sorry for the delay. Every time I go to respond to anything online today my connection crashes. My satellite connection goes whacky on my me when the sky is overcast.
You didn't try reinstalling the patch for the AMD Processor as mentioned in post (http://www.landzdown.com/analysis-and-malware-removal/warning-boxes-popping-up-computer-to-become-non-responsive-and-fre/msg161076/#msg161076), did you?
If not, let's try resetting the Windows Update components to see if that makes a difference. Link found below:
How do I reset Windows Update components? (http://support.microsoft.com/kb/971058)
You should receive a popup window that includes an MS Fix It. Just click on the green Run Now button in the lower left.
Try Windows Updates again.
No, I didn't install the patch. Are you talking about trying to install SP3 after running the fixit?
Yes. Please try to install SP3 thereafter.
I saved the fix-it to my desktop. I double clicked on it, box popped up telling me that I need SP3 to run it. I click on "install from Windows Updates". Page says I need to be running IE 5 or later. I close Firefox and open IE, I have version 8. I click on "install from Windows Updates" again, it sends me to the same page telling me I need IE5, I click on Microsoft Download Center. Click to Download SP3 and it just sends me back to the page telling me that I need IE5 and how to update using Automatic Updates, which has been set on auto.
Ok, mare. I'm not sure if this is a hardware or software problem. Let's check your harddrive for inconsistencies first,
Please do the following: (please note: this may take a while to complete)
- Click on Start > Run and type in cmd
- Press Enter
- In the Command Prompt window type chkdsk c:/r and press Enter.
Please Note the space between k c:/r
- The next dialog box will now show the following:
Chkdsk cannot run because the volume is in use by another
process. Would you like to schedule this volume to be
checked the next time the system restarts? <Y/N>
- Type Y and reboot the computer.
- Checkdisk will start once the computer reboots. It can take up to an hour or more to complete as it goes through the stages. Allow it to run uninterrupted till complete.
To find the log that is produced please do the following:Please download ListChkdskResult (https://dl.dropboxusercontent.com/u/12354842/My%20Tools/ListChkdskResult.exe) by SleepyDude to the desktop.
- Double click on the icon and click Run
- The log will appear on your desktop as a .txt file and the notepad will open.
Please copy and paste the results in your next reply.
Thank you,
Donna :)
Before I proceed to your last instructions I thought it might be worth mentioning that my antivirus blocked a threat. It was Exploit Invisible iFrame Injection (type1707).
Do you recall which webpage you were visiting that produced this alert? If you know for sure it is a safe webpage, you can report that to AVG here (http://www.avg.com/ww-en/page-rating-report) so they can correct the issue.
Otherwise, it is safe to proceed. :thumbsup:
Sorry I took so long.
ListChkdskResult by SleepyDude v0.1.6 Beta | 17-06-2013
------< Log generate on 7/7/2013 2:11:32 PM >------
Category: 0
Computer Name: YOUR-F78BF48CE2
Event Code: 1001
Record Number: 21714
Source Name: Winlogon
Time Written: 20130707132017.000000-240
Event Type: information
User:
Message: Checking file system on C:
The type of the file system is NTFS.
Volume label is PRESARIO.
A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 7815 unused index entries from index $SII of file 0x9.
Cleaning up 7815 unused index entries from index $SDH of file 0x9.
Cleaning up 7815 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.
189173879 KB total disk space.
43772604 KB in 104476 files.
45388 KB in 14596 indexes.
0 KB in bad sectors.
379271 KB in use by the system.
65536 KB occupied by the log file.
144976616 KB available on disk.
4096 bytes in each allocation unit.
47293469 total allocation units on disk.
36244154 allocation units available on disk.
Internal Info:
40 3f 03 00 2c d1 01 00 87 96 02 00 00 00 00 00 @?..,...........
ce 38 00 00 04 00 00 00 b6 24 00 00 00 00 00 00 .8.......$......
8c 0d db 03 00 00 00 00 b8 0a 77 43 00 00 00 00 ..........wC....
50 6d ce 64 00 00 00 00 5c 49 65 19 04 00 00 00 Pm.d....\Ie.....
64 10 fc 0a 07 00 00 00 4a 34 52 d8 0b 00 00 00 d.......J4R.....
99 9e 36 00 00 00 00 00 28 3e 07 00 1c 98 01 00 ..6.....(>......
00 00 00 00 00 f0 aa 6f 0a 00 00 00 04 39 00 00 .......o.....9..
Windows has finished checking your disk.
Please wait while your computer restarts.
-----------------------------------------------------------------------
Ok. mare,
Let's do a system file checker.
- Open an elevated command prompt by right clicking on the command prompt and choosing Run as administrator.
- In the elevated command prompt, type sfc /scannow and press Enter. Please note the space between sfc /. <--Very Important
- This may take a little bit of time to finish so your patience will be needed.
- When the scan is complete, open another elevated command prompt and copy and paste the following command, then press Enter.
findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
- This will place a sfcdetails.txt file on your desktop with only the SFC scan result details from the CBS.LOG in it.
- Please copy and paste the results in your next reply.
Do you mean to start up in safe mode with command prompt? There is a command prompt on my start menu right now, but when I right click on that, there is no option to run as administrator.
Oh my goodness! I am so sorry. Those are instructions for Vista and above. Please accept my apologies. Here are the instructions for XP. Go ahead and run the sfc scan with the instructions below and in the meantime I'd like to look and make sure that the 2nd command will export the sfcdetails.txt to the desktop.
- Open a command prompt and type sfc /scannow and press Enter.
Please note the space between sfc /. <--Very Important
- This may take a little bit of time to finish so your patience will be needed.
- When the scan is complete, open another elevated command prompt and copy and paste the following command, then press Enter.
findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"
- This will place a sfcdetails.txt file on your desktop with only the SFC scan result details from the CBS.LOG in it.
- Please copy and paste the results in your next reply.
Ok mare_wbpa. I just spoke with a friend of mine. He's my go to guy that answers all my questions concerning XP and he verified my thoughts for me.
For one thing, the command above that I gave you to export the sfcdetails.txt log will not work on XP since XP does not have a C:\Windows\Logs\CBSlog folder. Only Vista and above do.
When you go to type sfc /scannow into the command prompt and click Enter, if there are any corrupt files, you will be asked to insert your CD into the drive, the discs that you have can not be used. You will need a Retail or OEM disc to do this. Your recovery discs will not work since they are just an image.
Unfortunately, the only other option is to reinstall.
My question is how do I get to "Command Prompt"?
Go to Start > All Programs > Accessories and you should be able to find Command Prompt in the list.
Look for the little black window with C:\ inside it. :)
I copied and pasted the scannow, so the spacing was right. I just pasted that in the command prompt, not elevated. It ran, I didn't get a message to insert disc. I then opened the command prompt and right clicked to run as administrator but there wasn't a selection for that. I tried to just paste into the command prompt without rt clicking and got a message after clicking enter that said "cannot open C:\windows\logs\CBS\CBS.log"
QuoteI copied and pasted the scannow, so the spacing was right. I just pasted that in the command prompt, not elevated. It ran, I didn't get a message to insert disc.
That's good. Unfortunately, Windows XP does not generate a log for me to view to see if there were any files replaced, etc.
QuoteI then opened the command prompt and right clicked to run as administrator but there wasn't a selection for that. I tried to just paste into the command prompt without rt clicking and got a message after clicking enter that said "cannot open C:\windows\logs\CBS\CBS.log"
Please ignore that. I had to correct myself above. I posted the instructions for the Vista OS and above. There was no CBS folder till Vista came along. That's why it couldn't be opened.
Did I miss a step, or or have we come to the end of what can be done?
No. You didn't miss a step. You've done a great job helping us to help you this far! The LzD team and I are discussing possible possibilities here. XP update issues can not be approached the same way updates for Windows Vista, Win7, and Win8 can.
I'm presently going back over this thread with a fine toothed comb to get an idea where the update issue began. From my understanding you had a problem with installing SP2, correct?
Before I say anymore, please allow me time to review the whole thread.
Yes, I had a huge problem after trying to install SP2. I can't exactly remember how it acted but it led to the complete recovery. I believe that was in 2009.
I'm sorry if you thought I was rushing you. I'm just grateful that you're still with me after all this time. It's wonderful of you and the team. I'm on your timetable. I'll try to be ready whenever you are. I just wanted to be sure that I did everything I was supposed to do up til now.
No, no. Not to worry. I do feel badly that this is taking so long to resolve. Honestly, you could have had the OS reinstalled by this time, though I know what a pain it is to do so and we're trying the best we can to eliminate that possibility. You're patience is very much appreciated.
Some folks say that reliving the past isn't good, though I firmly believe that understanding what happened in the past might resolve future issues.
XP SP3 was released for download through the Microsoft Download Center and Windows Update on May 6, 2008.
Many questions:
Do you know if those recovery discs you used have any SP's on them at all?
When you reinstalled, sometime in 2009, do you recall if SP1 (1a) and SP2 was offered through Windows Updates or did you have to download and instal them manually?
Back to researching I go..... :)
The discs are labeled System Recovery, Microsoft Windows XP Home Edition Service Pack 2. Your 2nd question is a bit confusing. When I tried to install the SP3 originally I think (not sure) it was a download. That lead to my computer malfunctioning on a major level. I don't recall what it was doing, but it must have been all but unusable, if not totally unusable, for me to do the recovery. I had the recovery discs, but when I did that, there came a point where it called for a disc that I didn't have, (the supplemental disc) which I had to buy from MS. As far as SP1, I just assumed that I had that before I tried to install SP2. I'm sorry I can't remember more specifics.
mare,
Could you please tell me what is written on the supplemental disc?
Compaq Presario PC Supplemental Recobery Disc. There is some small print saying that it can be used only with the Compaq PC, the rest is just small print re copyright etc.
Team, while there seems to be a lull, I hope you don't mind if I ask a question about another computer. I also hope that it just requires a yes or no, if it's any more detailed, it will be taken to be repaired by a pro.
My teenaged niece has an HP laptop with either Vista or Windows 7. She got a new computer last Christmas and just left the old one sitting. She wants to give the old one to her cousin but forgot the password. I was trying to bypass the password using a procedure I found on Youtube. In the process I inadvertantly deleted sethc in the system 32 folder/file. The only question I have is: Would a complete system recovery solve the problem, is it completely shot, or does it need to go to a professional? I guess that's more than yes or no. Thanks.
My dear. You can ask all the questions your little heart desires!
The answer is yes and since she is getting rid of it, restoring the computer back to factory condition is the best thing to do. It will wipe the drive of all her data and leave it in a fresh out if the box condition. Will she be the one restoring to factory condition or will you be the one? There will be a few questions that needed to be answered before the process being, so, if you'd like to start a thread in the Computer Problems, Questions and Solutions (http://www.landzdown.com/computer-problems-questions-and-solutions!/) we'd be more than happy to help.
I do apologize for your wait. I have had family from out of town show up on my doorstep. Why they wait till the last minute to surprise me, I have no idea. I finally showed them out my door (nicely though) and will be looking to see what can be done about your XP and trying to get SP3 installed.
I hope to post back later this evening. Than you for your patience. :)
Hi mare_wbpa,
Please look to see if you can find the following on your C:\ drive
C:\Windows\svcpack.log
If it is found, please open the log then copy and paste the contents in your next post.
OK, I got this by copying and pasting the above into Run. It's very, very long. I'm going to try to put it into several replies.
[svcpack.log]
74.141: ================================================================================
74.156: 2013/03/26 10:43:31.015 (local)
74.156: C:\WINDOWS\SoftwareDistribution\Download\b3e9e7327f38776a4eeeb084da3eff5a\update\update.exe (version 6.3.13.0)
80.250: Service Pack started with following command line: /si /ParentInfo:efcb500e0f72b041b72a1c9429915f8e
80.500: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
80.750: Return Value From OnACPower = 1
80.750: OnACPower returned value( 0x1 ) which is Equal To 0x1
80.750: Condition succeeded for section OnACPower.Section in Line 1 of PreRequisite
80.750: SOFTWARE\Microsoft\Shared Computer Toolkit is not Present
80.750: Condition succeeded for section SharedComputerTool.Section in Line 2 of PreRequisite
80.875: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB925877 is not Present
80.875: First Condition in RDPMUI.Section Succeeded
80.875: Condition succeeded for section RDPMUI.Section in Line 3 of PreRequisite
80.875: SYSTEM\WPA\Fundamentals is not Present
80.875: First Condition in Winflp.Section Succeeded
80.875: Condition succeeded for section Winflp.Section in Line 4 of PreRequisite
80.875: SYSTEM\WPA\WEPOS is not Present
80.875: First Condition in WEPOS.Section Succeeded
80.875: Condition succeeded for section WEPOS.Section in Line 5 of PreRequisite
80.875: SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center is not Present
80.875: First Condition in MediaCenter.FreeStyleBlock.Section Succeeded
80.875: Condition succeeded for section MediaCenter.FreeStyleBlock.Section in Line 6 of PreRequisite
397.703: DoInstallation: CleanPFR failed: 0x2
397.781: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
397.828: SetProductTypes: InfProductBuildType=BuildType.IC
397.938: SetAltOsLoaderPath: No section uses DirId 65701; done.
399.891: IncludeDirectoryIdFromInfSection: No DirId found for: DontRemoveOnUninst.DirId
400.188: SupplicantMode is Not Present
400.188: Fist Condition in Dot3svc.CheckSupplicantMode.Enabled Failed
400.188: Condition Check for Line 1 of Dot3svc.Automatic.ExtendedConditional returned FALSE
400.188: SupplicantMode is Not Present
400.188: First Condition in Dot3svc.CheckSupplicantMode.NotEnabled Succeeded
400.188: Condition succeeded for section Dot3svc.CheckSupplicantMode.NotEnabled in Line 1 of Dot3svc.Manual.ExtendedConditional
400.266: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ToGac.exe is Not Present
400.266: Condition Check for Line 1 of ToGac.RunProcess.ExtendedConditional returned FALSE
400.360: FileVersion of C:\WINDOWS\system32\ntoskrnl.exe is Greater or Equal To 5.1.2600.2180
400.360: Condition Check for Line 1 of DEP.RunProcess.ExtendedConditional returned FALSE
400.360: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7 is Present
400.360: Condition succeeded for section IE7.AdditionalSettings.UninstallExists.Condition.Section in Line 1 of IE7.AdditionalSettings.Registry.ExtendedConditional
400.360: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie8 is Present
400.360: Condition succeeded for section IE8.AdditionalSettings.UninstallExists.Condition.Section in Line 1 of IE8.AdditionalSettings.Registry.ExtendedConditional
400.360: N is Not Present
400.360: Condition Check for Line 1 of N.And.WMP.ExtendedConditional.Common returned FALSE
400.360: Windows Media Player is Present
400.360: SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures\Windows Media Player is Not Equal To Specified Value
400.360: Second Condition in Non.KN.WMP.Condition.Section Succeeded
400.360: C:\WINDOWS\system32\wmp.dll is Present
400.531: FileVersion of C:\WINDOWS\system32\wmp.dll is Greater or Equal To 10.0.0.0
400.531: Condition Check for Line 1 of WMP.ExtendedConditional.Common returned FALSE
400.531: Installed is Present
400.531: SYSTEM\WPA\Starter\Installed is Not Equal To Specified Value
400.531: Second Condition in Non.Starter.Check.Condition Succeeded
400.531: Condition succeeded for section Non.Starter.Check.Condition in Line 1 of Non.Starter.ExtendedConditional.MSXML6
400.578: SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center is not Present
400.578: Fist Condition in MediaCenter.Condition.Section Failed
400.578: Condition Check for Line 1 of MediaCenter.ExtendedConditional returned FALSE
400.578: SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center is not Present
400.578: Fist Condition in MediaCenter.Condition.Section Failed
400.578: Condition Check for Line 1 of MediaCenter.CopyAlways.ExtendedConditional returned FALSE
400.578: Windows Media Player is Present
400.578: SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures\Windows Media Player is Not Equal To Specified Value
400.578: Second Condition in Non.KN.WMP.Condition.Section Succeeded
400.578: Windows Messenger is Not Present
400.578: First Condition in Non.KN.WM.Condition.Section Succeeded
400.578: Condition succeeded for section Non.KN.Condition.Section in Line 1 of Non.KN.Help.ExtendedConditional.Personal
400.610: SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB886540 is not Present
400.610: First Condition in Non.WMP.Restore.Condition.Section Succeeded
400.610: N is Not Present
400.610: Fist Condition in N.FileOp.Condition.Section Failed
400.610: Condition Check for Line 1 of N.Help.ExtendedConditional.Personal returned FALSE
400.610: KWebLinks is Not Present
400.610: Fist Condition in K.Condition.Section Failed
400.610: Condition Check for Line 1 of K.ExtendedConditional.Personal returned FALSE
400.610: N is Not Present
400.610: Condition Check for Line 1 of N.Restore.Help.ExtendedConditional.Personal returned FALSE
400.610: SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures\Windows Media Player is Not Equal To Specified Value
400.610: Fist Condition in KN.Condition.Section Failed
400.610: Condition Check for Line 1 of KN.Help.ExtendedConditional.Personal returned FALSE
400.610: N is Not Present
400.610: Condition Check for Line 1 of N.And.WMP.ExtendedConditional.Personal returned FALSE
400.610: Windows Media Player is Present
400.610: SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures\Windows Media Player is Not Equal To Specified Value
400.610: Second Condition in Non.KN.WMP.Condition.Section Succeeded
400.610: C:\WINDOWS\system32\wmp.dll is Present
400.610: FileVersion of C:\WINDOWS\system32\wmp.dll is Greater or Equal To 10.0.0.0
400.610: Condition Check for Line 1 of WMP.ExtendedConditional.Personal returned FALSE
400.610: Installed is Present
400.610: SYSTEM\WPA\Starter\Installed is Not Equal To Specified Value
400.610: Second Condition in Starter.Check.Condition Failed
400.610: Condition Check for Line 1 of Starter.ExtendedConditional.Personal returned FALSE
400.656: C:\Program Files\internet explorer\iexplore.exe is Present
400.735: FileVersion of C:\Program Files\internet explorer\iexplore.exe is Greater or Equal To 7.0.0000.0000
400.735: Second Condition in IE.AdditionalSettings.LessThan7.Condition.Section Failed
400.735: Condition Check for Line 1 of IE.AdditionalSettings.ExtendedConditional.Personal returned FALSE
400.735: N is Not Present
400.735: Condition succeeded for section Non.NKN.Check.Condition in Line 1 of Non.NKN.ExtendedConditional.Personal
400.735: Windows Messenger is Not Present
400.735: First Condition in Non.KN.WM.Condition.Section Succeeded
400.750: Return Value From IsWMUpgradeable = 1
400.750: IsWMUpgradeable returned value( 0x1 ) which is Equal To 0x1
400.750: First Condition in WM.Upgrade.Condition.Section Succeeded
400.750: Condition succeeded for section KN.Or.WM.Restore.Condition.Section in Line 1 of WM.ExtendedConditional.Personal
402.844: DoInstallation:UpdSpOpenInfFile for OldUninstallInf file C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.inf not found: 0x3
402.844: CreateUninstall = 1,Directory = C:\WINDOWS\$NtServicePackUninstall$
407.938: Conditional load of section MSN.Block.Condition succeeded
407.938: CheckRegistryValue: RegOpenKeyEx for SOFTWARE\Microsoft\Active Setup\Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24} KeyName failed :0x2
407.953: CheckRegistryValue: Registry - Inf integer values mismatch
408.313: ref tag c:\windows\driver cache\i386\sp1.cab does not exist
408.313: ref tag c:\windows\servicepackfiles\i386\sp1.cab does not exist
408.328: ref tag c:\windows\servicepackfiles\i386\sp2.cab does not exist
408.328: ref tag c:\windows\driver cache\i386\sp3.cab does not exist
408.328: ref tag c:\windows\servicepackfiles\i386\sp3.cab does not exist
408.656: Starting AnalyzeComponents
408.656: AnalyzePhaseZero used 0 ticks
408.656: No C:\WINDOWS\SoftwareDistribution\Download\b3e9e7327f38776a4eeeb084da3eff5a\update\updtblk.inf file.
420.281: Failed to query DriverPath of PCI\VEN_1039&DEV_0180&SUBSYS_2A04103C&REV_01\3&61AAA01&0&28 0x2
421.281: Failed to query DriverPath of PCI\VEN_1039&DEV_5513&SUBSYS_2A04103C&REV_01\3&61AAA01&0&15 0x2
428.516: Failed to query DriverPath of PCIIDE\IDECHANNEL\4&3613621D&0&0 0x2
428.703: Failed to query DriverPath of PCIIDE\IDECHANNEL\4&6B49737&0&1 0x2
428.922: Failed to query DriverPath of ROOT\LEGACY_AFD\0000 0x2
428.922: Failed to query DriverPath of ROOT\LEGACY_ARP1394\0000 0x2
428.922: Failed to query DriverPath of ROOT\LEGACY_AVGTDIX\0000 0x2
428.922: Failed to query DriverPath of ROOT\LEGACY_BEEP\0000 0x2
428.922: Failed to query DriverPath of ROOT\LEGACY_DMBOOT\0000 0x2
428.922: Failed to query DriverPath of ROOT\LEGACY_DMLOAD\0000 0x2
428.922: Failed to query DriverPath of ROOT\LEGACY_FASTTX2K\0000 0x2
428.922: Failed to query DriverPath of ROOT\LEGACY_FIPS\0000 0x2
428.922: Failed to query DriverPath of ROOT\LEGACY_FSSFLTR\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_GPC\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_HTTP\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_IPNAT\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_IPSEC\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_KSECDD\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_MNMDD\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_MOUNTMGR\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_NDIS\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_NDISTAPI\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_NDISUIO\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_NDPROXY\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_NETBT\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_NULL\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_PARTMGR\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_PARVDM\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_RASACD\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_RDPCDD\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_TCPIP\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_VGASAVE\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_VOLSNAP\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_WANARP\0000 0x2
428.938: Failed to query DriverPath of ROOT\LEGACY_WUDFPF\0000 0x2
452.828: OEM file scan used 44172 ticks
501.750: c:\windows\system32\drivers\sisnic.sys is in the list of oem drivers...skipping copy!
597.141: AnalyzePhaseOne: used 188485 ticks
597.141: AnalyzeComponents: Hotpatch analysis disabled; skipping.
597.141: AnalyzeComponents: Hotpatching is disabled.
597.156: FindFirstFile c:\windows\$hf_mig$\*.*
603.641: Analyzing Devices...
603.641: Enumerating Devices of hidclass, GUID {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
603.735: Enumerating Devices of USB, GUID {36FC9E60-C465-11CF-8056-444553540000}
603.797: Skip Oem Device USB\VID_0403&PID_6001\5&45E68E4&0&3
603.797: Skip Oem Device USB\VID_05AC&PID_1266\000A2700226F3068
603.797: Skip Oem Device USB\VID_05AC&PID_12A0\387E12DE6D28DBC370058813AEC10077D6786BA5
603.813: Enumerating Devices of keyboard, GUID {4d36e96b-e325-11ce-bfc1-08002be10318}
603.875: Skip Oem Device ACPI\PNP0303\3&61AAA01&0
603.875: Enumerating Devices of bluetooth, GUID {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
603.922: Enumerating Devices of DiskDrive, GUID {4D36E967-E325-11CE-BFC1-08002BE10318}
603.985: Enumerating Devices of display, GUID {4d36e968-e325-11ce-bfc1-08002be10318}
604.047: Skip Oem Device PCI\VEN_1039&DEV_6330&SUBSYS_2A06103C&REV_00\4&1C526AC9&0&0008
604.047: Enumerating Devices of displaycodec, GUID {e6abb47d-8339-4c60-be92-e9045ff5a33d}
604.094: Enumerating Devices of HIDClass, GUID {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
604.141: Enumerating Devices of media, GUID {4d36e96c-e325-11ce-bfc1-08002be10318}
604.172: Skip Oem Device PCI\VEN_1039&DEV_7012&SUBSYS_2A05103C&REV_A0\3&61AAA01&0&17
604.172: Enumerating Devices of Modem, GUID {4D36E96D-E325-11CE-BFC1-08002BE10318}
604.219: Skip Oem Device PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\3&61AAA01&0&50
604.219: Enumerating Devices of net, GUID {4d36e972-e325-11ce-bfc1-08002be10318}
604.266: Skip Oem Device PCI\VEN_1039&DEV_0900&SUBSYS_2A04103C&REV_90\3&61AAA01&0&20
604.266: Enumerating Devices of ports, GUID {4d36e978-e325-11ce-bfc1-08002be10318}
604.313: Enumerating Devices of Processor, GUID {50127DC3-0F36-415e-A6CC-4CB3BE910B65}
604.344: Skip Oem Device ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_12\_0
604.344: Enumerating Devices of sdbus, GUID {a0a588a4-c46f-4b37-b7ea-c82fe89870c6}
604.391: Enumerating Devices of System, GUID {4D36E97D-E325-11CE-BFC1-08002BE10318}
604.469: Enumerating Devices of Unknown, GUID {4D36E97E-E325-11CE-BFC1-08002BE10318}
604.516: Enumerating Devices of USB, GUID {36FC9E60-C465-11CF-8056-444553540000}
604.563: Skip Oem Device USB\VID_0403&PID_6001\5&45E68E4&0&3
604.563: Skip Oem Device USB\VID_05AC&PID_1266\000A2700226F3068
604.563: Skip Oem Device USB\VID_05AC&PID_12A0\387E12DE6D28DBC370058813AEC10077D6786BA5
604.563: AnalyzeDevices used 922 ticks
629.313: AnalyzePhaseTwo used 24750 ticks
629.328: AnalyzePhaseThree used 15 ticks
629.328: Analyzing Devices...
629.328: Enumerating Devices of hidclass, GUID {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
629.391: Enumerating Devices of USB, GUID {36FC9E60-C465-11CF-8056-444553540000}
629.453: Skip Oem Device USB\VID_0403&PID_6001\5&45E68E4&0&3
629.453: Skip Oem Device USB\VID_05AC&PID_1266\000A2700226F3068
629.453: Skip Oem Device USB\VID_05AC&PID_12A0\387E12DE6D28DBC370058813AEC10077D6786BA5
629.453: Enumerating Devices of keyboard, GUID {4d36e96b-e325-11ce-bfc1-08002be10318}
629.516: Skip Oem Device ACPI\PNP0303\3&61AAA01&0
629.516: Enumerating Devices of bluetooth, GUID {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
629.563: Enumerating Devices of DiskDrive, GUID {4D36E967-E325-11CE-BFC1-08002BE10318}
629.625: Enumerating Devices of display, GUID {4d36e968-e325-11ce-bfc1-08002be10318}
629.672: Skip Oem Device PCI\VEN_1039&DEV_6330&SUBSYS_2A06103C&REV_00\4&1C526AC9&0&0008
629.672: Enumerating Devices of displaycodec, GUID {e6abb47d-8339-4c60-be92-e9045ff5a33d}
629.719: Enumerating Devices of HIDClass, GUID {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
629.766: Enumerating Devices of media, GUID {4d36e96c-e325-11ce-bfc1-08002be10318}
629.797: Skip Oem Device PCI\VEN_1039&DEV_7012&SUBSYS_2A05103C&REV_A0\3&61AAA01&0&17
629.813: Enumerating Devices of Modem, GUID {4D36E96D-E325-11CE-BFC1-08002BE10318}
629.844: Skip Oem Device PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\3&61AAA01&0&50
629.844: Enumerating Devices of net, GUID {4d36e972-e325-11ce-bfc1-08002be10318}
629.891: Skip Oem Device PCI\VEN_1039&DEV_0900&SUBSYS_2A04103C&REV_90\3&61AAA01&0&20
629.891: Enumerating Devices of ports, GUID {4d36e978-e325-11ce-bfc1-08002be10318}
629.938: Enumerating Devices of Processor, GUID {50127DC3-0F36-415e-A6CC-4CB3BE910B65}
629.969: Skip Oem Device ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_12\_0
629.969: Enumerating Devices of sdbus, GUID {a0a588a4-c46f-4b37-b7ea-c82fe89870c6}
630.016: Enumerating Devices of System, GUID {4D36E97D-E325-11CE-BFC1-08002BE10318}
630.063: Enumerating Devices of Unknown, GUID {4D36E97E-E325-11CE-BFC1-08002BE10318}
630.110: Enumerating Devices of USB, GUID {36FC9E60-C465-11CF-8056-444553540000}
630.172: Skip Oem Device USB\VID_0403&PID_6001\5&45E68E4&0&3
630.172: Skip Oem Device USB\VID_05AC&PID_1266\000A2700226F3068
630.172: Skip Oem Device USB\VID_05AC&PID_12A0\387E12DE6D28DBC370058813AEC10077D6786BA5
630.172: AnalyzeDevices used 844 ticks
630.188: AnalyzePhaseTwo used 16 ticks
630.188: AnalyzePhaseThree used 0 ticks
630.188: AnalyzePhaseFive used 0 ticks
640.469: AnalyzePhaseSix used 10281 ticks
640.578: AnalyzeComponents used 231922 ticks
640.578: Downloading 0 files
640.578: bPatchMode = TRUE
640.594: Inventory complete: ReturnStatus=0, 239578 ticks
640.672: Num Ticks for invent : 239656
640.735: [dumpDownloadTask] We have all necessary files for the package to install. Return STATUS_READY_TO_INSTALL
640.735: dumpDownloadTask returned 0xf201 (ready to install)
650.453: UnRegisterSpuninstForRecovery, failed to delete SpRecoverCmdLine value, error 0x2
650.485: DoInstallation: Failed to unregistering spuninst.exe for recovery.
650.641: Service Pack 3 installation did not complete.
650.641: Update.exe extended error code = 0xf201
8.141: ================================================================================
8.172: 2013/05/28 17:34:38.062 (local)
8.172: c:\b7a5a53d4d9d6423a6fa444a09c72ace\i386\update\update.exe (version 6.3.13.0)
8.594: Service Pack started with following command line:
8.641: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
8.844: CreateUserInterface: DefineInstallCustomUI returned 0x0
9.500: Return Value From OnACPower = 1
9.500: OnACPower returned value( 0x1 ) which is Equal To 0x1
9.500: Condition succeeded for section OnACPower.Section in Line 1 of PreRequisite
9.547: SOFTWARE\Microsoft\Shared Computer Toolkit is not Present
9.547: Condition succeeded for section SharedComputerTool.Section in Line 2 of PreRequisite
9.594: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB925877 is not Present
9.594: First Condition in RDPMUI.Section Succeeded
9.594: Condition succeeded for section RDPMUI.Section in Line 3 of PreRequisite
9.594: SYSTEM\WPA\Fundamentals is not Present
9.594: First Condition in Winflp.Section Succeeded
9.594: Condition succeeded for section Winflp.Section in Line 4 of PreRequisite
9.594: SYSTEM\WPA\WEPOS is not Present
9.594: First Condition in WEPOS.Section Succeeded
9.594: Condition succeeded for section WEPOS.Section in Line 5 of PreRequisite
9.594: SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center is not Present
9.594: First Condition in MediaCenter.FreeStyleBlock.Section Succeeded
9.594: Condition succeeded for section MediaCenter.FreeStyleBlock.Section in Line 6 of PreRequisite
64.407: In Function TestVolatileFlag, line 11825, RegOpenKeyEx failed with error 0x2
64.407: In Function TestVolatileFlag, line 11857, RegOpenKeyEx failed with error 0x2
64.407: DoInstallation: CleanPFR failed: 0x2
64.407: In Function GetReleaseSet, line 1240, RegQueryValueEx failed with error 0x2
64.422: SetProductTypes: InfProductBuildType=BuildType.IC
64.454: SetAltOsLoaderPath: No section uses DirId 65701; done.
65.532: IncludeDirectoryIdFromInfSection: No DirId found for: DontRemoveOnUninst.DirId
65.735: SupplicantMode is Not Present
65.735: Fist Condition in Dot3svc.CheckSupplicantMode.Enabled Failed
65.735: Condition Check for Line 1 of Dot3svc.Automatic.ExtendedConditional returned FALSE
65.735: SupplicantMode is Not Present
65.735: First Condition in Dot3svc.CheckSupplicantMode.NotEnabled Succeeded
65.735: Condition succeeded for section Dot3svc.CheckSupplicantMode.NotEnabled in Line 1 of Dot3svc.Manual.ExtendedConditional
65.813: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ToGac.exe is Not Present
65.813: Condition Check for Line 1 of ToGac.RunProcess.ExtendedConditional returned FALSE
65.875: FileVersion of C:\WINDOWS\system32\ntoskrnl.exe is Greater or Equal To 5.1.2600.2180
65.875: Condition Check for Line 1 of DEP.RunProcess.ExtendedConditional returned FALSE
65.875: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie7 is Present
65.891: Condition succeeded for section IE7.AdditionalSettings.UninstallExists.Condition.Section in Line 1 of IE7.AdditionalSettings.Registry.ExtendedConditional
65.938: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ie8 is Present
65.938: Condition succeeded for section IE8.AdditionalSettings.UninstallExists.Condition.Section in Line 1 of IE8.AdditionalSettings.Registry.ExtendedConditional
65.938: N is Not Present
65.938: Condition Check for Line 1 of N.And.WMP.ExtendedConditional.Common returned FALSE
65.938: Windows Media Player is Present
65.938: SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures\Windows Media Player is Not Equal To Specified Value
65.938: Second Condition in Non.KN.WMP.Condition.Section Succeeded
65.954: C:\WINDOWS\system32\wmp.dll is Present
65.969: FileVersion of C:\WINDOWS\system32\wmp.dll is Greater or Equal To 10.0.0.0
65.969: Condition Check for Line 1 of WMP.ExtendedConditional.Common returned FALSE
65.969: Installed is Present
65.969: SYSTEM\WPA\Starter\Installed is Not Equal To Specified Value
65.969: Second Condition in Non.Starter.Check.Condition Succeeded
65.969: Condition succeeded for section Non.Starter.Check.Condition in Line 1 of Non.Starter.ExtendedConditional.MSXML6
65.969: SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center is not Present
65.969: Fist Condition in MediaCenter.Condition.Section Failed
65.969: Condition Check for Line 1 of MediaCenter.ExtendedConditional returned FALSE
65.969: SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center is not Present
65.969: Fist Condition in MediaCenter.Condition.Section Failed
65.969: Condition Check for Line 1 of MediaCenter.CopyAlways.ExtendedConditional returned FALSE
65.969: Windows Media Player is Present
65.969: SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures\Windows Media Player is Not Equal To Specified Value
65.969: Second Condition in Non.KN.WMP.Condition.Section Succeeded
65.969: Windows Messenger is Not Present
65.969: First Condition in Non.KN.WM.Condition.Section Succeeded
65.969: Condition succeeded for section Non.KN.Condition.Section in Line 1 of Non.KN.Help.ExtendedConditional.Personal
65.969: SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB886540 is not Present
65.969: First Condition in Non.WMP.Restore.Condition.Section Succeeded
65.969: N is Not Present
65.969: Fist Condition in N.FileOp.Condition.Section Failed
65.969: Condition Check for Line 1 of N.Help.ExtendedConditional.Personal returned FALSE
65.969: KWebLinks is Not Present
65.969: Fist Condition in K.Condition.Section Failed
65.969: Condition Check for Line 1 of K.ExtendedConditional.Personal returned FALSE
65.969: N is Not Present
65.969: Condition Check for Line 1 of N.Restore.Help.ExtendedConditional.Personal returned FALSE
65.969: SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures\Windows Media Player is Not Equal To Specified Value
65.969: Fist Condition in KN.Condition.Section Failed
65.969: Condition Check for Line 1 of KN.Help.ExtendedConditional.Personal returned FALSE
65.969: N is Not Present
65.969: Condition Check for Line 1 of N.And.WMP.ExtendedConditional.Personal returned FALSE
65.969: Windows Media Player is Present
65.969: SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\WindowsFeatures\Windows Media Player is Not Equal To Specified Value
65.969: Second Condition in Non.KN.WMP.Condition.Section Succeeded
65.969: C:\WINDOWS\system32\wmp.dll is Present
65.969: FileVersion of C:\WINDOWS\system32\wmp.dll is Greater or Equal To 10.0.0.0
65.969: Condition Check for Line 1 of WMP.ExtendedConditional.Personal returned FALSE
65.969: Installed is Present
65.969: SYSTEM\WPA\Starter\Installed is Not Equal To Specified Value
65.969: Second Condition in Starter.Check.Condition Failed
65.969: Condition Check for Line 1 of Starter.ExtendedConditional.Personal returned FALSE
66.016: C:\Program Files\internet explorer\iexplore.exe is Present
66.063: FileVersion of C:\Program Files\internet explorer\iexplore.exe is Greater or Equal To 7.0.0000.0000
66.079: Second Condition in IE.AdditionalSettings.LessThan7.Condition.Section Failed
66.079: Condition Check for Line 1 of IE.AdditionalSettings.ExtendedConditional.Personal returned FALSE
66.079: N is Not Present
66.079: Condition succeeded for section Non.NKN.Check.Condition in Line 1 of Non.NKN.ExtendedConditional.Personal
66.079: Windows Messenger is Not Present
66.079: First Condition in Non.KN.WM.Condition.Section Succeeded
66.141: Return Value From IsWMUpgradeable = 1
66.141: IsWMUpgradeable returned value( 0x1 ) which is Equal To 0x1
66.141: First Condition in WM.Upgrade.Condition.Section Succeeded
66.141: Condition succeeded for section KN.Or.WM.Restore.Condition.Section in Line 1 of WM.ExtendedConditional.Personal
66.188: DoInstallation: FetchSourceURL for c:\b7a5a53d4d9d6423a6fa444a09c72ace\i386\update\update.inf failed
68.891: DoInstallation:UpdSpOpenInfFile for OldUninstallInf file C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.inf not found: 0x3
68.907: CreateUninstall = 1,Directory = C:\WINDOWS\$NtServicePackUninstall$
72.704: Conditional load of section MSN.Block.Condition succeeded
72.704: CheckRegistryValue: RegOpenKeyEx for SOFTWARE\Microsoft\Active Setup\Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24} KeyName failed :0x2
72.704: CheckRegistryValue: Registry - Inf integer values mismatch
72.985: BuildCabinetManifest: update.url absent
73.000: Starting AnalyzeComponents
73.000: AnalyzePhaseZero used 0 ticks
73.000: No c:\b7a5a53d4d9d6423a6fa444a09c72ace\i386\update\updtblk.inf file.
78.657: Failed to query DriverPath of PCI\VEN_1039&DEV_0180&SUBSYS_2A04103C&REV_01\3&61AAA01&0&28 0x2
79.438: Failed to query DriverPath of PCI\VEN_1039&DEV_5513&SUBSYS_2A04103C&REV_01\3&61AAA01&0&15 0x2
83.516: Failed to query DriverPath of PCIIDE\IDECHANNEL\4&3613621D&0&0 0x2
83.688: Failed to query DriverPath of PCIIDE\IDECHANNEL\4&6B49737&0&1 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_AFD\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_ARP1394\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_AVGTDIX\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_BEEP\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_DMBOOT\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_DMLOAD\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_FASTTX2K\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_FIPS\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_FSSFLTR\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_GPC\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_HTTP\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_IPNAT\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_IPSEC\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_KSECDD\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_MNMDD\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_MOUNTMGR\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_NDIS\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_NDISTAPI\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_NDISUIO\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_NDPROXY\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_NETBT\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_NULL\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_PARTMGR\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_PARVDM\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_RASACD\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_RDPCDD\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_TCPIP\0000 0x2
83.891: Failed to query DriverPath of ROOT\LEGACY_VGASAVE\0000 0x2
83.907: Failed to query DriverPath of ROOT\LEGACY_VOLSNAP\0000 0x2
83.907: Failed to query DriverPath of ROOT\LEGACY_WANARP\0000 0x2
83.907: Failed to query DriverPath of ROOT\LEGACY_WUDFPF\0000 0x2
99.938: OEM file scan used 26938 ticks
125.954: c:\windows\system32\drivers\sisnic.sys is in the list of oem drivers...skipping copy!
224.766: AnalyzePhaseOne: used 151766 ticks
224.766: AnalyzeComponents: Hotpatch analysis disabled; skipping.
224.766: AnalyzeComponents: Hotpatching is disabled.
224.766: FindFirstFile c:\windows\$hf_mig$\*.*
229.157: Analyzing Devices...
229.157: Enumerating Devices of hidclass, GUID {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
229.250: Enumerating Devices of USB, GUID {36FC9E60-C465-11CF-8056-444553540000}
229.329: Skip Oem Device USB\VID_0403&PID_6001\5&45E68E4&0&3
229.329: Skip Oem Device USB\VID_05AC&PID_1266\000A2700226F3068
229.329: Skip Oem Device USB\VID_05AC&PID_12A0\387E12DE6D28DBC370058813AEC10077D6786BA5
229.344: Enumerating Devices of keyboard, GUID {4d36e96b-e325-11ce-bfc1-08002be10318}
229.391: Skip Oem Device ACPI\PNP0303\3&61AAA01&0
229.391: Enumerating Devices of bluetooth, GUID {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
229.454: Enumerating Devices of DiskDrive, GUID {4D36E967-E325-11CE-BFC1-08002BE10318}
229.516: Enumerating Devices of display, GUID {4d36e968-e325-11ce-bfc1-08002be10318}
229.563: Skip Oem Device PCI\VEN_1039&DEV_6330&SUBSYS_2A06103C&REV_00\4&1C526AC9&0&0008
229.563: Enumerating Devices of displaycodec, GUID {e6abb47d-8339-4c60-be92-e9045ff5a33d}
229.610: Enumerating Devices of HIDClass, GUID {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
229.657: Enumerating Devices of media, GUID {4d36e96c-e325-11ce-bfc1-08002be10318}
229.688: Skip Oem Device PCI\VEN_1039&DEV_7012&SUBSYS_2A05103C&REV_A0\3&61AAA01&0&17
229.688: Enumerating Devices of Modem, GUID {4D36E96D-E325-11CE-BFC1-08002BE10318}
229.735: Skip Oem Device PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\3&61AAA01&0&50
229.735: Enumerating Devices of net, GUID {4d36e972-e325-11ce-bfc1-08002be10318}
229.766: Skip Oem Device PCI\VEN_1039&DEV_0900&SUBSYS_2A04103C&REV_90\3&61AAA01&0&20
229.782: Enumerating Devices of ports, GUID {4d36e978-e325-11ce-bfc1-08002be10318}
229.829: Enumerating Devices of Processor, GUID {50127DC3-0F36-415e-A6CC-4CB3BE910B65}
229.860: Skip Oem Device ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_12\_0
229.860: Enumerating Devices of sdbus, GUID {a0a588a4-c46f-4b37-b7ea-c82fe89870c6}
229.907: Enumerating Devices of System, GUID {4D36E97D-E325-11CE-BFC1-08002BE10318}
229.954: Enumerating Devices of Unknown, GUID {4D36E97E-E325-11CE-BFC1-08002BE10318}
230.000: Enumerating Devices of USB, GUID {36FC9E60-C465-11CF-8056-444553540000}
230.047: Skip Oem Device USB\VID_0403&PID_6001\5&45E68E4&0&3
230.047: Skip Oem Device USB\VID_05AC&PID_1266\000A2700226F3068
230.047: Skip Oem Device USB\VID_05AC&PID_12A0\387E12DE6D28DBC370058813AEC10077D6786BA5
230.047: AnalyzeDevices used 890 ticks
233.813: AnalyzePhaseTwo used 3766 ticks
233.829: AnalyzePhaseThree used 16 ticks
233.829: AnalyzePhaseFive used 0 ticks
234.454: AnalyzePhaseSix used 625 ticks
236.688: AnalyzeComponents used 163688 ticks
236.688: Downloading 0 files
236.688: bPatchMode = FALSE
236.688: Inventory complete: ReturnStatus=0, 170500 ticks
236.719: Num Ticks for invent : 170531
236.875: VerifyTargetFileSize: Unable to verify size as Source = NULL for file c:\windows\inf\HFXF0.tmp
236.938: Copied file: c:\windows\inf\branches.inf
277.813: CheckRegistryValue: RegOpenKeyEx for SOFTWARE\Microsoft\Active Setup\Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24} KeyName failed :0x2
277.813: Conditional load of section RPCProtseq.Reg.Install.Condition succeeded
277.813: Conditional load of section AU.Wuaueng1.Reg.Install.Condition succeeded
277.813: Conditional load of section Mpeg2Data.Reg.Install.Condition succeeded
277.813: CheckRegistryValue: RegOpenKeyEx for SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerNet\PNRP\IPV6-Global KeyName failed :0x2
277.813: CheckRegistryValue: RegOpenKeyEx for SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine KeyName failed :0x2
277.844: CheckRegistryValue: Registry - Inf Strings mismatch
277.860: CheckRegistryValue: RegOpenKeyEx for SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB904412 KeyName failed :0x2
277.891: Allocation size of drive C: is 4096 bytes, free space = 146523578368 bytes
279.266: AnalyzeDiskUsage: Skipping EstimateDiskUsageForUninstall.
279.266: Drive C: free 139735MB req: 325MB w/uninstall: NOT CALCULATED.
279.266: CabinetBuild complete
279.266: Num Ticks for Cabinet build : 42547
279.266: DynamicStrings section not defined or empty.
279.360: Starting process: c:\b7a5a53d4d9d6423a6fa444a09c72ace\i386\\update\fixccs.exe
283.532: Return Code = 0
283.532: Starting process: c:\b7a5a53d4d9d6423a6fa444a09c72ace\i386\\update\nv4prep.exe
284.313: Return Code = 0
284.313: Starting process: c:\b7a5a53d4d9d6423a6fa444a09c72ace\i386\\root\cmpnents\mediactr\i386\MCPreIns.exe c:\b7a5a53d4d9d6423a6fa444a09c72ace\i386\\root\cmpnents\mediactr\i386\ c:\b7a5a53d4d9d6423a6fa444a09c72ace\i386\\ip\ c:\b7a5a53d4d9d6423a6fa444a09c72ace\i386\\
284.766: Return Code = 0
284.766: Starting process: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\apphelp.dll,ShimFlushCache
285.454: Return Code = 0
285.454: Starting process: c:\b7a5a53d4d9d6423a6fa444a09c72ace\i386\\update\spnpinst.exe /snapshot
285.641: Return Code = 0
285.735: DeRegisterUninstallProgramInInf: No Old UninstallDir
285.735: FileInUse:: Detection disabled.
291.094: Conditional load of section MSN.Block.Condition succeeded
291.094: CheckRegistryValue: RegOpenKeyEx for SOFTWARE\Microsoft\Active Setup\Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24} KeyName failed :0x2
291.094: CheckRegistryValue: Registry - Inf integer values mismatch
291.485: ArchiveFilesFromArchiveFilesSections:FindFirstFile for c:\windows\java\packages\* Failed: 0x3
291.485: ArchiveFilesFromArchiveFilesSections:FindFirstFile for c:\windows\java\packages\data\* Failed: 0x3
293.204: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
293.860: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
293.860: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x2
294.125: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x2
294.125: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x2
294.125: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x2
294.125: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.125: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.125: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x2
294.125: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x2
294.125: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.141: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.141: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.141: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.141: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.141: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.141: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.141: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.141: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x2
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x2
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x2
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.172: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x2
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x2
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x2
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x2
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x0
294.188: PruneCatalogsFromHotfixes:RegQueryValueEx Failed: 0x2
345.141: ArchiveQueue: no source component migwiz.manifest
376.500: Num Ticks for Backup : 97234
376.610:
AppPatch not installed.
376.610: AppPatch not installed. Registry will be archived.
505.454: Num Ticks for creating uninst inf : 128954
505.594: Registering Uninstall Program for -> Windows XP Service Pack, Service Pack 3 , 0x0
507.485: Conditional load of section MSN.Block.Condition succeeded
507.485: CheckRegistryValue: RegOpenKeyEx for SOFTWARE\Microsoft\Active Setup\Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24} KeyName failed :0x2
507.485: CheckRegistryValue: Registry - Inf integer values mismatch
510.469: SetupDiEnumDriverInfo failed for {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} with error 0x00000103
510.610: SetupDiEnumDriverInfo failed for {a0a588a4-c46f-4b37-b7ea-c82fe89870c6} with error 0x00000103
511.032: Enumerating Devices of hidclass, GUID {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
511.079: Enumerating Devices of USB, GUID {36FC9E60-C465-11CF-8056-444553540000}
511.141: Skip Oem Device USB\VID_0403&PID_6001\5&45E68E4&0&3
511.141: Skip Oem Device USB\VID_05AC&PID_1266\000A2700226F3068
511.141: Skip Oem Device USB\VID_05AC&PID_12A0\387E12DE6D28DBC370058813AEC10077D6786BA5
511.172: Enumerating Devices of keyboard, GUID {4d36e96b-e325-11ce-bfc1-08002be10318}
511.219: Skip Oem Device ACPI\PNP0303\3&61AAA01&0
511.219: Enumerating Devices of bluetooth, GUID {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
511.250: Enumerating Devices of DiskDrive, GUID {4D36E967-E325-11CE-BFC1-08002BE10318}
511.297: Enumerating Devices of display, GUID {4d36e968-e325-11ce-bfc1-08002be10318}
511.344: Skip Oem Device PCI\VEN_1039&DEV_6330&SUBSYS_2A06103C&REV_00\4&1C526AC9&0&0008
511.344: Enumerating Devices of displaycodec, GUID {e6abb47d-8339-4c60-be92-e9045ff5a33d}
511.391: Enumerating Devices of HIDClass, GUID {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
511.422: Enumerating Devices of media, GUID {4d36e96c-e325-11ce-bfc1-08002be10318}
511.469: Skip Oem Device PCI\VEN_1039&DEV_7012&SUBSYS_2A05103C&REV_A0\3&61AAA01&0&17
511.469: Enumerating Devices of Modem, GUID {4D36E96D-E325-11CE-BFC1-08002BE10318}
511.516: Skip Oem Device PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\3&61AAA01&0&50
511.516: Enumerating Devices of net, GUID {4d36e972-e325-11ce-bfc1-08002be10318}
511.579: Skip Oem Device PCI\VEN_1039&DEV_0900&SUBSYS_2A04103C&REV_90\3&61AAA01&0&20
511.579: Enumerating Devices of ports, GUID {4d36e978-e325-11ce-bfc1-08002be10318}
511.704: Enumerating Devices of Processor, GUID {50127DC3-0F36-415e-A6CC-4CB3BE910B65}
511.797: Skip Oem Device ACPI\AUTHENTICAMD_-_X86_FAMILY_15_MODEL_12\_0
511.797: Enumerating Devices of sdbus, GUID {a0a588a4-c46f-4b37-b7ea-c82fe89870c6}
511.844: Enumerating Devices of System, GUID {4D36E97D-E325-11CE-BFC1-08002BE10318}
511.891: Starting Backup For PCI\VEN_1039&DEV_0002
514.407: Enumerating Devices of Unknown, GUID {4D36E97E-E325-11CE-BFC1-08002BE10318}
514.454: Enumerating Devices of USB, GUID {36FC9E60-C465-11CF-8056-444553540000}
514.500: Skip Oem Device USB\VID_0403&PID_6001\5&45E68E4&0&3
514.500: Skip Oem Device USB\VID_05AC&PID_1266\000A2700226F3068
514.500: Skip Oem Device USB\VID_05AC&PID_12A0\387E12DE6D28DBC370058813AEC10077D6786BA5
520.188: UpdateMonitoredList Succeeded
537.407: System Restore Point set.
539.688: PFE2: Per File Exceptions will not be used.
551.047: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Tmp.0.wmerrenu.cat with error 0x57
551.047: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\Tmp.0.wmerrenu.cat with error 0x80092004
551.360: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Tmp.0.ntprint.cat with error 0x57
551.391: GetCatVersion: Failed to retrieve version information from C
558.079: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Tmp.0.nt5.cat with error 0x57
558.125: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\Tmp.0.nt5.cat with error 0x80092004
570.454: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Tmp.0.mstsweb.cat with error 0x57
570.454: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\Tmp.0.mstsweb.cat with error 0x80092004
570.657: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Tmp.0.msn9.cat with error 0x57
570.657: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\Tmp.0.msn9.cat with error 0x80092004
570.813: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Tmp.0.msn7.cat with error 0x57
570.813: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\Tmp.0.msn7.cat with error 0x80092004
571.750: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Tmp.0.msmsgs.cat with error 0x57
571.766: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\Tmp.0.msmsgs.cat with error 0x80092004
572.000: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Tmp.0.ims.cat with error 0x57
572.000: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\Tmp.0.ims.cat with error 0x80092004
572.313: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Tmp.0.fp4.cat with error 0x57
572.313: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\Tmp.0.fp4.cat with error 0x80092004
572.657: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\sp3.cat with error 0x57
572.719: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\sp3.cat with error 0x80092004
587.532: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Tmp.0.startoc.cat with error 0x57
587.532: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\Tmp.0.startoc.cat with error 0x80092004
588.454: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Tmp.0.nt5inf.cat with error 0x57
588.454: GetCatVersion: Failed to retrieve version information from C:\WINDOWS\Tmp.0.nt5inf.cat with error 0x80092004
643.282: Registering spuninst.exe for recovery successful.
643.360: Registration of sprecovr successful
644.297: Copied file: C:\WINDOWS\system32\ntoskrnl.exe
644.422: Copied file: C:\WINDOWS\system32\ntkrnlpa.exe
644.657: Copied file: C:\WINDOWS\system32\HAL.DLL
645.188: Copied file: C:\ntldr
645.282: Copied file: C:\WINDOWS\system32\DRIVERS\wdmaud.sys
645.375: Copied file: C:\WINDOWS\system32\DRIVERS\wanarp.sys
645.516: Copied file: C:\WINDOWS\system32\DRIVERS\volsnap.sys
645.547: Copied file: C:\WINDOWS\system32\DRIVERS\videoprt.sys
645.922: Copied file: C:\WINDOWS\system32\DRIVERS\viaide.sys
646.141: Copied file: C:\WINDOWS\system32\DRIVERS\vga.sys
646.657: Copied file: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
646.891: Copied file: C:\WINDOWS\system32\DRIVERS\usbstor.sys
647.157: Copied file: C:\WINDOWS\system32\DRIVERS\usbscan.sys
647.360: Copied file: C:\WINDOWS\system32\DRIVERS\usbprint.sys
647.719: Copied file: C:\WINDOWS\system32\DRIVERS\usbport.sys
647.813: Copied file: C:\WINDOWS\system32\DRIVERS\usbohci.sys
648.157: Copied file: C:\WINDOWS\system32\DRIVERS\usbintel.sys
648.360: Copied file: C:\WINDOWS\system32\DRIVERS\usbhub.sys
648.938: Copied file: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
649.172: Copied file: C:\WINDOWS\system32\DRIVERS\usbcamd2.sys
649.641: Copied file: C:\WINDOWS\system32\DRIVERS\usbcamd.sys
650.079: Copied file: C:\WINDOWS\system32\DRIVERS\usbaudio.sys
650.141: Copied file: C:\WINDOWS\system32\DRIVERS\usb8023.sys
650.500: Copied file: C:\WINDOWS\system32\DRIVERS\update.sys
650.594: Copied file: C:\WINDOWS\system32\DRIVERS\udfs.sys
650.813: Copied file: C:\WINDOWS\system32\DRIVERS\termdd.sys
650.860: Copied file: C:\WINDOWS\system32\DRIVERS\tdtcp.sys
651.157: Copied file: C:\WINDOWS\system32\DRIVERS\tdpipe.sys
651.235: Copied file: C:\WINDOWS\system32\DRIVERS\tdi.sys
651.532: Copied file: C:\WINDOWS\system32\DRIVERS\tcpip6.sys
651.860: Copied file: C:\WINDOWS\system32\DRIVERS\tcpip.sys
652.047: Copied file: C:\WINDOWS\system32\DRIVERS\tape.sys
652.282: Copied file: C:\WINDOWS\system32\DRIVERS\sysaudio.sys
652.516: Copied file: C:\WINDOWS\system32\DRIVERS\swmidi.sys
652.610: Copied file: C:\WINDOWS\system32\DRIVERS\swenum.sys
652.985: Copied file: C:\WINDOWS\system32\DRIVERS\stream.sys
653.407: Copied file: C:\WINDOWS\system32\DRIVERS\srv.sys
653.766: Copied file: C:\WINDOWS\system32\DRIVERS\sr.sys
653.844: Copied file: C:\WINDOWS\system32\DRIVERS\splitter.sys
654.125: Copied file: C:\WINDOWS\system32\DRIVERS\sonydcam.sys
654.282: Copied file: C:\WINDOWS\system32\DRIVERS\sfloppy.sys
654.500: Copied file: C:\WINDOWS\system32\DRIVERS\serial.sys
654.625: Copied file: C:\WINDOWS\system32\DRIVERS\serenum.sys
654.704: Copied file: C:\WINDOWS\system32\DRIVERS\secdrv.sys
654.782: Copied file: C:\WINDOWS\system32\DRIVERS\scsiport.sys
654.829: Copied file: C:\WINDOWS\system32\DRIVERS\rndismp.sys
654.954: Copied file: C:\WINDOWS\system32\DRIVERS\rmcast.sys
655.047: Copied file: C:\WINDOWS\system32\DRIVERS\redbook.sys
655.235: Copied file: C:\WINDOWS\system32\DRIVERS\rdpwd.sys
655.360: Copied file: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
655.422: Copied file: C:\WINDOWS\system32\DRIVERS\rdbss.sys
655.563: Copied file: C:\WINDOWS\system32\DRIVERS\raspptp.sys
655.688: Copied file: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
655.719: Copied file: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
655.860: Copied file: C:\WINDOWS\system32\DRIVERS\psched.sys
655.891: Copied file: C:\WINDOWS\system32\DRIVERS\processr.sys
656.157: Copied file: C:\WINDOWS\system32\DRIVERS\portcls.sys
656.204: Copied file: C:\WINDOWS\system32\DRIVERS\pcmcia.sys
656.375: Copied file: C:\WINDOWS\system32\DRIVERS\pciidex.sys
656.469: Copied file: C:\WINDOWS\system32\DRIVERS\pci.sys
656.500: Copied file: C:\WINDOWS\system32\DRIVERS\partmgr.sys
656.641: Copied file: C:\WINDOWS\system32\DRIVERS\parport.sys
656.657: Copied file: C:\WINDOWS\system32\DRIVERS\p3.sys
656.750: Copied file: C:\WINDOWS\system32\DRIVERS\ohci1394.sys
656.782: Copied file: C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
656.969: Copied file: C:\WINDOWS\system32\DRIVERS\ntfs.sys
657.016: Copied file: C:\WINDOWS\system32\DRIVERS\npfs.sys
657.204: Copied file: C:\WINDOWS\system32\DRIVERS\nmnt.sys
657.344: Copied file: C:\WINDOWS\system32\DRIVERS\nic1394.sys
657.360: Copied file: C:\WINDOWS\system32\DRIVERS\netbt.sys
657.485: Copied file: C:\WINDOWS\system32\DRIVERS\netbios.sys
657.532: Copied file: C:\WINDOWS\system32\DRIVERS\ndproxy.sys
657.704: Copied file: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
657.735: Copied file: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
657.782: Copied file: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
657.797: Copied file: C:\WINDOWS\system32\DRIVERS\ndis.sys
657.922: Copied file: C:\WINDOWS\system32\DRIVERS\mup.sys
658.110: Copied file: C:\WINDOWS\system32\DRIVERS\mspqm.sys
658.125: Copied file: C:\WINDOWS\system32\DRIVERS\mspclock.sys
658.188: Copied file: C:\WINDOWS\system32\DRIVERS\mskssrv.sys
658.219: Copied file: C:\WINDOWS\system32\DRIVERS\msgpc.sys
658.422: Copied file: C:\WINDOWS\system32\DRIVERS\msfs.sys
658.469: Copied file: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
658.625: Copied file: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
658.719: Copied file: C:\WINDOWS\system32\DRIVERS\mountmgr.sys
658.766: Copied file: C:\WINDOWS\system32\DRIVERS\mouclass.sys
658.829: Copied file: C:\WINDOWS\system32\DRIVERS\modem.sys
658.844: Copied file: C:\WINDOWS\system32\DRIVERS\mf.sys
659.079: Copied file: C:\WINDOWS\system32\DRIVERS\ksecdd.sys
659.125: Copied file: C:\WINDOWS\system32\DRIVERS\ks.sys
659.250: Copied file: C:\WINDOWS\system32\DRIVERS\kmixer.sys
659.282: Copied file: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
659.375: Copied file: C:\WINDOWS\system32\DRIVERS\isapnp.sys
659.454: Copied file: C:\WINDOWS\system32\DRIVERS\irenum.sys
659.469: Copied file: C:\WINDOWS\system32\DRIVERS\ipsec.sys
659.547: Copied file: C:\WINDOWS\system32\DRIVERS\ipnat.sys
659.579: Copied file: C:\WINDOWS\system32\DRIVERS\ipinip.sys
659.704: Copied file: C:\WINDOWS\system32\DRIVERS\intelide.sys
659.782: Copied file: C:\WINDOWS\system32\DRIVERS\imapi.sys
659.860: Copied file: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
659.875: Copied file: C:\WINDOWS\system32\DRIVERS\hidusb.sys
660.047: Copied file: C:\WINDOWS\system32\DRIVERS\hidparse.sys
660.079: Copied file: C:\WINDOWS\system32\DRIVERS\hidclass.sys
660.157: Copied file: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
660.188: Copied file: C:\WINDOWS\system32\DRIVERS\fips.sys
660.266: Copied file: C:\WINDOWS\system32\DRIVERS\fdc.sys
660.407: Copied file: C:\WINDOWS\system32\DRIVERS\fastfat.sys
660.454: Copied file: C:\WINDOWS\system32\DRIVERS\dxg.sys
660.500: Copied file: C:\WINDOWS\system32\DRIVERS\drmkaud.sys
660.579: Copied file: C:\WINDOWS\system32\DRIVERS\drmk.sys
660.641: Copied file: C:\WINDOWS\system32\DRIVERS\dmusic.sys
660.672: Copied file: C:\WINDOWS\system32\DRIVERS\dmio.sys
660.891: Copied file: C:\WINDOWS\system32\DRIVERS\dmboot.sys
660.922: Copied file: C:\WINDOWS\system32\DRIVERS\diskdump.sys
661.625: Copied file: C:\WINDOWS\system32\DRIVERS\disk.sys
661.657: Copied file: C:\WINDOWS\system32\DRIVERS\crusoe.sys
661.735: Copied file: C:\WINDOWS\system32\DRIVERS\classpnp.sys
661.797: Copied file: C:\WINDOWS\system32\DRIVERS\cdrom.sys
661.875: Copied file: C:\WINDOWS\system32\DRIVERS\cdfs.sys
662.016: Copied file: C:\WINDOWS\system32\DRIVERS\bridge.sys
662.219: Copied file: C:\WINDOWS\system32\DRIVERS\atmlane.sys
662.235: Copied file: C:\WINDOWS\system32\DRIVERS\atmarpc.sys
662.313: Copied file: C:\WINDOWS\system32\DRIVERS\atapi.sys
662.329: Copied file: C:\WINDOWS\system32\DRIVERS\asyncmac.sys
662.422: Copied file: C:\WINDOWS\system32\DRIVERS\arp1394.sys
662.454: Copied file: C:\WINDOWS\system32\DRIVERS\amdk6.sys
662.594: Copied file: C:\WINDOWS\system32\DRIVERS\afd.sys
662.719: Copied file: C:\WINDOWS\system32\DRIVERS\aec.sys
662.735: Copied file: C:\WINDOWS\system32\DRIVERS\acpi.sys
662.875: Copied file: C:\WINDOWS\system32\DRIVERS\1394bus.sys
662.922: Copied file: C:\WINDOWS\system32\wkssvc.dll
663.422: Copied file: C:\WINDOWS\system32\winspool.drv
663.469: Copied file: C:\WINDOWS\system32\win32spl.dll
663.688: Copied file: C:\WINDOWS\system32\win32k.sys
663.844: Copied file: C:\WINDOWS\system32\userinit.exe
663.860: Copied file: C:\WINDOWS\system32\untfs.dll
664.141: Copied file: C:\WINDOWS\system32\ulib.dll
664.219: Copied file: C:\WINDOWS\system32\tcpmonui.dll
664.438: Copied file: C:\WINDOWS\system32\syssetup.dll
664.579: Copied file: C:\WINDOWS\system32\sysdm.cpl
664.641: Copied file: C:\WINDOWS\system32\srvsvc.dll
664.688: Copied file: C:\WINDOWS\system32\sorttbls.nls
664.813: Copied file: C:\WINDOWS\system32\smss.exe
664.875: Copied file: C:\WINDOWS\system32\setupapi.dll
664.907: Copied file: C:\WINDOWS\system32\sessmgr.exe
665.172: Copied file: C:\WINDOWS\system32\services.exe
665.297: Copied file: C:\WINDOWS\system32\schannel.dll
665.329: Copied file: C:\WINDOWS\system32\scardsvr.exe
665.454: Copied file: C:\WINDOWS\system32\savedump.exe
665.516: Copied file: C:\WINDOWS\system32\samsrv.dll
665.532: Copied file: C:\WINDOWS\system32\samlib.dll
665.672: Copied file: C:\WINDOWS\system32\rshx32.dll
665.766: Copied file: C:\WINDOWS\system32\rastapi.dll
665.797: Copied file: C:\WINDOWS\system32\rasman.dll
666.032: Copied file: C:\WINDOWS\system32\rasdlg.dll
666.157: Copied file: C:\WINDOWS\system32\rasauto.dll
666.266: Copied file: C:\WINDOWS\system32\rasapi32.dll
666.500: Copied file: C:\WINDOWS\system32\printui.dll
666.532: Copied file: C:\WINDOWS\system32\perfctrs.dll
666.688: Copied file: C:\WINDOWS\system32\olecnv32.dll
666.735: Copied file: C:\WINDOWS\system32\oleaut32.dll
666.922: Copied file: C:\WINDOWS\system32\nwprovau.dll
667.110: Copied file: C:\WINDOWS\system32\ntvdm.exe
667.282: Copied file: C:\WINDOWS\system32\ntprint.dll
667.297: Copied file: C:\WINDOWS\system32\ntlsapi.dll
667.500: Copied file: C:\WINDOWS\system32\ntdll.dll
667.547: Copied file: C:\WINDOWS\system32\nslookup.exe
667.625: Copied file: C:\WINDOWS\system32\msv1_0.dll
667.766: Copied file: C:\WINDOWS\system32\msgsvc.dll
667.813: Copied file: C:\WINDOWS\system32\mgmtapi.dll
668.094: Copied file: C:\WINDOWS\system32\lsasrv.dll
668.110: Copied file: C:\WINDOWS\system32\locator.exe
668.157: Copied file: C:\WINDOWS\system32\localspl.dll
668.188: Copied file: C:\WINDOWS\system32\locale.nls
668.375: Copied file: C:\WINDOWS\system32\lmhsvc.dll
668.579: Copied file: C:\WINDOWS\system32\kernel32.dll
668.688: Copied file: C:\WINDOWS\system32\imagehlp.dll
668.782: Copied file: C:\WINDOWS\system32\ftp.exe
668.797: Copied file: C:\WINDOWS\system32\format.com
668.875: Copied file: C:\WINDOWS\system32\dhcpcsvc.dll
669.125: Copied file: C:\WINDOWS\system32\desk.cpl
669.157: Copied file: C:\WINDOWS\system32\csrsrv.dll
669.235: Copied file: C:\WINDOWS\system32\comdlg32.dll
669.407: Copied file: C:\WINDOWS\system32\comctl32.dll
669.688: Copied file: C:\WINDOWS\system32\cmd.exe
669.719: Copied file: C:\WINDOWS\system32\cacls.exe
669.938: Copied file: C:\WINDOWS\system32\autoconv.exe
670.125: Copied file: C:\WINDOWS\system32\autochk.exe
670.375: Copied file: C:\WINDOWS\system32\advapi32.dll
670.422: Copied file: C:\WINDOWS\AppPatch\drvmain.sdb
670.641: Copied file: C:\WINDOWS\system32\xpsp2res.dll
670.797: Copied file: C:\WINDOWS\system32\qmgr.dll
670.829: Copied file: C:\WINDOWS\system32\DRIVERS\watv10nt.sys
670.860: Copied file: C:\WINDOWS\system32\DRIVERS\watv06nt.sys
670.860: Copied file: C:\WINDOWS\system32\DRIVERS\wadv11nt.sys
670.891: Copied file: C:\WINDOWS\system32\DRIVERS\wadv09nt.sys
670.891: Copied file: C:\WINDOWS\system32\DRIVERS\wadv08nt.sys
670.891: Copied file: C:\WINDOWS\system32\DRIVERS\wadv07nt.sys
670.891: Copied file: C:\WINDOWS\system32\DRIVERS\wacompen.sys
671.047: Copied file: C:\WINDOWS\system32\DRIVERS\viaagp.sys
671.094: Copied file: C:\WINDOWS\system32\DRIVERS\vchnt5.dll
671.110: Copied file: C:\WINDOWS\system32\DRIVERS\usbvideo.sys
671.172: Copied file: C:\WINDOWS\system32\DRIVERS\usbehci.sys
671.172: Copied file: C:\WINDOWS\system32\DRIVERS\usb8023x.sys
671.407: Copied file: C:\WINDOWS\system32\DRIVERS\update.sys
671.407: Copied file: C:\WINDOWS\system32\DRIVERS\uagp35.sys
671.579: Copied file: C:\WINDOWS\system32\DRIVERS\tunmp.sys
671.594: Copied file: C:\WINDOWS\system32\DRIVERS\smbali.sys
671.610: Copied file: C:\WINDOWS\system32\DRIVERS\slwdmsup.sys
671.625: Copied file: C:\WINDOWS\system32\DRIVERS\slnthal.sys
671.657: Copied file: C:\WINDOWS\system32\DRIVERS\slntamr.sys
671.704: Copied file: C:\WINDOWS\system32\DRIVERS\slnt7554.sys
671.735: Copied file: C:\WINDOWS\system32\DRIVERS\sisagp.sys
671.875: Copied file: C:\WINDOWS\system32\DRIVERS\siint5.dll
671.938: Copied file: C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
671.938: Copied file: C:\WINDOWS\system32\DRIVERS\sffp_mmc.sys
672.204: Copied file: C:\WINDOWS\system32\DRIVERS\sffdisk.sys
672.235: Copied file: C:\WINDOWS\system32\DRIVERS\sdbus.sys
672.235: Copied file: C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
672.282: Copied file: C:\WINDOWS\system32\DRIVERS\rndismpx.sys
672.329: Copied file: C:\WINDOWS\system32\DRIVERS\rfcomm.sys
672.438: Copied file: C:\WINDOWS\system32\DRIVERS\recagent.sys
672.485: Copied file: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
672.610: Copied file: C:\WINDOWS\system32\DRIVERS\ntmtlfax.sys
672.641: Copied file: C:\WINDOWS\system32\DRIVERS\netwlan5.img
672.719: Copied file: C:\WINDOWS\system32\DRIVERS\mutohpen.sys
672.797: Copied file: C:\WINDOWS\system32\DRIVERS\mtxparhm.sys
672.844: Copied file: C:\WINDOWS\system32\DRIVERS\mtlstrm.sys
673.485: Copied file: C:\WINDOWS\system32\DRIVERS\mtlmnt5.sys
673.532: Copied file: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
673.532: Copied file: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
673.735: Copied file: C:\WINDOWS\system32\DRIVERS\ip6fw.sys
673.766: Copied file: C:\WINDOWS\system32\DRIVERS\intelppm.sys
673.844: Copied file: C:\WINDOWS\system32\DRIVERS\http.sys
673.844: Copied file: C:\WINDOWS\system32\DRIVERS\hsfdpsp2.sys
674.000: Copied file: C:\WINDOWS\system32\DRIVERS\hsfcxts2.sys
674.282: Copied file: C:\WINDOWS\system32\DRIVERS\hsfbs2s2.sys
674.329: Copied file: C:\WINDOWS\system32\DRIVERS\hidir.sys
674.360: Copied file: C:\WINDOWS\system32\DRIVERS\hidbth.sys
674.391: Copied file: C:\WINDOWS\system32\DRIVERS\hdaudbus.sys
674.500: Copied file: C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
674.704: Copied file: C:\WINDOWS\system32\DRIVERS\fltmgr.sys
674.735: Copied file: C:\WINDOWS\system32\DRIVERS\cxthsfs2.cty
674.766: Copied file: C:\WINDOWS\system32\DRIVERS\ch7xxnt5.dll
674.844: Copied file: C:\WINDOWS\system32\DRIVERS\bthusb.sys
674.875: Copied file: C:\WINDOWS\system32\DRIVERS\bthprint.sys
675.250: Copied file: C:\WINDOWS\system32\DRIVERS\bthport.sys
675.250: Copied file: C:\WINDOWS\system32\DRIVERS\bthpan.sys
675.313: Copied file: C:\WINDOWS\system32\DRIVERS\bthmodem.sys
675.344: Copied file: C:\WINDOWS\system32\DRIVERS\bthenum.sys
675.391: Copied file: C:\WINDOWS\system32\DRIVERS\atv10nt5.dll
675.422: Copied file: C:\WINDOWS\system32\DRIVERS\atv06nt5.dll
675.469: Copied file: C:\WINDOWS\system32\DRIVERS\atv04nt5.dll
675.500: Copied file: C:\WINDOWS\system32\DRIVERS\atv02nt5.dll
675.532: Copied file: C:\WINDOWS\system32\DRIVERS\atv01nt5.dll
675.532: Copied file: C:\WINDOWS\system32\DRIVERS\ativmc20.cod
675.579: Copied file: C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
675.610: Copied file: C:\WINDOWS\system32\DRIVERS\atinxbxx.sys
675.782: Copied file: C:\WINDOWS\system32\DRIVERS\atintuxx.sys
676.079: Copied file: C:\WINDOWS\system32\DRIVERS\atinttxx.sys
676.219: Copied file: C:\WINDOWS\system32\DRIVERS\atinsnxx.sys
676.438: Copied file: C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
676.469: Copied file: C:\WINDOWS\system32\DRIVERS\atinraxx.sys
676.469: Copied file: C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
676.532: Copied file: C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
676.579: Copied file: C:\WINDOWS\system32\DRIVERS\atinbtxx.sys
676.657: Copied file: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
676.766: Copied file: C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
676.844: Copied file: C:\WINDOWS\system32\DRIVERS\ati1xsxx.sys
676.875: Copied file: C:\WINDOWS\system32\DRIVERS\ati1xbxx.sys
676.907: Copied file: C:\WINDOWS\system32\DRIVERS\ati1tuxx.sys
676.938: Copied file: C:\WINDOWS\system32\DRIVERS\ati1ttxx.sys
676.969: Copied file: C:\WINDOWS\system32\DRIVERS\ati1snxx.sys
677.016: Copied file: C:\WINDOWS\system32\DRIVERS\ati1rvxx.sys
677.266: Copied file: C:\WINDOWS\system32\DRIVERS\ati1raxx.sys
677.329: Copied file: C:\WINDOWS\system32\DRIVERS\ati1pdxx.sys
677.485: Copied file: C:\WINDOWS\system32\DRIVERS\ati1mdxx.sys
677.516: Copied file: C:\WINDOWS\system32\DRIVERS\ati1btxx.sys
677.579: Copied file: C:\WINDOWS\system32\DRIVERS\amdk7.sys
677.579: Copied file: C:\WINDOWS\system32\DRIVERS\amdagp.sys
677.625: Copied file: C:\WINDOWS\system32\DRIVERS\alim1541.sys
677.657: Copied file: C:\WINDOWS\system32\DRIVERS\agpcpq.sys
677.719: Copied file: C:\WINDOWS\system32\DRIVERS\agp440.sys
677.875: Copied file: C:\WINDOWS\system32\DRIVERS\adv11nt5.dll
677.907: Copied file: C:\WINDOWS\system32\DRIVERS\adv09nt5.dll
677.954: Copied file: C:\WINDOWS\system32\DRIVERS\adv08nt5.dll
677.954: Copied file: C:\WINDOWS\system32\DRIVERS\adv07nt5.dll
677.969: Copied file: C:\WINDOWS\system32\DRIVERS\adv05nt5.dll
677.985: Copied file: C:\WINDOWS\system32\DRIVERS\adv02nt5.dll
678.016: Copied file: C:\WINDOWS\system32\DRIVERS\adv01nt5.dll
678.094: Copied file: C:\WINDOWS\network diagnostic\custsat.dll
678.172: Copied file: C:\Program Files\Common Files\system\msadc\msdfmap.dll
678.657: Copied file: C:\Program Files\Common Files\system\msadc\msdaremr.dll
678.672: Copied file: C:\Program Files\Common Files\system\msadc\msdarem.dll
678.735: Copied file: C:\Program Files\Common Files\system\msadc\msdaprst.dll
678.750: Copied file: C:\Program Files\Common Files\system\msadc\msdaprsr.dll
678.860: Copied file: C:\Program Files\Common Files\system\msadc\msaddsr.dll
678.907: Copied file: C:\Program Files\Common Files\system\msadc\msadds.dll
679.141: Copied file: C:\Program Files\Common Files\system\msadc\msadcs.dll
679.188: Copied file: C:\Program Files\Common Files\system\msadc\msadcor.dll
679.282: Copied file: C:\Program Files\Common Files\system\msadc\msadco.dll
679.313: Copied file: C:\Program Files\Common Files\system\msadc\msadcfr.dll
679.469: Copied file: C:\Program Files\Common Files\system\msadc\msadcf.dll
679.485: Copied file: C:\Program Files\Common Files\system\msadc\msadcer.dll
679.594: Copied file: C:\WINDOWS\system32\zipfldr.dll
679.688: Copied file: C:\WINDOWS\system32\xolehlp.dll
679.704: Copied file: C:\WINDOWS\system32\xcopy.exe
679.844: Copied file: C:\WINDOWS\system32\xactsrv.dll
679.922: Copied file: C:\WINDOWS\system32\wzcsvc.dll
680.235: Copied file (delayed): C:\WINDOWS\system32\SET229.tmp
680.235: Copied file: C:\WINDOWS\system32\wzcsapi.dll
680.516: Copied file (delayed): C:\WINDOWS\system32\SET22A.tmp
680.516: Copied file: C:\WINDOWS\system32\wzcdlg.dll
680.563: Copied file: C:\WINDOWS\system32\wtsapi32.dll
680.813: Copied file (delayed): C:\WINDOWS\system32\SET22C.tmp
680.813: Copied file: C:\WINDOWS\system32\wstdecod.dll
680.813: Copied file: C:\WINDOWS\system32\wsock32.dll
681.282: Copied file (delayed): C:\WINDOWS\system32\SET22E.tmp
681.282: Copied file: C:\WINDOWS\system32\wsnmp32.dll
681.344: Copied file: C:\WINDOWS\system32\wshtcpip.dll
681.547: Copied file (delayed): C:\WINDOWS\system32\SET230.tmp
681.594: Copied file: C:\WINDOWS\system32\wshrm.dll
681.625: Copied file: C:\WINDOWS\system32\wshom.ocx
681.704: Copied file: C:\WINDOWS\system32\wship6.dll
681.735: Copied file: C:\WINDOWS\system32\wshext.dll
681.875: Copied file: C:\WINDOWS\system32\wshcon.dll
681.875: Copied file: C:\WINDOWS\system32\wscript.exe
682.094: Copied file: C:\WINDOWS\system32\ws2help.dll
682.297: Copied file (delayed): C:\WINDOWS\system32\SET237.tmp
682.313: Copied file: C:\WINDOWS\system32\ws2_32.dll
682.516: Copied file (delayed): C:\WINDOWS\system32\SET238.tmp
682.516: Copied file: C:\WINDOWS\system32\wpnpinst.exe
682.594: Copied file: C:\WINDOWS\system32\wpabaln.exe
682.625: Copied file: C:\WINDOWS\system32\wow32.dll
682.985: Copied file (delayed): C:\WINDOWS\system32\SET23B.tmp
683.032: Copied file: C:\WINDOWS\system32\wmvds32.ax
683.094: Copied file: C:\WINDOWS\system32\wmv8ds32.ax
683.141: Copied file: C:\WINDOWS\system32\wmstream.dll
683.454: Copied file: C:\WINDOWS\system32\wmsdmoe.dll
683.563: Copied file: C:\WINDOWS\system32\wmi.dll
683.782: Copied file (delayed): C:\WINDOWS\system32\SET240.tmp
683.782: Copied file: C:\WINDOWS\system32\wlnotify.dll
684.235: Copied file (delayed): C:\WINDOWS\system32\SET241.tmp
684.235: Copied file: C:\WINDOWS\system32\wldap32.dll
684.454: Copied file (delayed): C:\WINDOWS\system32\SET242.tmp
684.469: Copied file: C:\WINDOWS\system32\winver.exe
684.516: Copied file: C:\WINDOWS\system32\wintrust.dll
684.735: Copied file (delayed): C:\WINDOWS\system32\SET244.tmp
684.735: Copied file: C:\WINDOWS\system32\winsta.dll
685.063: Copied file (delayed): C:\WINDOWS\system32\SET245.tmp
685.063: Copied file: C:\WINDOWS\system32\winsrv.dll
685.219: Copied file (delayed): C:\WINDOWS\system32\SET246.tmp
685.219: Copied file: C:\WINDOWS\system32\winscard.dll
685.500: Copied file (delayed): C:\WINDOWS\system32\SET247.tmp
685.516: Copied file: C:\WINDOWS\system32\winrnr.dll
685.672: Copied file (delayed): C:\WINDOWS\system32\SET248.tmp
685.704: Copied file: C:\WINDOWS\system32\winntbbu.dll
685.829: Copied file: C:\WINDOWS\system32\winmm.dll
686.125: Copied file (delayed): C:\WINDOWS\system32\SET24A.tmp
686.125: Copied file: C:\WINDOWS\system32\winlogon.exe
686.297: Copied file (delayed): C:\WINDOWS\system32\SET24B.tmp
686.297: Copied file: C:\WINDOWS\system32\winipsec.dll
686.516: Copied file (delayed): C:\WINDOWS\system32\SET24C.tmp
686.532: Copied file: C:\WINDOWS\system32\wiavideo.dll
686.579: Copied file: C:\WINDOWS\system32\wiashext.dll
686.672: Copied file: C:\WINDOWS\system32\wiaservc.dll
686.985: Copied file (delayed): C:\WINDOWS\system32\SET24F.tmp
686.985: Copied file: C:\WINDOWS\system32\wiascr.dll
687.000: Copied file: C:\WINDOWS\system32\wiadss.dll
687.141: Copied file: C:\WINDOWS\system32\wiadefui.dll
687.172: Copied file: C:\WINDOWS\system32\wiaacmgr.exe
687.375: Copied file: C:\WINDOWS\system32\wextract.exe
687.407: Copied file: C:\WINDOWS\system32\webvw.dll
687.485: Copied file: C:\WINDOWS\system32\webclnt.dll
687.735: Copied file (delayed): C:\WINDOWS\system32\SET256.tmp
687.735: Copied file: C:\WINDOWS\system32\wdmaud.drv
688.032: Copied file (delayed): C:\WINDOWS\system32\SET257.tmp
688.032: Copied file: C:\WINDOWS\system32\wdigest.dll
688.329: Copied file (delayed): C:\WINDOWS\system32\SET258.tmp
688.329: Copied file: C:\WINDOWS\system32\wavemsp.dll
688.407: Copied file: C:\WINDOWS\system32\watchdog.sys
688.454: Copied file: C:\WINDOWS\system32\w32time.dll
688.750: Copied file (delayed): C:\WINDOWS\system32\SET25B.tmp
688.750: Copied file: C:\WINDOWS\system32\vssvc.exe
688.782: Copied file: C:\WINDOWS\system32\vssapi.dll
689.172: Copied file (delayed): C:\WINDOWS\system32\SET25D.tmp
689.172: Copied file: C:\WINDOWS\system32\version.dll
689.391: Copied file (delayed): C:\WINDOWS\system32\SET25E.tmp
689.391: Copied file: C:\WINDOWS\system32\verifier.dll
689.422: Copied file: C:\WINDOWS\system32\vdmredir.dll
689.422: Copied file: C:\WINDOWS\system32\vdmdbg.dll
689.594: Copied file: C:\WINDOWS\system32\vbisurf.ax
689.641: Copied file: C:\WINDOWS\system32\vbajet32.dll
689.797: Copied file (delayed): C:\WINDOWS\system32\SET263.tmp
689.813: Copied file: C:\WINDOWS\system32\uxtheme.dll
690.125: Copied file (delayed): C:\WINDOWS\system32\SET264.tmp
690.125: Copied file: C:\WINDOWS\system32\utilman.exe
690.188: Copied file: C:\WINDOWS\system32\usp10.dll
690.579: Copied file (delayed): C:\WINDOWS\system32\SET266.tmp
690.579: Copied file: C:\WINDOWS\system32\userenv.dll
690.766: Copied file (delayed): C:\WINDOWS\system32\SET267.tmp
690.766: Copied file: C:\WINDOWS\system32\user32.dll
691.079: Copied file (delayed): C:\WINDOWS\system32\SET268.tmp
691.110: Copied file: C:\WINDOWS\system32\usbui.dll
691.157: Copied file: C:\WINDOWS\system32\usbmon.dll
691.375: Copied file (delayed): C:\WINDOWS\system32\SET26A.tmp
691.375: Copied file: C:\WINDOWS\system32\ups.exe
691.469: Copied file: C:\WINDOWS\system32\upnpui.dll
691.563: Copied file: C:\WINDOWS\system32\upnphost.dll
691.829: Copied file: C:\WINDOWS\system32\upnpcont.exe
692.282: Copied file: C:\WINDOWS\system32\upnp.dll
693.500: Copied file (delayed): C:\WINDOWS\system32\SET26F.tmp
693.500: Copied file: C:\WINDOWS\system32\uniplat.dll
693.610: Copied file (delayed): C:\WINDOWS\system32\SET270.tmp
693.610: Copied file: C:\WINDOWS\system32\unimdmat.dll
693.719: Copied file (delayed): C:\WINDOWS\system32\SET271.tmp
693.719: Copied file: C:\WINDOWS\system32\unimdm.tsp
693.829: Copied file (delayed): C:\WINDOWS\system32\SET272.tmp
693.829: Copied file: C:\WINDOWS\system32\umpnpmgr.dll
694.188: Copied file (delayed): C:\WINDOWS\system32\SET273.tmp
694.204: Copied file: C:\WINDOWS\system32\umandlg.dll
694.266: Copied file: C:\WINDOWS\system32\udhisapi.dll
694.297: Copied file: C:\WINDOWS\system32\txflog.dll
694.391: Copied file: C:\WINDOWS\system32\tsddd.dll
694.454: Copied file: C:\WINDOWS\system32\tscfgwmi.dll
694.547: Copied file: C:\WINDOWS\system32\trkwks.dll
694.766: Copied file (delayed): C:\WINDOWS\system32\SET279.tmp
694.766: Copied file: C:\WINDOWS\system32\tree.com
694.844: Copied file: C:\WINDOWS\system32\tracert.exe
695.141: Copied file: C:\WINDOWS\system32\tourstart.exe
695.204: Copied file: C:\WINDOWS\system32\timedate.cpl
695.313: Copied file: C:\WINDOWS\system32\themeui.dll
695.579: Copied file (delayed): C:\WINDOWS\system32\SET27E.tmp
695.579: Copied file: C:\WINDOWS\system32\termsrv.dll
696.016: Copied file (delayed): C:\WINDOWS\system32\SET27F.tmp
696.032: Copied file: C:\WINDOWS\system32\termmgr.dll
696.094: Copied file: C:\WINDOWS\system32\telnet.exe
696.204: Copied file: C:\WINDOWS\system32\tcpmon.dll
696.391: Copied file (delayed): C:\WINDOWS\system32\SET282.tmp
696.391: Copied file: C:\WINDOWS\system32\tcpmib.dll
696.454: Copied file: C:\WINDOWS\system32\taskmgr.exe
696.500: Copied file: C:\WINDOWS\system32\tapisrv.dll
696.813: Copied file (delayed): C:\WINDOWS\system32\SET285.tmp
696.813: Copied file: C:\WINDOWS\system32\tapi32.dll
697.454: Copied file (delayed): C:\WINDOWS\system32\SET286.tmp
697.454: Copied file: C:\WINDOWS\system32\tapi3.dll
697.797: Copied file: C:\WINDOWS\system32\t2embed.dll
698.391: Copied file (delayed): C:\WINDOWS\system32\SET288.tmp
698.438: Copied file: C:\WINDOWS\system32\sysocmgr.exe
698.657: Copied file: C:\WINDOWS\system32\sysmon.ocx
698.704: Copied file: C:\WINDOWS\system32\syncui.dll
698.750: Copied file: C:\WINDOWS\system32\synceng.dll
698.907: Copied file: C:\WINDOWS\system32\sxs.dll
699.422: Copied file (delayed): C:\WINDOWS\system32\SET28D.tmp
699.469: Copied file: C:\WINDOWS\system32\svchost.exe
699.719: Copied file (delayed): C:\WINDOWS\system32\SET28E.tmp
699.750: Copied file: C:\WINDOWS\system32\storprop.dll
699.750: Copied file: C:\WINDOWS\system32\stobject.dll
700.110: Copied file (delayed): C:\WINDOWS\system32\SET290.tmp
700.110: Copied file: C:\WINDOWS\system32\stimon.exe
700.235: Copied file: C:\WINDOWS\system32\sti_ci.dll
700.282: Copied file: C:\WINDOWS\system32\sti.dll
700.407: Copied file: C:\WINDOWS\system32\stdole2.tlb
700.500: Copied file (delayed): C:\WINDOWS\system32\SET294.tmp
700.516: Copied file: C:\WINDOWS\system32\stclient.dll
700.625: Copied file: C:\WINDOWS\system32\sstext3d.scr
700.766: Copied file: C:\WINDOWS\system32\ssstars.scr
700.797: Copied file: C:\WINDOWS\system32\sspipes.scr
701.000: Copied file: C:\WINDOWS\system32\ssmyst.scr
701.204: Copied file: C:\WINDOWS\system32\ssmypics.scr
701.469: Copied file: C:\WINDOWS\system32\ssmarque.scr
701.516: Copied file: C:\WINDOWS\system32\ssflwbox.scr
701.625: Copied file: C:\WINDOWS\system32\ssdpsrv.dll
702.063: Copied file (delayed): C:\WINDOWS\system32\SET29D.tmp
702.063: Copied file: C:\WINDOWS\system32\ssdpapi.dll
702.344: Copied file (delayed): C:\WINDOWS\system32\SET29E.tmp
702.344: Copied file: C:\WINDOWS\system32\ssbezier.scr
702.422: Copied file: C:\WINDOWS\system32\ss3dfo.scr
702.563: Copied file: C:\WINDOWS\system32\srsvc.dll
702.813: Copied file (delayed): C:\WINDOWS\system32\SET2A1.tmp
702.813: Copied file: C:\WINDOWS\system32\srrstr.dll
702.969: Copied file: C:\WINDOWS\system32\srclient.dll
703.047: Copied file: C:\WINDOWS\system32\sqlunirl.dll
703.157: Copied file (delayed): C:\WINDOWS\system32\SET2A4.tmp
703.157: Copied file: C:\WINDOWS\system32\sqlsrv32.rll
703.422: Copied file (delayed): C:\WINDOWS\system32\SET2A5.tmp
703.422: Copied file: C:\WINDOWS\system32\sqlsrv32.dll
703.532: Copied file (delayed): C:\WINDOWS\system32\SET2A6.tmp
703.579: Copied file: C:\WINDOWS\system32\spoolsv.exe
703.813: Copied file (delayed): C:\WINDOWS\system32\SET2A7.tmp
703.813: Copied file: C:\WINDOWS\system32\spoolss.dll
704.250: Copied file (delayed): C:\WINDOWS\system32\SET2A8.tmp
704.329: Copied file: C:\WINDOWS\system32\spider.exe
704.563: Copied file: C:\WINDOWS\system32\sort.exe
704.625: Copied file: C:\WINDOWS\system32\snmpsnap.dll
704.735: Copied file: C:\WINDOWS\system32\snmpapi.dll
705.110: Copied file (delayed): C:\WINDOWS\system32\SET2AC.tmp
705.235: Copied file: C:\WINDOWS\system32\sndrec32.exe
705.313: Copied file: C:\WINDOWS\system32\smlogsvc.exe
705.375: Copied file: C:\WINDOWS\system32\smlogcfg.dll
705.500: Copied file: C:\WINDOWS\system32\slbiop.dll
705.579: Copied file: C:\WINDOWS\system32\slayerxp.dll
705.688: Copied file: C:\WINDOWS\system32\sl_anet.acm
705.735: Copied file: C:\WINDOWS\system32\skeys.exe
705.766: Copied file: C:\WINDOWS\system32\simpdata.tlb
705.766: Copied file: C:\WINDOWS\system32\sigverif.exe
705.860: Copied file: C:\WINDOWS\system32\sigtab.dll
705.891: Copied file: C:\WINDOWS\system32\shutdown.exe
706.157: Copied file: C:\WINDOWS\system32\shsvcs.dll
706.422: Copied file (delayed): C:\WINDOWS\system32\SET2B8.tmp
706.438: Copied file: C:\WINDOWS\system32\shscrap.dll
706.438: Copied file: C:\WINDOWS\system32\shrpubw.exe
706.469: Copied file: C:\WINDOWS\system32\shmgrate.exe
706.610: Copied file: C:\WINDOWS\system32\shmedia.dll
706.688: Copied file: C:\WINDOWS\system32\shlwapi.dll
707.079: Copied file (delayed): C:\WINDOWS\system32\SET2BD.tmp
707.079: Copied file: C:\WINDOWS\system32\shimgvw.dll
707.407: Copied file: C:\WINDOWS\system32\shimeng.dll
707.579: Copied file (delayed): C:\WINDOWS\system32\SET2BF.tmp
707.579: Copied file: C:\WINDOWS\system32\shgina.dll
707.625: Copied file: C:\WINDOWS\system32\shfolder.dll
707.641: Copied file: C:\WINDOWS\system32\shell32.dll
709.704: Copied file (delayed): C:\WINDOWS\system32\SET2C2.tmp
709.704: Copied file: C:\WINDOWS\system32\shdocvw.dll
709.922: Copied file (delayed): C:\WINDOWS\system32\SET2C3.tmp
709.922: Copied file: C:\WINDOWS\system32\shdoclc.dll
710.344: Copied file (delayed): C:\WINDOWS\system32\SET2C4.tmp
710.360: Copied file: C:\WINDOWS\system32\sfcfiles.dll
710.625: Copied file: C:\WINDOWS\system32\sfc_os.dll
710.844: Copied file (delayed): C:\WINDOWS\system32\SET2C6.tmp
710.844: Copied file: C:\WINDOWS\system32\sfc.dll
711.110: Copied file (delayed): C:\WINDOWS\system32\SET2C7.tmp
711.110: Copied file: C:\WINDOWS\system32\setup.exe
711.188: Copied file: C:\WINDOWS\system32\sethc.exe
711.219: Copied file: C:\WINDOWS\system32\servdeps.dll
711.297: Copied file: C:\WINDOWS\system32\sensapi.dll
711.500: Copied file (delayed): C:\WINDOWS\system32\SET2CB.tmp
711.500: Copied file: C:\WINDOWS\system32\sens.dll
711.750: Copied file (delayed): C:\WINDOWS\system32\SET2CC.tmp
711.750: Copied file: C:\WINDOWS\system32\sendmail.dll
711.782: Copied file: C:\WINDOWS\system32\sendcmsg.dll
711.797: Copied file: C:\WINDOWS\system32\security.dll
711.907: Copied file: C:\WINDOWS\system32\secur32.dll
712.188: Copied file (delayed): C:\WINDOWS\system32\SET2D0.tmp
712.188: Copied file: C:\WINDOWS\system32\seclogon.dll
712.438: Copied file (delayed): C:\WINDOWS\system32\SET2D1.tmp
712.438: Copied file: C:\WINDOWS\system32\sdbinst.exe
712.610: Copied file: C:\WINDOWS\system32\scrrun.dll
712.719: Copied file: C:\WINDOWS\system32\scrobj.dll
712.750: Copied file: C:\WINDOWS\system32\scrnsave.scr
712.766: Copied file: C:\WINDOWS\system32\sclgntfy.dll
712.891: Copied file: C:\WINDOWS\system32\schedsvc.dll
713.172: Copied file (delayed): C:\WINDOWS\system32\SET2D7.tmp
713.188: Copied file: C:\WINDOWS\system32\scesrv.dll
713.610: Copied file (delayed): C:\WINDOWS\system32\SET2D8.tmp
713.610: Copied file: C:\WINDOWS\system32\scecli.dll
714.188: Copied file (delayed): C:\WINDOWS\system32\SET2D9.tmp
714.204: Copied file: C:\WINDOWS\system32\sccsccp.dll
714.250: Copied file: C:\WINDOWS\system32\scarddlg.dll
714.266: Copied file: C:\WINDOWS\system32\safrslv.dll
714.391: Copied file: C:\WINDOWS\system32\safrdm.dll
714.407: Copied file: C:\WINDOWS\system32\safrcdlg.dll
714.485: Copied file: C:\WINDOWS\system32\runonce.exe
714.516: Copied file: C:\WINDOWS\system32\rundll32.exe
714.547: Copied file: C:\WINDOWS\system32\rtutils.dll
714.750: Copied file (delayed): C:\WINDOWS\system32\SET2E1.tmp
714.750: Copied file: C:\WINDOWS\system32\rtipxmib.dll
714.766: Copied file: C:\WINDOWS\system32\rtcshare.exe
714.797: Copied file: C:\WINDOWS\system32\rsvpsp.dll
714.907: Copied file: C:\WINDOWS\system32\rsmps.dll
714.954: Copied file: C:\WINDOWS\system32\rsh.exe
715.047: Copied file: C:\WINDOWS\system32\rsaenh.dll
715.282: Copied file (delayed): C:\WINDOWS\system32\SET2E7.tmp
715.282: Copied file: C:\WINDOWS\system32\rpcss.dll
715.657: Copied file (delayed): C:\WINDOWS\system32\SET2E8.tmp
715.672: Copied file: C:\WINDOWS\system32\rpcrt4.dll
716.047: Copied file (delayed): C:\WINDOWS\system32\SET2E9.tmp
716.079: Copied file: C:\WINDOWS\system32\riched20.dll
716.407: Copied file (delayed): C:\WINDOWS\system32\SET2EA.tmp
716.407: Copied file: C:\WINDOWS\system32\rexec.exe
716.469: Copied file: C:\WINDOWS\system32\resutils.dll
716.657: Copied file (delayed): C:\WINDOWS\system32\SET2EC.tmp
716.657: Copied file: C:\WINDOWS\system32\remotesp.tsp
716.782: Copied file: C:\WINDOWS\system32\remotepg.dll
716.797: Copied file: C:\WINDOWS\system32\regwizc.dll
716.829: Copied file: C:\WINDOWS\system32\regsvr32.exe
717.032: Copied file: C:\WINDOWS\system32\regsvc.dll
717.219: Copied file: C:\WINDOWS\system32\regapi.dll
717.438: Copied file (delayed): C:\WINDOWS\system32\SET2F2.tmp
717.438: Copied file: C:\WINDOWS\system32\reg.exe
717.485: Copied file: C:\WINDOWS\system32\rdshost.exe
717.516: Copied file: C:\WINDOWS\system32\rdsaddin.exe
717.625: Copied file: C:\WINDOWS\system32\rdpwsx.dll
717.657: Copied file: C:\WINDOWS\system32\rdpsnd.dll
717.735: Copied file: C:\WINDOWS\system32\rdpdd.dll
717.766: Copied file: C:\WINDOWS\system32\rdpclip.exe
717.813: Copied file: C:\WINDOWS\system32\rdchost.dll
717.891: Copied file: C:\WINDOWS\system32\rcp.exe
717.907: Copied file: C:\WINDOWS\system32\rcimlby.exe
717.907: Copied file: C:\WINDOWS\system32\rcbdyctl.dll
718.110: Copied file: C:\WINDOWS\system32\rastls.dll
718.438: Copied file (delayed): C:\WINDOWS\system32\SET2FE.tmp
718.438: Copied file: C:\WINDOWS\system32\rassapi.dll
718.516: Copied file: C:\WINDOWS\system32\rasppp.dll
718.782: Copied file (delayed): C:\WINDOWS\system32\SET300.tmp
718.829: Copied file: C:\WINDOWS\system32\rasphone.exe
718.938: Copied file: C:\WINDOWS\system32\rasmans.dll
719.219: Copied file (delayed): C:\WINDOWS\system32\SET302.tmp
719.219: Copied file: C:\WINDOWS\system32\raschap.dll
719.469: Copied file (delayed): C:\WINDOWS\system32\SET303.tmp
719.469: Copied file: C:\WINDOWS\system32\rasadhlp.dll
719.704: Copied file (delayed): C:\WINDOWS\system32\SET304.tmp
719.704: Copied file: C:\WINDOWS\system32\racpldlg.dll
719.750: Copied file: C:\WINDOWS\system32\query.dll
720.032: Copied file: C:\WINDOWS\system32\quartz.dll
720.250: Copied file: C:\WINDOWS\system32\qprocess.exe
720.329: Copied file: C:\WINDOWS\system32\qmgrprxy.dll
720.469: Copied file: C:\WINDOWS\system32\qedwipes.dll
720.500: Copied file: C:\WINDOWS\system32\qedit.dll
720.750: Copied file: C:\WINDOWS\system32\qdvd.dll
720.797: Copied file: C:\WINDOWS\system32\qdv.dll
720.860: Copied file: C:\WINDOWS\system32\qcap.dll
721.000: Copied file: C:\WINDOWS\system32\pstorsvc.dll
721.282: Copied file (delayed): C:\WINDOWS\system32\SET30F.tmp
721.282: Copied file: C:\WINDOWS\system32\pstorec.dll
721.391: Copied file: C:\WINDOWS\system32\psbase.dll
721.563: Copied file (delayed): C:\WINDOWS\system32\SET311.tmp
721.579: Copied file: C:\WINDOWS\system32\psapi.dll
721.813: Copied file (delayed): C:\WINDOWS\system32\SET312.tmp
721.829: Copied file: C:\WINDOWS\system32\progman.exe
721.860: Copied file: C:\WINDOWS\system32\profmap.dll
722.141: Copied file (delayed): C:\WINDOWS\system32\SET314.tmp
722.141: Copied file: C:\WINDOWS\system32\proctexe.ocx
722.235: Copied file: C:\WINDOWS\system32\powrprof.dll
722.391: Copied file (delayed): C:\WINDOWS\system32\SET316.tmp
722.407: Copied file: C:\WINDOWS\system32\powercfg.cpl
722.438: Copied file: C:\WINDOWS\system32\polstore.dll
722.563: Copied file: C:\WINDOWS\system32\pjlmon.dll
722.719: Copied file (delayed): C:\WINDOWS\system32\SET319.tmp
722.719: Copied file: C:\WINDOWS\system32\ping.exe
722.750: Copied file: C:\WINDOWS\system32\pid.dll
722.875: Copied file: C:\WINDOWS\system32\photowiz.dll
722.922: Copied file: C:\WINDOWS\system32\perfproc.dll
723.016: Copied file: C:\WINDOWS\system32\perfos.dll
723.157: Copied file: C:\WINDOWS\system32\perfnet.dll
723.157: Copied file: C:\WINDOWS\system32\perfmon.exe
723.282: Copied file: C:\WINDOWS\system32\perfdisk.dll
723.360: Copied file: C:\WINDOWS\system32\pdh.dll
723.422: Copied file: C:\WINDOWS\system32\pautoenr.dll
723.547: Copied file: C:\WINDOWS\system32\packager.exe
723.579: Copied file: C:\WINDOWS\system32\osuninst.dll
723.704: Copied file: C:\WINDOWS\system32\osk.exe
723.750: Copied file: C:\WINDOWS\system32\opengl32.dll
723.797: Copied file: C:\WINDOWS\system32\olepro32.dll
724.329: Copied file (delayed): C:\WINDOWS\system32\SET328.tmp
724.329: Copied file: C:\WINDOWS\system32\oleprn.dll
724.438: Copied file: C:\WINDOWS\system32\oledlg.dll
724.625: Copied file (delayed): C:\WINDOWS\system32\SET32A.tmp
724.625: Copied file: C:\WINDOWS\system32\olecli32.dll
724.797: Copied file (delayed): C:\WINDOWS\system32\SET32B.tmp
724.813: Copied file: C:\WINDOWS\system32\ole32.dll
725.454: Copied file (delayed): C:\WINDOWS\system32\SET32C.tmp
725.454: Copied file: C:\WINDOWS\system32\offfilt.dll
725.500: Copied file: C:\WINDOWS\system32\odtext32.dll
725.532: Copied file: C:\WINDOWS\system32\odpdx32.dll
725.641: Copied file: C:\WINDOWS\system32\odfox32.dll
725.688: Copied file: C:\WINDOWS\system32\odexl32.dll
725.813: Copied file: C:\WINDOWS\system32\oddbse32.dll
725.860: Copied file: C:\WINDOWS\system32\odbctrac.dll
726.141: Copied file (delayed): C:\WINDOWS\system32\SET333.tmp
726.141: Copied file: C:\WINDOWS\system32\odbcp32r.dll
726.266: Copied file (delayed): C:\WINDOWS\system32\SET334.tmp
726.266: Copied file: C:\WINDOWS\system32\odbcjt32.dll
726.297: Copied file: C:\WINDOWS\system32\odbcji32.dll
726.454: Copied file: C:\WINDOWS\system32\odbcint.dll
726.563: Copied file (delayed): C:\WINDOWS\system32\SET337.tmp
726.563: Copied file: C:\WINDOWS\system32\odbccu32.dll
726.688: Copied file (delayed): C:\WINDOWS\system32\SET338.tmp
726.704: Copied file: C:\WINDOWS\system32\odbccr32.dll
726.829: Copied file (delayed): C:\WINDOWS\system32\SET339.tmp
726.829: Copied file: C:\WINDOWS\system32\odbccp32.dll
727.063: Copied file (delayed): C:\WINDOWS\system32\SET33A.tmp
727.094: Copied file: C:\WINDOWS\system32\odbccp32.cpl
727.266: Copied file (delayed): C:\WINDOWS\system32\SET33B.tmp
727.266: Copied file: C:\WINDOWS\system32\odbcconf.rsp
727.297: Copied file: C:\WINDOWS\system32\odbcconf.exe
727.500: Copied file (delayed): C:\WINDOWS\system32\SET33D.tmp
727.500: Copied file: C:\WINDOWS\system32\odbcconf.dll
727.657: Copied file (delayed): C:\WINDOWS\system32\SET33E.tmp
727.672: Copied file: C:\WINDOWS\system32\odbcbcp.dll
727.844: Copied file (delayed): C:\WINDOWS\system32\SET33F.tmp
727.844: Copied file: C:\WINDOWS\system32\odbcad32.exe
727.860: Copied file: C:\WINDOWS\system32\odbc32gt.dll
728.375: Copied file (delayed): C:\WINDOWS\system32\SET341.tmp
728.454: Copied file: C:\WINDOWS\system32\odbc32.dll
728.563: Copied file (delayed): C:\WINDOWS\system32\SET342.tmp
728.563: Copied file: C:\WINDOWS\system32\ocmanage.dll
728.766: Copied file (delayed): C:\WINDOWS\system32\SET343.tmp
728.782: Copied file: C:\WINDOWS\system32\objsel.dll
728.891: Copied file: C:\WINDOWS\system32\oakley.dll
729.282: Copied file (delayed): C:\WINDOWS\system32\SET345.tmp
729.282: Copied file: C:\WINDOWS\system32\nusrmgr.cpl
729.485: Copied file: C:\WINDOWS\system32\ntvdmd.dll
729.516: Copied file: C:\WINDOWS\system32\ntshrui.dll
729.829: Copied file (delayed): C:\WINDOWS\system32\SET348.tmp
729.829: Copied file: C:\WINDOWS\system32\ntmssvc.dll
729.860: Copied file: C:\WINDOWS\system32\ntmsmgr.dll
730.125: Copied file: C:\WINDOWS\system32\ntmsdba.dll
730.188: Copied file: C:\WINDOWS\system32\ntmsapi.dll
730.235: Copied file: C:\WINDOWS\system32\ntmarta.dll
730.547: Copied file (delayed): C:\WINDOWS\system32\SET34D.tmp
730.547: Copied file: C:\WINDOWS\system32\ntlanman.dll
730.782: Copied file (delayed): C:\WINDOWS\system32\SET34E.tmp
730.782: Copied file: C:\WINDOWS\system32\ntdsapi.dll
731.157: Copied file (delayed): C:\WINDOWS\system32\SET34F.tmp
731.235: Copied file: C:\WINDOWS\system32\npptools.dll
731.282: Copied file: C:\WINDOWS\system32\notepad.exe
731.391: Copied file: C:\WINDOWS\system32\nmmkcert.dll
731.422: Copied file: C:\WINDOWS\system32\nlhtml.dll
731.454: Copied file: C:\WINDOWS\system32\newdev.dll
731.657: Copied file (delayed): C:\WINDOWS\system32\SET354.tmp
731.657: Copied file: C:\WINDOWS\system32\netui1.dll
732.047: Copied file (delayed): C:\WINDOWS\system32\SET355.tmp
732.047: Copied file: C:\WINDOWS\system32\netui0.dll
732.219: Copied file (delayed): C:\WINDOWS\system32\SET356.tmp
732.219: Copied file: C:\WINDOWS\system32\netstat.exe
732.282: Copied file: C:\WINDOWS\system32\netshell.dll
732.797: Copied file (delayed): C:\WINDOWS\system32\SET358.tmp
732.797: Copied file: C:\WINDOWS\system32\netsh.exe
733.125: Copied file: C:\WINDOWS\system32\netsetup.exe
733.188: Copied file: C:\WINDOWS\system32\netrap.dll
733.532: Copied file (delayed): C:\WINDOWS\system32\SET35B.tmp
733.532: Copied file: C:\WINDOWS\system32\netplwiz.dll
733.641: Copied file: C:\WINDOWS\system32\netman.dll
733.860: Copied file (delayed): C:\WINDOWS\system32\SET35D.tmp
733.860: Copied file: C:\WINDOWS\system32\netlogon.dll
734.282: Copied file (delayed): C:\WINDOWS\system32\SET35E.tmp
734.282: Copied file: C:\WINDOWS\system32\netid.dll
734.313: Copied file: C:\WINDOWS\system32\netdde.exe
734.329: Copied file: C:\WINDOWS\system32\netcfgx.dll
734.704: Copied file (delayed): C:\WINDOWS\system32\SET361.tmp
734.719: Copied file: C:\WINDOWS\system32\netapi32.dll
735.094: Copied file (delayed): C:\WINDOWS\system32\SET362.tmp
735.094: Copied file: C:\WINDOWS\system32\net1.exe
735.172: Copied file: C:\WINDOWS\system32\net.exe
735.329: Copied file: C:\WINDOWS\system32\ndptsp.tsp
735.438: Copied file (delayed): C:\WINDOWS\system32\SET365.tmp
735.438: Copied file: C:\WINDOWS\system32\nddenb32.dll
735.469: Copied file: C:\WINDOWS\system32\nddeapir.exe
735.579: Copied file: C:\WINDOWS\system32\nddeapi.dll
735.735: Copied file (delayed): C:\WINDOWS\system32\SET368.tmp
735.735: Copied file: C:\WINDOWS\system32\ncobjapi.dll
735.875: Copied file (delayed): C:\WINDOWS\system32\SET369.tmp
735.875: Copied file: C:\WINDOWS\system32\narrator.exe
736.172: Copied file: C:\WINDOWS\system32\mydocs.dll
736.313: Copied file (delayed): C:\WINDOWS\system32\SET36B.tmp
736.329: Copied file: C:\WINDOWS\system32\mtxoci.dll
736.438: Copied file: C:\WINDOWS\system32\mtxlegih.dll
736.485: Copied file: C:\WINDOWS\system32\mtxex.dll
736.610: Copied file: C:\WINDOWS\system32\mtxdm.dll
736.641: Copied file: C:\WINDOWS\system32\mtxclu.dll
736.844: Copied file (delayed): C:\WINDOWS\system32\SET370.tmp
736.844: Copied file: C:\WINDOWS\system32\msyuv.dll
736.985: Copied file: C:\WINDOWS\system32\msxml2.dll
737.157: Copied file: C:\WINDOWS\system32\msxml.dll
737.204: Copied file: C:\WINDOWS\system32\msxbde40.dll
737.469: Copied file: C:\WINDOWS\system32\mswstr10.dll
737.750: Copied file (delayed): C:\WINDOWS\system32\SET375.tmp
737.750: Copied file: C:\WINDOWS\system32\mswsock.dll
738.079: Copied file (delayed): C:\WINDOWS\system32\SET376.tmp
738.079: Copied file: C:\WINDOWS\system32\mswebdvd.dll
738.157: Copied file: C:\WINDOWS\system32\mswdat10.dll
738.344: Copied file: C:\WINDOWS\system32\msw3prt.dll
738.547: Copied file: C:\WINDOWS\system32\msvidctl.dll
738.688: Copied file: C:\WINDOWS\system32\msvfw32.dll
738.797: Copied file: C:\WINDOWS\system32\msvcrt40.dll
738.922: Copied file: C:\WINDOWS\system32\msvcrt.dll
739.266: Copied file (delayed): C:\WINDOWS\system32\SET37D.tmp
739.266: Copied file: C:\WINDOWS\system32\msvcp60.dll
739.766: Copied file (delayed): C:\WINDOWS\system32\SET37E.tmp
739.782: Copied file: C:\WINDOWS\system32\msvcirt.dll
739.829: Copied file: C:\WINDOWS\system32\msvbvm60.dll
739.985: Copied file: C:\WINDOWS\system32\msutb.dll
740.313: Copied file (delayed): C:\WINDOWS\system32\SET381.tmp
740.313: Copied file: C:\WINDOWS\system32\mstlsapi.dll
740.563: Copied file (delayed): C:\WINDOWS\system32\SET382.tmp
740.563: Copied file: C:\WINDOWS\system32\mstinit.exe
740.625: Copied file: C:\WINDOWS\system32\mstext40.dll
740.750: Copied file: C:\WINDOWS\system32\mstask.dll
740.829: Copied file: C:\WINDOWS\system32\msscript.ocx
740.907: Copied file: C:\WINDOWS\system32\msscds32.ax
741.172: Copied file: C:\WINDOWS\system32\msrle32.dll
741.235: Copied file: C:\WINDOWS\system32\msrepl40.dll
741.344: Copied file: C:\WINDOWS\system32\msrd3x40.dll
741.391: Copied file: C:\WINDOWS\system32\msrd2x40.dll
741.438: Copied file: C:\WINDOWS\system32\msprivs.dll
742.016: Copied file (delayed): C:\WINDOWS\system32\SET38C.tmp
742.016: Copied file: C:\WINDOWS\system32\mspbde40.dll
742.407: Copied file: C:\WINDOWS\system32\mspatcha.dll
742.688: Copied file (delayed): C:\WINDOWS\system32\SET38E.tmp
742.704: Copied file: C:\WINDOWS\system32\mspaint.exe
742.891: Copied file: C:\WINDOWS\system32\msorcl32.dll
743.094: Copied file (delayed): C:\WINDOWS\system32\SET390.tmp
743.094: Copied file: C:\WINDOWS\system32\msorc32r.dll
743.297: Copied file (delayed): C:\WINDOWS\system32\SET391.tmp
743.297: Copied file: C:\WINDOWS\system32\msoert2.dll
743.610: Copied file (delayed): C:\WINDOWS\system32\SET392.tmp
743.610: Copied file: C:\WINDOWS\system32\msoeacct.dll
743.719: Copied file: C:\WINDOWS\system32\msnsspc.dll
743.907: Copied file: C:\WINDOWS\system32\msltus40.dll
743.954: Copied file: C:\WINDOWS\system32\mslbui.dll
744.266: Copied file (delayed): C:\WINDOWS\system32\SET396.tmp
744.282: Copied file: C:\WINDOWS\system32\msjtes40.dll
744.516: Copied file (delayed): C:\WINDOWS\system32\SET397.tmp
744.516: Copied file: C:\WINDOWS\system32\msjter40.dll
744.704: Copied file (delayed): C:\WINDOWS\system32\SET398.tmp
744.719: Copied file: C:\WINDOWS\system32\msjint40.dll
744.891: Copied file (delayed): C:\WINDOWS\system32\SET399.tmp
744.907: Copied file: C:\WINDOWS\system32\msjetoledb40.dll
745.125: Copied file: C:\WINDOWS\system32\msjet40.dll
745.860: Copied file (delayed): C:\WINDOWS\system32\SET39B.tmp
745.891: Copied file: C:\WINDOWS\system32\msimtf.dll
746.360: Copied file (delayed): C:\WINDOWS\system32\SET39C.tmp
746.375: Copied file: C:\WINDOWS\system32\msimg32.dll
746.547: Copied file (delayed): C:\WINDOWS\system32\SET39D.tmp
746.547: Copied file: C:\WINDOWS\system32\msieftp.dll
746.594: Copied file: C:\WINDOWS\system32\msidle.dll
746.782: Copied file (delayed): C:\WINDOWS\system32\SET39F.tmp
746.782: Copied file: C:\WINDOWS\system32\msident.dll
746.875: Copied file: C:\WINDOWS\system32\msh263.drv
746.922: Copied file: C:\WINDOWS\system32\msh261.drv
747.250: Copied file: C:\WINDOWS\system32\msgina.dll
747.454: Copied file (delayed): C:\WINDOWS\system32\SET3A3.tmp
747.500: Copied file: C:\WINDOWS\system32\msexcl40.dll
747.563: Copied file: C:\WINDOWS\system32\msexch40.dll
747.672: Copied file: C:\WINDOWS\system32\msdxmlc.dll
747.844: Copied file: C:\WINDOWS\system32\msdxm.ocx
747.938: Copied file: C:\WINDOWS\system32\msdtcuiu.dll
748.563: Copied file: C:\WINDOWS\system32\msdtctm.dll
748.735: Copied file: C:\WINDOWS\system32\msdtcprx.dll
748.766: Copied file: C:\WINDOWS\system32\msdtclog.dll
748.938: Copied file: C:\WINDOWS\system32\msdtc.exe
748.985: Copied file: C:\WINDOWS\system32\msdmo.dll
749.188: Copied file (delayed): C:\WINDOWS\system32\SET3AD.tmp
749.188: Copied file: C:\WINDOWS\system32\msdatsrc.tlb
749.266: Copied file: C:\WINDOWS\system32\msdart.dll
749.375: Copied file (delayed): C:\WINDOWS\system32\SET3AF.tmp
749.391: Copied file: C:\WINDOWS\system32\msctfp.dll
749.422: Copied file: C:\WINDOWS\system32\msctf.dll
749.829: Copied file (delayed): C:\WINDOWS\system32\SET3B1.tmp
749.829: Copied file: C:\WINDOWS\system32\mscpxl32.dll
750.063: Copied file (delayed): C:\WINDOWS\system32\SET3B2.tmp
750.079: Copied file: C:\WINDOWS\system32\mscpx32r.dll
750.204: Copied file (delayed): C:\WINDOWS\system32\SET3B3.tmp
750.204: Copied file: C:\WINDOWS\system32\msconf.dll
750.235: Copied file: C:\WINDOWS\system32\mscms.dll
750.422: Copied file (delayed): C:\WINDOWS\system32\SET3B5.tmp
750.422: Copied file: C:\WINDOWS\system32\msasn1.dll
750.625: Copied file (delayed): C:\WINDOWS\system32\SET3B6.tmp
750.625: Copied file: C:\WINDOWS\system32\msapsspc.dll
750.688: Copied file: C:\WINDOWS\system32\msafd.dll
750.719: Copied file: C:\WINDOWS\system32\msadp32.acm
750.813: Copied file: C:\WINDOWS\system32\msadds32.ax
750.844: Copied file: C:\WINDOWS\system32\msacm32.dll
751.360: Copied file (delayed): C:\WINDOWS\system32\SET3BB.tmp
751.360: Copied file: C:\WINDOWS\system32\mprdim.dll
751.438: Copied file: C:\WINDOWS\system32\mprapi.dll
751.625: Copied file (delayed): C:\WINDOWS\system32\SET3BD.tmp
751.625: Copied file: C:\WINDOWS\system32\mpr.dll
751.891: Copied file (delayed): C:\WINDOWS\system32\SET3BE.tmp
751.891: Copied file: C:\WINDOWS\system32\mplay32.exe
751.954: Copied file: C:\WINDOWS\system32\mpg4ds32.ax
751.985: Copied file: C:\WINDOWS\system32\mpg2splt.ax
752.204: Copied file: C:\WINDOWS\system32\moricons.dll
752.235: Copied file: C:\WINDOWS\system32\more.com
752.407: Copied file: C:\WINDOWS\system32\modemui.dll
752.516: Copied file (delayed): C:\WINDOWS\system32\SET3C4.tmp
752.516: Copied file: C:\WINDOWS\system32\mobsync.exe
752.547: Copied file: C:\WINDOWS\system32\mobsync.dll
752.594: Copied file: C:\WINDOWS\system32\mnmsrvc.exe
752.813: Copied file: C:\WINDOWS\system32\mnmdd.dll
752.938: Copied file: C:\WINDOWS\system32\mmsys.cpl
753.000: Copied file: C:\WINDOWS\system32\mmfutil.dll
753.297: Copied file: C:\WINDOWS\system32\mmcshext.dll
753.375: Copied file: C:\WINDOWS\system32\mmcndmgr.dll
753.625: Copied file: C:\WINDOWS\system32\mmcbase.dll
753.750: Copied file: C:\WINDOWS\system32\mmc.exe
753.875: Copied file: C:\WINDOWS\system32\mlang.dll
754.719: Copied file (delayed): C:\WINDOWS\system32\SET3CF.tmp
754.735: Copied file: C:\WINDOWS\system32\mimefilt.dll
754.797: Copied file: C:\WINDOWS\system32\miglibnt.dll
754.938: Copied file: C:\WINDOWS\system32\midimap.dll
755.282: Copied file (delayed): C:\WINDOWS\system32\SET3D2.tmp
755.282: Copied file: C:\WINDOWS\system32\mfcsubs.dll
755.422: Copied file (delayed): C:\WINDOWS\system32\SET3D3.tmp
755.438: Copied file: C:\WINDOWS\system32\mfc42u.dll
755.844: Copied file (delayed): C:\WINDOWS\system32\SET3D4.tmp
755.844: Copied file: C:\WINDOWS\system32\mfc42.dll
756.375: Copied file (delayed): C:\WINDOWS\system32\SET3D5.tmp
756.375: Copied file: C:\WINDOWS\system32\mfc40u.dll
756.516: Copied file: C:\WINDOWS\system32\mf3216.dll
756.563: Copied file: C:\WINDOWS\system32\mdminst.dll
756.782: Copied file (delayed): C:\WINDOWS\system32\SET3D8.tmp
756.782: Copied file: C:\WINDOWS\system32\mciwave.dll
756.954: Copied file: C:\WINDOWS\system32\mciseq.dll
757.079: Copied file: C:\WINDOWS\system32\mciqtz32.dll
757.219: Copied file: C:\WINDOWS\system32\mciavi32.dll
757.282: Copied file: C:\WINDOWS\system32\mcastmib.dll
757.422: Copied file: C:\WINDOWS\system32\makecab.exe
757.469: Copied file: C:\WINDOWS\system32\magnify.exe
757.579: Copied file: C:\WINDOWS\system32\lsass.exe
757.766: Copied file (delayed): C:\WINDOWS\system32\SET3E0.tmp
757.797: Copied file: C:\WINDOWS\system32\lprhelp.dll
757.813: Copied file: C:\WINDOWS\system32\lpk.dll
757.907: Copied file: C:\WINDOWS\system32\logonui.exe
758.032: Copied file: C:\WINDOWS\system32\logon.scr
758.204: Copied file: C:\WINDOWS\system32\localui.dll
758.219: Copied file: C:\WINDOWS\system32\localsec.dll
758.422: Copied file: C:\WINDOWS\system32\loadperf.dll
758.641: Copied file (delayed): C:\WINDOWS\system32\SET3E7.tmp
758.657: Copied file: C:\WINDOWS\system32\lmrt.dll
758.704: Copied file: C:\WINDOWS\system32\linkinfo.dll
759.157: Copied file (delayed): C:\WINDOWS\system32\SET3E9.tmp
759.188: Copied file: C:\WINDOWS\system32\licwmi.dll
759.438: Copied file: C:\WINDOWS\system32\licdll.dll
759.969: Copied file: C:\WINDOWS\system32\ksuser.dll
760.141: Copied file: C:\WINDOWS\system32\ksproxy.ax
760.485: Copied file: C:\WINDOWS\system32\kmddsp.tsp
760.938: Copied file (delayed): C:\WINDOWS\system32\SET3EE.tmp
760.938: Copied file: C:\WINDOWS\system32\keymgr.dll
761.235: Copied file: C:\WINDOWS\system32\kerberos.dll
761.954: Copied file (delayed): C:\WINDOWS\system32\SET3F0.tmp
762.110: Copied file: C:\WINDOWS\system32\kd1394.dll
762.313: Copied file: C:\WINDOWS\system32\kbdnec.dll
762.375: Copied file: C:\WINDOWS\system32\joy.cpl
762.500: Copied file: C:\WINDOWS\system32\jgpl400.dll
762.532: Copied file: C:\WINDOWS\system32\jgdw400.dll
762.579: Copied file: C:\WINDOWS\system32\iyuv_32.dll
762.719: Copied file: C:\WINDOWS\system32\ixsso.dll
762.750: Copied file: C:\WINDOWS\system32\itss.dll
762.782: Copied file: C:\WINDOWS\system32\itircl.dll
762.922: Copied file: C:\WINDOWS\system32\isrdbg32.dll
763.125: Copied file: C:\WINDOWS\system32\isign32.dll
763.188: Copied file: C:\WINDOWS\system32\ipxwan.dll
763.329: Copied file: C:\WINDOWS\system32\ipxroute.exe
763.422: Copied file: C:\WINDOWS\system32\ipv6mon.dll
763.500: Copied file: C:\WINDOWS\system32\ipv6.exe
763.547: Copied file: C:\WINDOWS\system32\ipsmsnap.dll
763.594: Copied file: C:\WINDOWS\system32\ipsecsvc.dll
763.875: Copied file (delayed): C:\WINDOWS\system32\SET401.tmp
763.875: Copied file: C:\WINDOWS\system32\ipsecsnp.dll
763.938: Copied file: C:\WINDOWS\system32\iprtrmgr.dll
763.969: Copied file: C:\WINDOWS\system32\ippromon.dll
764.282: Copied file: C:\WINDOWS\system32\ipnathlp.dll
764.563: Copied file (delayed): C:\WINDOWS\system32\SET405.tmp
764.563: Copied file: C:\WINDOWS\system32\ipmontr.dll
764.610: Copied file: C:\WINDOWS\system32\iphlpapi.dll
765.016: Copied file (delayed): C:\WINDOWS\system32\SET407.tmp
765.016: Copied file: C:\WINDOWS\system32\ipconfig.exe
765.079: Copied file: C:\WINDOWS\system32\ipconf.tsp
765.219: Copied file (delayed): C:\WINDOWS\system32\SET409.tmp
765.235: Copied file: C:\WINDOWS\system32\intl.cpl
765.375: Copied file: C:\WINDOWS\system32\input.dll
765.422: Copied file: C:\WINDOWS\system32\initpki.dll
765.469: Copied file: C:\WINDOWS\system32\inetres.dll
765.750: Copied file (delayed): C:\WINDOWS\system32\SET40D.tmp
765.750: Copied file: C:\WINDOWS\system32\inetppui.dll
765.782: Copied file: C:\WINDOWS\system32\inetpp.dll
766.125: Copied file (delayed): C:\WINDOWS\system32\SET40F.tmp
766.125: Copied file: C:\WINDOWS\system32\inetmib1.dll
766.454: Copied file (delayed): C:\WINDOWS\system32\SET410.tmp
766.454: Copied file: C:\WINDOWS\system32\inetcomm.dll
766.782: Copied file (delayed): C:\WINDOWS\system32\SET411.tmp
766.797: Copied file: C:\WINDOWS\system32\inetcfg.dll
766.844: Copied file: C:\WINDOWS\system32\imm32.dll
767.219: Copied file (delayed): C:\WINDOWS\system32\SET413.tmp
767.235: Copied file: C:\WINDOWS\system32\imeshare.dll
767.407: Copied file: C:\WINDOWS\system32\imapi.exe
767.688: Copied file: C:\WINDOWS\system32\imaadp32.acm
767.750: Copied file: C:\WINDOWS\system32\ils.dll
767.813: Copied file: C:\WINDOWS\system32\igmpagnt.dll
767.954: Copied file: C:\WINDOWS\system32\ifmon.dll
768.032: Copied file: C:\WINDOWS\system32\iexpress.exe
768.094: Copied file: C:\WINDOWS\system32\idq.dll
768.422: Copied file: C:\WINDOWS\system32\icwphbk.dll
768.438: Copied file: C:\WINDOWS\system32\icwdial.dll
768.610: Copied file: C:\WINDOWS\system32\icmp.dll
768.641: Copied file: C:\WINDOWS\system32\icm32.dll
768.860: Copied file (delayed): C:\WINDOWS\system32\SET41F.tmp
768.860: Copied file: C:\WINDOWS\system32\iccvid.dll
768.891: Copied file: C:\WINDOWS\system32\icaapi.dll
769.266: Copied file (delayed): C:\WINDOWS\system32\SET421.tmp
769.266: Copied file: C:\WINDOWS\system32\iasrad.dll
769.313: Copied file: C:\WINDOWS\system32\hypertrm.dll
769.610: Copied file: C:\WINDOWS\system32\htui.dll
769.750: Copied file: C:\WINDOWS\system32\hotplug.dll
769.829: Copied file: C:\WINDOWS\system32\homepage.inf
769.938: Copied file: C:\WINDOWS\system32\hnetwiz.dll
769.985: Copied file: C:\WINDOWS\system32\hnetcfg.dll
770.422: Copied file (delayed): C:\WINDOWS\system32\SET428.tmp
770.438: Copied file: C:\WINDOWS\system32\hlink.dll
770.594: Copied file: C:\WINDOWS\system32\hidserv.dll
770.797: Copied file (delayed): C:\WINDOWS\system32\SET42A.tmp
770.797: Copied file: C:\WINDOWS\system32\hidphone.tsp
771.047: Copied file (delayed): C:\WINDOWS\system32\SET42B.tmp
771.079: Copied file: C:\WINDOWS\system32\hid.dll
771.188: Copied file (delayed): C:\WINDOWS\system32\SET42C.tmp
771.188: Copied file: C:\WINDOWS\system32\hhsetup.dll
771.235: Copied file: C:\WINDOWS\system32\hhctrl.ocx
771.375: Copied file: C:\WINDOWS\system32\help.exe
771.438: Copied file: C:\WINDOWS\system32\hdwwiz.cpl
771.594: Copied file: C:\WINDOWS\system32\h323msp.dll
771.688: Copied file: C:\WINDOWS\system32\h323.tsp
772.297: Copied file (delayed): C:\WINDOWS\system32\SET432.tmp
772.313: Copied file: C:\WINDOWS\system32\grpconv.exe
772.375: Copied file: C:\WINDOWS\system32\gpkrsrc.dll
772.454: Copied file: C:\WINDOWS\system32\glu32.dll
772.485: Copied file: C:\WINDOWS\system32\gdi32.dll
772.625: Copied file (delayed): C:\WINDOWS\system32\SET436.tmp
772.657: Copied file: C:\WINDOWS\system32\fxsxp32.dll
772.704: Copied file: C:\WINDOWS\system32\fxswzrd.dll
772.829: Copied file: C:\WINDOWS\system32\fxsui.dll
772.969: Copied file: C:\WINDOWS\system32\fxstiff.dll
773.000: Copied file: C:\WINDOWS\system32\fxst30.dll
773.188: Copied file: C:\WINDOWS\system32\fxssvc.exe
773.235: Copied file: C:\WINDOWS\system32\fxsst.dll
773.610: Copied file (delayed): C:\WINDOWS\system32\SET43D.tmp
773.625: Copied file: C:\WINDOWS\system32\fxsres.dll
773.829: Copied file: C:\WINDOWS\system32\fxsperf.dll
773.829: Copied file: C:\WINDOWS\system32\fxsmon.dll
774.297: Copied file (delayed): C:\WINDOWS\system32\SET440.tmp
774.297: Copied file: C:\WINDOWS\system32\fxsext32.dll
774.344: Copied file: C:\WINDOWS\system32\fxsevent.dll
774.516: Copied file (delayed): C:\WINDOWS\system32\SET442.tmp
774.516: Copied file: C:\WINDOWS\system32\fxsdrv.dll
774.625: Copied file: C:\WINDOWS\system32\fxscover.exe
774.672: Copied file: C:\WINDOWS\system32\fxscomex.dll
774.704: Copied file: C:\WINDOWS\system32\fxscom.dll
774.922: Copied file: C:\WINDOWS\system32\fxsclnt.exe
775.016: Copied file: C:\WINDOWS\system32\fxsapi.dll
775.360: Copied file (delayed): C:\WINDOWS\system32\SET448.tmp
775.375: Copied file: C:\WINDOWS\system32\framebuf.dll
775.407: Copied file: C:\WINDOWS\system32\forcedos.exe
775.438: Copied file: C:\WINDOWS\system32\fontview.exe
775.547: Copied file: C:\WINDOWS\system32\fontsub.dll
775.579: Copied file: C:\WINDOWS\system32\fontext.dll
775.750: Copied file: C:\WINDOWS\system32\fldrclnr.dll
775.813: Copied file: C:\WINDOWS\system32\findstr.exe
775.860: Copied file: C:\WINDOWS\system32\filemgmt.dll
776.110: Copied file: C:\WINDOWS\system32\feclient.dll
776.360: Copied file (delayed): C:\WINDOWS\system32\SET451.tmp
776.360: Copied file: C:\WINDOWS\system32\faultrep.dll
776.469: Copied file: C:\WINDOWS\system32\exts.dll
776.516: Copied file: C:\WINDOWS\system32\extrac32.exe
776.579: Copied file: C:\WINDOWS\system32\expsrv.dll
776.844: Copied file (delayed): C:\WINDOWS\system32\SET455.tmp
776.844: Copied file: C:\WINDOWS\system32\eventlog.dll
777.219: Copied file (delayed): C:\WINDOWS\system32\SET456.tmp
777.219: Copied file: C:\WINDOWS\system32\eudcedit.exe
777.391: Copied file: C:\WINDOWS\system32\esent.dll
777.829: Copied file (delayed): C:\WINDOWS\system32\SET458.tmp
777.844: Copied file: C:\WINDOWS\system32\es.dll
778.610: Copied file (delayed): C:\WINDOWS\system32\SET459.tmp
778.610: Copied file: C:\WINDOWS\system32\ersvc.dll
778.797: Copied file (delayed): C:\WINDOWS\system32\SET45A.tmp
778.813: Copied file: C:\WINDOWS\system32\els.dll
778.891: Copied file: C:\WINDOWS\system32\dxmasf.dll
779.016: Copied file: C:\WINDOWS\system32\dxdiag.exe
779.344: Copied file: C:\WINDOWS\system32\dx8vb.dll
779.438: Copied file: C:\WINDOWS\system32\dx7vb.dll
779.657: Copied file: C:\WINDOWS\system32\dwwin.exe
779.719: Copied file: C:\WINDOWS\system32\dvdupgrd.exe
779.782: Copied file: C:\WINDOWS\system32\duser.dll
780.110: Copied file (delayed): C:\WINDOWS\system32\SET462.tmp
780.125: Copied file: C:\WINDOWS\system32\dumprep.exe
780.157: Copied file: C:\WINDOWS\system32\dswave.dll
780.188: Copied file: C:\WINDOWS\system32\dsuiext.dll
780.329: Copied file: C:\WINDOWS\system32\dssenh.dll
780.500: Copied file (delayed): C:\WINDOWS\system32\SET466.tmp
780.516: Copied file: C:\WINDOWS\system32\dssec.dll
780.610: Copied file: C:\WINDOWS\system32\dsquery.dll
780.719: Copied file: C:\WINDOWS\system32\dsprop.dll
780.735: Copied file: C:\WINDOWS\system32\dsound3d.dll
780.969: Copied file: C:\WINDOWS\system32\dsound.dll
781.313: Copied file (delayed): C:\WINDOWS\system32\SET46B.tmp
781.344: Copied file: C:\WINDOWS\system32\dskquoui.dll
781.422: Copied file: C:\WINDOWS\system32\dskquota.dll
781.532: Copied file: C:\WINDOWS\system32\dsdmoprp.dll
781.594: Copied file: C:\WINDOWS\system32\dsdmo.dll
781.750: Copied file: C:\WINDOWS\system32\ds32gt.dll
781.782: Copied file: C:\WINDOWS\system32\drprov.dll
781.922: Copied file (delayed): C:\WINDOWS\system32\SET471.tmp
781.922: Copied file: C:\WINDOWS\system32\dpwsockx.dll
782.079: Copied file: C:\WINDOWS\system32\dpvvox.dll
782.094: Copied file: C:\WINDOWS\system32\dpvsetup.exe
782.204: Copied file: C:\WINDOWS\system32\dpvoice.dll
782.250: Copied file: C:\WINDOWS\system32\dpvacm.dll
782.329: Copied file: C:\WINDOWS\system32\dpnsvr.exe
782.438: Copied file: C:\WINDOWS\system32\dpnlobby.dll
782.485: Copied file: C:\WINDOWS\system32\dpnhupnp.dll
782.563: Copied file: C:\WINDOWS\system32\dpnhpast.dll
782.610: Copied file: C:\WINDOWS\system32\dpnet.dll
782.641: Copied file: C:\WINDOWS\system32\dpnaddr.dll
782.860: Copied file: C:\WINDOWS\system32\dpmodemx.dll
782.875: Copied file: C:\WINDOWS\system32\dplayx.dll
782.907: Copied file: C:\WINDOWS\system32\dplaysvr.exe
783.032: Copied file: C:\WINDOWS\system32\docprop2.dll
783.094: Copied file: C:\WINDOWS\system32\dnsrslvr.dll
783.266: Copied file (delayed): C:\WINDOWS\system32\SET481.tmp
783.266: Copied file: C:\WINDOWS\system32\dnsapi.dll
783.563: Copied file (delayed): C:\WINDOWS\system32\SET482.tmp
783.563: Copied file: C:\WINDOWS\system32\dmutil.dll
783.594: Copied file: C:\WINDOWS\system32\dmusic.dll
783.704: Copied file: C:\WINDOWS\system32\dmsynth.dll
783.750: Copied file: C:\WINDOWS\system32\dmstyle.dll
783.782: Copied file: C:\WINDOWS\system32\dmserver.dll
784.110: Copied file: C:\WINDOWS\system32\dmscript.dll
784.141: Copied file: C:\WINDOWS\system32\dmremote.exe
784.172: Copied file: C:\WINDOWS\system32\dmloader.dll
784.438: Copied file: C:\WINDOWS\system32\dmime.dll
784.485: Copied file: C:\WINDOWS\system32\dmdskmgr.dll
784.641: Copied file: C:\WINDOWS\system32\dmdlgs.dll
784.704: Copied file: C:\WINDOWS\system32\dmcompos.dll
784.719: Copied file: C:\WINDOWS\system32\dmband.dll
784.844: Copied file: C:\WINDOWS\system32\dmadmin.exe
784.891: Copied file: C:\WINDOWS\system32\dllhost.exe
785.204: Copied file: C:\WINDOWS\system32\dispex.dll
785.250: Copied file: C:\WINDOWS\system32\diskpart.exe
785.282: Copied file: C:\WINDOWS\system32\diskcopy.dll
785.547: Copied file: C:\WINDOWS\system32\dinput8.dll
785.563: Copied file: C:\WINDOWS\system32\dinput.dll
785.750: Copied file: C:\WINDOWS\system32\digest.dll
785.782: Copied file: C:\WINDOWS\system32\diantz.exe
785.813: Copied file: C:\WINDOWS\system32\dhcpmon.dll
785.922: Copied file: C:\WINDOWS\system32\dgnet.dll
785.938: Copied file: C:\WINDOWS\system32\dfsshlex.dll
786.079: Copied file: C:\WINDOWS\system32\dfrgui.dll
786.125: Copied file: C:\WINDOWS\system32\dfrgsnap.dll
786.172: Copied file: C:\WINDOWS\system32\dfrgntfs.exe
786.266: Copied file: C:\WINDOWS\system32\dfrgfat.exe
786.297: Copied file: C:\WINDOWS\system32\devmgr.dll
786.438: Copied file: C:\WINDOWS\system32\devenum.dll
786.469: Copied file: C:\WINDOWS\system32\defrag.exe
786.641: Copied file: C:\WINDOWS\system32\ddrawex.dll
786.688: Copied file: C:\WINDOWS\system32\ddraw.dll
786.719: Copied file: C:\WINDOWS\system32\ddeshare.exe
786.891: Copied file: C:\WINDOWS\system32\dcomcnfg.exe
786.938: Copied file: C:\WINDOWS\system32\dciman32.dll
787.094: Copied file: C:\WINDOWS\system32\dcache.bin
787.110: Copied file: C:\WINDOWS\system32\dbnmpntw.dll
787.157: Copied file: C:\WINDOWS\system32\dbnetlib.dll
787.219: Copied file: C:\WINDOWS\system32\dbmsrpcn.dll
787.344: Copied file: C:\WINDOWS\system32\dbghelp.dll
787.688: Copied file (delayed): C:\WINDOWS\system32\SET4AC.tmp
787.704: Copied file: C:\WINDOWS\system32\daxctle.ocx
787.750: Copied file: C:\WINDOWS\system32\davclnt.dll
788.079: Copied file (delayed): C:\WINDOWS\system32\SET4AE.tmp
788.079: Copied file: C:\WINDOWS\system32\datime.dll
788.110: Copied file: C:\WINDOWS\system32\dataclen.dll
788.172: Copied file: C:\WINDOWS\system32\danim.dll
788.594: Copied file: C:\WINDOWS\system32\d3dim700.dll
788.641: Copied file: C:\WINDOWS\system32\d3d8thk.dll
788.719: Copied file: C:\WINDOWS\system32\d3d8.dll
788.907: Copied file: C:\WINDOWS\system32\ctfmon.exe
789.235: Copied file (delayed): C:\WINDOWS\system32\SET4B5.tmp
789.235: Copied file: C:\WINDOWS\system32\csrss.exe
789.391: Copied file (delayed): C:\WINDOWS\system32\SET4B6.tmp
789.407: Copied file: C:\WINDOWS\system32\cscui.dll
789.750: Copied file (delayed): C:\WINDOWS\system32\SET4B7.tmp
789.750: Copied file: C:\WINDOWS\system32\cscript.exe
789.782: Copied file: C:\WINDOWS\system32\cscdll.dll
790.141: Copied file (delayed): C:\WINDOWS\system32\SET4B9.tmp
790.141: Copied file: C:\WINDOWS\system32\cryptui.dll
790.422: Copied file (delayed): C:\WINDOWS\system32\SET4BA.tmp
790.422: Copied file: C:\WINDOWS\system32\cryptsvc.dll
790.735: Copied file (delayed): C:\WINDOWS\system32\SET4BB.tmp
790.735: Copied file: C:\WINDOWS\system32\cryptnet.dll
790.922: Copied file (delayed): C:\WINDOWS\system32\SET4BC.tmp
790.922: Copied file: C:\WINDOWS\system32\cryptext.dll
791.000: Copied file: C:\WINDOWS\system32\cryptdll.dll
791.235: Copied file (delayed): C:\WINDOWS\system32\SET4BE.tmp
791.235: Copied file: C:\WINDOWS\system32\cryptdlg.dll
791.329: Copied file: C:\WINDOWS\system32\crypt32.dll
791.641: Copied file (delayed): C:\WINDOWS\system32\SET4C0.tmp
791.657: Copied file: C:\WINDOWS\system32\credui.dll
792.157: Copied file (delayed): C:\WINDOWS\system32\SET4C1.tmp
792.157: Copied file: C:\WINDOWS\system32\conime.exe
792.297: Copied file (delayed): C:\WINDOWS\system32\SET4C2.tmp
792.313: Copied file: C:\WINDOWS\system32\confmsp.dll
792.360: Copied file: C:\WINDOWS\system32\comuid.dll
792.438: Copied file: C:\WINDOWS\system32\comsvcs.dll
793.094: Copied file (delayed): C:\WINDOWS\system32\SET4C5.tmp
793.094: Copied file: C:\WINDOWS\system32\comsnap.dll
793.250: Copied file: C:\WINDOWS\system32\comres.dll
793.797: Copied file (delayed): C:\WINDOWS\system32\SET4C7.tmp
793.797: Copied file: C:\WINDOWS\system32\comrepl.dll
793.985: Copied file: C:\WINDOWS\system32\compstui.dll
794.172: Copied file: C:\WINDOWS\system32\compatui.dll
794.219: Copied file: C:\WINDOWS\system32\comaddin.dll
794.407: Copied file: C:\WINDOWS\system32\colbact.dll
794.594: Copied file (delayed): C:\WINDOWS\system32\SET4CC.tmp
794.594: Copied file: C:\WINDOWS\system32\cnbjmon.dll
794.782: Copied file (delayed): C:\WINDOWS\system32\SET4CD.tmp
794.797: Copied file: C:\WINDOWS\system32\cmutil.dll
794.891: Copied file: C:\WINDOWS\system32\cmstp.exe
794.922: Copied file: C:\WINDOWS\system32\cmprops.dll
795.110: Copied file: C:\WINDOWS\system32\cmmon32.exe
795.125: Copied file: C:\WINDOWS\system32\cmdl32.exe
795.250: Copied file: C:\WINDOWS\system32\cmdial32.dll
795.313: Copied file: C:\WINDOWS\system32\cmcfg32.dll
795.500: Copied file: C:\WINDOWS\system32\clusapi.dll
795.704: Copied file (delayed): C:\WINDOWS\system32\SET4D5.tmp
795.704: Copied file: C:\WINDOWS\system32\clipsrv.exe
795.735: Copied file: C:\WINDOWS\system32\clipbrd.exe
795.844: Copied file: C:\WINDOWS\system32\cliconfg.rll
795.875: Copied file: C:\WINDOWS\system32\cliconfg.exe
795.907: Copied file: C:\WINDOWS\system32\cliconfg.dll
796.094: Copied file: C:\WINDOWS\system32\cleanmgr.exe
796.172: Copied file: C:\WINDOWS\system32\clbcatq.dll
796.516: Copied file (delayed): C:\WINDOWS\system32\SET4DC.tmp
796.532: Copied file: C:\WINDOWS\system32\clbcatex.dll
796.579: Copied file: C:\WINDOWS\system32\cisvc.exe
796.641: Copied file: C:\WINDOWS\system32\ciodm.dll
796.766: Copied file: C:\WINDOWS\system32\cic.dll
796.797: Copied file: C:\WINDOWS\system32\cfgmgr32.dll
797.110: Copied file (delayed): C:\WINDOWS\system32\SET4E1.tmp
797.110: Copied file: C:\WINDOWS\system32\cfgbkend.dll
797.172: Copied file: C:\WINDOWS\system32\certmgr.dll
797.204: Copied file: C:\WINDOWS\system32\certcli.dll
797.407: Copied file (delayed): C:\WINDOWS\system32\SET4E4.tmp
797.407: Copied file: C:\WINDOWS\system32\cdosys.dll
797.844: Copied file: C:\WINDOWS\system32\cdfview.dll
797.875: Copied file: C:\WINDOWS\system32\catsrvut.dll
798.360: Copied file (delayed): C:\WINDOWS\system32\SET4E7.tmp
798.391: Copied file: C:\WINDOWS\system32\catsrvps.dll
798.485: Copied file: C:\WINDOWS\system32\catsrv.dll
798.688: Copied file (delayed): C:\WINDOWS\system32\SET4E9.tmp
798.688: Copied file: C:\WINDOWS\system32\capesnpn.dll
798.719: Copied file: C:\WINDOWS\system32\camocx.dll
798.891: Copied file: C:\WINDOWS\system32\cabview.dll
798.938: Copied file: C:\WINDOWS\system32\cabinet.dll
799.250: Copied file (delayed): C:\WINDOWS\system32\SET4ED.tmp
799.297: Copied file: C:\WINDOWS\system32\browsewm.dll
799.329: Copied file: C:\WINDOWS\system32\browseui.dll
799.782: Copied file (delayed): C:\WINDOWS\system32\SET4EF.tmp
799.797: Copied file: C:\WINDOWS\system32\browser.dll
800.157: Copied file (delayed): C:\WINDOWS\system32\SET4F0.tmp
800.157: Copied file: C:\WINDOWS\system32\browselc.dll
800.375: Copied file (delayed): C:\WINDOWS\system32\SET4F1.tmp
800.375: Copied file: C:\WINDOWS\system32\bidispl.dll
800.438: Copied file: C:\WINDOWS\system32\batt.dll
800.516: Copied file: C:\WINDOWS\system32\batmeter.dll
800.688: Copied file (delayed): C:\WINDOWS\system32\SET4F4.tmp
800.688: Copied file: C:\WINDOWS\system32\basesrv.dll
800.860: Copied file (delayed): C:\WINDOWS\system32\SET4F5.tmp
800.860: Copied file: C:\WINDOWS\system32\avifil32.dll
800.922: Copied file: C:\WINDOWS\system32\autolfn.exe
800.954: Copied file: C:\WINDOWS\system32\autofmt.exe
801.235: Copied file: C:\WINDOWS\system32\authz.dll
801.422: Copied file (delayed): C:\WINDOWS\system32\SET4F9.tmp
801.422: Copied file: C:\WINDOWS\system32\audiosrv.dll
801.610: Copied file (delayed): C:\WINDOWS\system32\SET4FA.tmp
801.625: Copied file: C:\WINDOWS\system32\attrib.exe
801.735: Copied file: C:\WINDOWS\system32\atmlib.dll
801.766: Copied file: C:\WINDOWS\system32\atmadm.exe
801.844: Copied file: C:\WINDOWS\system32\at.exe
801.860: Copied file: C:\WINDOWS\system32\asycfilt.dll
801.954: Copied file: C:\WINDOWS\system32\asctrls.ocx
801.985: Copied file: C:\WINDOWS\system32\appwiz.cpl
802.125: Copied file: C:\WINDOWS\system32\apphelp.dll
802.407: Copied file (delayed): C:\WINDOWS\system32\SET502.tmp
802.407: Copied file: C:\WINDOWS\system32\amstream.dll
802.610: Copied file: C:\WINDOWS\system32\alrsvc.dll
802.641: Copied file: C:\WINDOWS\system32\alg.exe
802.891: Copied file (delayed): C:\WINDOWS\system32\SET505.tmp
802.891: Copied file: C:\WINDOWS\system32\ahui.exe
802.907: Copied file: C:\WINDOWS\system32\adsnt.dll
802.954: Copied file: C:\WINDOWS\system32\adsmsext.dll
803.188: Copied file: C:\WINDOWS\system32\adsldpc.dll
803.532: Copied file (delayed): C:\WINDOWS\system32\SET509.tmp
803.532: Copied file: C:\WINDOWS\system32\adsldp.dll
803.563: Copied file: C:\WINDOWS\system32\actxprxy.dll
803.938: Copied file (delayed): C:\WINDOWS\system32\SET50B.tmp
803.985: Copied file: C:\WINDOWS\system32\actmovie.exe
804.032: Copied file: C:\WINDOWS\system32\activeds.dll
804.360: Copied file (delayed): C:\WINDOWS\system32\SET50D.tmp
804.407: Copied file: C:\WINDOWS\system32\aclui.dll
804.516: Copied file: C:\WINDOWS\system32\accwiz.exe
804.563: Copied file: C:\WINDOWS\system32\access.cpl
804.610: Copied file: C:\WINDOWS\system32\6to4svc.dll
804.782: Copied file: C:\WINDOWS\System\winspool.drv
804.829: Copied file: C:\WINDOWS\system32\usmt\usmtdef.inf
805.047: Copied file: C:\WINDOWS\system32\usmt\sysmod.dll
805.110: Copied file: C:\WINDOWS\system32\usmt\sysfiles.inf
805.219: Copied file: C:\WINDOWS\system32\usmt\script.dll
805.438: MainQueue: no source component migwiz.manifest
805.454: Copied file: C:\WINDOWS\system32\usmt\migwiz.inf
805.469: Copied file: C:\WINDOWS\system32\usmt\migwiz.exe
805.594: Copied file: C:\WINDOWS\system32\usmt\miguser.inf
805.594: Copied file: C:\WINDOWS\system32\usmt\migsys.inf
805.610: Copied file: C:\WINDOWS\system32\usmt\migload.exe
805.829: Copied file: C:\WINDOWS\system32\usmt\migism.inf
805.891: Copied file: C:\WINDOWS\system32\usmt\migism.dll
806.110: Copied file: C:\WINDOWS\system32\usmt\migapp.inf
806.141: Copied file: C:\WINDOWS\system32\usmt\log.dll
806.204: Copied file: C:\WINDOWS\system32\usmt\iconlib.dll
806.329: Copied file: C:\WINDOWS\system32\usmt\guitrn.dll
806.454: Copied file: C:\WINDOWS\system32\oobe\phone.inf
806.547: Copied file: C:\WINDOWS\system32\oobe\oobeinfo.ini
806.547: Copied file: C:\WINDOWS\system32\oobe\oobebaln.exe
806.579: Copied file: C:\WINDOWS\system32\oobe\msoobe.exe
806.719: Copied file: C:\WINDOWS\system32\oobe\msobweb.dll
806.750: Copied file: C:\WINDOWS\system32\oobe\msobshel.htm
806.829: Copied file: C:\WINDOWS\system32\oobe\msobshel.dll
806.969: Copied file: C:\WINDOWS\system32\oobe\msobmain.dll
807.047: Copied file: C:\WINDOWS\system32\oobe\msobdl.dll
807.063: Copied file: C:\WINDOWS\system32\oobe\msobcomm.dll
807.313: Copied file: C:\WINDOWS\system32\oobe\error.js
807.344: Copied file: C:\WINDOWS\system32\oobe\actshell.htm
807.407: Copied file: C:\WINDOWS\system32\oobe\actsetup\apolicy.htm
807.454: Copied file: C:\WINDOWS\winhlp32.exe
807.485: Copied file: C:\WINDOWS\twain_32.dll
807.641: Copied file: C:\WINDOWS\regedit.exe
807.688: Copied file: C:\WINDOWS\notepad.exe
807.719: Copied file: C:\WINDOWS\hh.exe
807.875: Copied file: C:\WINDOWS\explorer.exe
808.438: Copied file (delayed): C:\WINDOWS\SET534.tmp
808.500: Copied file: C:\WINDOWS\INF\wmp.inf
808.641: Copied file: C:\WINDOWS\INF\wdma_via.inf
808.704: Copied file: C:\WINDOWS\INF\wdma_ali.inf
808.766: Copied file: C:\WINDOWS\INF\skins.inf
808.797: Copied file: C:\WINDOWS\INF\qmgr.inf
808.938: Copied file: C:\WINDOWS\INF\mdmirmdm.inf
809.110: Copied file: C:\WINDOWS\INF\fp40ext.inf
809.157: Copied file: C:\WINDOWS\INF\dtcnt5.inf
809.204: Copied file: C:\WINDOWS\INF\comnt5.inf
809.329: Copied file: C:\WINDOWS\fonts\tunga.ttf
809.797: Copied file (delayed): C:\WINDOWS\fonts\SET53E.tmp
809.844: Copied file: C:\WINDOWS\fonts\tahomabd.ttf
810.688: Copied file (delayed): C:\WINDOWS\fonts\SET53F.tmp
810.688: Copied file: C:\WINDOWS\fonts\tahoma.ttf
811.172: Copied file (delayed): C:\WINDOWS\fonts\SET540.tmp
811.235: Copied file: C:\WINDOWS\fonts\micross.ttf
811.579: Copied file (delayed): C:\WINDOWS\fonts\SET541.tmp
811.625: Copied file: C:\WINDOWS\fonts\impact.ttf
811.844: Copied file (delayed): C:\WINDOWS\fonts\SET542.tmp
811.860: Copied file: C:\WINDOWS\fonts\ariblk.ttf
812.204: Copied file (delayed): C:\WINDOWS\fonts\SET543.tmp
812.297: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\sqlxmlx.rll
812.454: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET544.tmp
812.454: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\sqlxmlx.dll
812.782: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET545.tmp
812.829: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\sqloledb.rll
813.672: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET546.tmp
813.704: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\sqloledb.dll
813.954: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET547.tmp
813.954: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\oledb32r.dll
814.172: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET548.tmp
814.172: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\oledb32.dll
814.360: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET549.tmp
814.360: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\msxactps.dll
814.797: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET54A.tmp
814.829: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\msdaurl.dll
815.157: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET54B.tmp
815.157: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\msdatt.dll
815.344: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET54C.tmp
815.344: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\msdatl3.dll
815.469: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET54D.tmp
815.469: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\msdasqlr.dll
815.641: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET54E.tmp
815.641: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\msdasql.dll
815.750: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET54F.tmp
815.750: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\msdasc.dll
815.938: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET550.tmp
815.938: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\msdaps.dll
816.172: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET551.tmp
816.188: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\msdaosp.dll
816.375: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET552.tmp
816.375: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\msdaorar.dll
816.547: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET553.tmp
816.547: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\msdaora.dll
816.688: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET554.tmp
816.688: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\msdaer.dll
816.844: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET555.tmp
816.844: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\msdaenum.dll
817.063: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET556.tmp
817.063: Copied file: C:\Program Files\Common Files\SYSTEM\ole db\msdadc.dll
817.172: Copied file (delayed): C:\Program Files\Common Files\SYSTEM\ole db\SET557.tmp
817.188: Copied file: C:\WINDOWS\system32\Setup\tsoc.dll
817.407: Copied file (delayed): C:\WINDOWS\system32\Setup\SET558.tmp
817.422: Copied file: C:\WINDOWS\system32\Setup\setupqry.dll
817.610: Copied file (delayed): C:\WINDOWS\system32\Setup\SET559.tmp
817.610: Copied file: C:\WINDOWS\system32\Setup\ocmsn.dll
817.797: Copied file (delayed): C:\WINDOWS\system32\Setup\SET55A.tmp
817.797: Copied file: C:\WINDOWS\system32\Setup\ocgen.dll
818.125: Copied file (delayed): C:\WINDOWS\system32\Setup\SET55B.tmp
818.141: Copied file: C:\WINDOWS\system32\Setup\ntoc.dll
818.297: Copied file (delayed): C:\WINDOWS\system32\Setup\SET55C.tmp
818.297: Copied file: C:\WINDOWS\system32\Setup\netoc.dll
818.547: Copied file (delayed): C:\WINDOWS\system32\Setup\SET55D.tmp
818.547: Copied file: C:\WINDOWS\system32\Setup\msgrocm.dll
818.750: Copied file (delayed): C:\WINDOWS\system32\Setup\SET55E.tmp
818.750: Copied file: C:\WINDOWS\system32\Setup\msdtcstp.dll
818.922: Copied file (delayed): C:\WINDOWS\system32\Setup\SET55F.tmp
818.954: Copied file: C:\WINDOWS\system32\Setup\imsinsnt.dll
819.204: Copied file (delayed): C:\WINDOWS\system32\Setup\SET560.tmp
819.204: Copied file: C:\WINDOWS\system32\Setup\iis.dll
820.688: Copied file (delayed): C:\WINDOWS\system32\Setup\SET561.tmp
820.688: Copied file: C:\WINDOWS\system32\Setup\fxsocm.dll
821.157: Copied file (delayed): C:\WINDOWS\system32\Setup\SET562.tmp
821.157: Copied file: C:\WINDOWS\system32\Setup\fp40ext.dll
821.672: Copied file (delayed): C:\WINDOWS\system32\Setup\SET563.tmp
821.672: Copied file: C:\WINDOWS\system32\Setup\comsetup.dll
822.422: Copied file (delayed): C:\WINDOWS\system32\Setup\SET564.tmp
822.485: Copied file: C:\WINDOWS\system32\WBEM\wmiutils.dll
822.860: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET565.tmp
822.860: Copied file: C:\WINDOWS\system32\WBEM\wmisvc.dll
823.125: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET566.tmp
823.125: Copied file: C:\WINDOWS\system32\WBEM\wmipsess.dll
823.235: Copied file: C:\WINDOWS\system32\WBEM\wmiprvse.exe
823.594: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET568.tmp
823.594: Copied file: C:\WINDOWS\system32\WBEM\wmiprvsd.dll
824.032: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET569.tmp
824.110: Copied file: C:\WINDOWS\system32\WBEM\wmiprov.dll
824.375: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET56A.tmp
824.375: Copied file: C:\WINDOWS\system32\WBEM\wmipjobj.dll
824.391: Copied file: C:\WINDOWS\system32\WBEM\wmipiprt.dll
824.407: Copied file: C:\WINDOWS\system32\WBEM\wmipdskq.dll
824.625: Copied file: C:\WINDOWS\system32\WBEM\wmipcima.dll
824.719: Copied file: C:\WINDOWS\system32\WBEM\wmidcprv.dll
824.891: Copied file: C:\WINDOWS\system32\WBEM\wmicookr.dll
824.922: Copied file: C:\WINDOWS\system32\WBEM\wmiapsrv.exe
825.172: Copied file: C:\WINDOWS\system32\WBEM\wmiaprpl.dll
825.219: Copied file: C:\WINDOWS\system32\WBEM\wmiapres.dll
825.391: Copied file: C:\WINDOWS\system32\WBEM\wmiadap.exe
825.422: Copied file: C:\WINDOWS\system32\WBEM\wbemupgd.dll
825.454: Copied file: C:\WINDOWS\system32\WBEM\wbemtest.exe
825.625: Copied file: C:\WINDOWS\system32\WBEM\wbemsvc.dll
825.813: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET577.tmp
825.813: Copied file: C:\WINDOWS\system32\WBEM\wbemprox.dll
826.141: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET578.tmp
826.141: Copied file: C:\WINDOWS\system32\WBEM\wbemperf.dll
826.157: Copied file: C:\WINDOWS\system32\WBEM\wbemess.dll
826.313: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET57A.tmp
826.313: Copied file: C:\WINDOWS\system32\WBEM\wbemdisp.dll
826.344: Copied file: C:\WINDOWS\system32\WBEM\wbemcore.dll
826.610: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET57C.tmp
826.610: Copied file: C:\WINDOWS\system32\WBEM\wbemcons.dll
826.829: Copied file: C:\WINDOWS\system32\WBEM\wbemcomn.dll
827.157: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET57E.tmp
827.172: Copied file: C:\WINDOWS\system32\WBEM\wbemcntl.dll
827.219: Copied file: C:\WINDOWS\system32\WBEM\viewprov.dll
827.313: Copied file: C:\WINDOWS\system32\WBEM\stdprov.dll
827.469: Copied file: C:\WINDOWS\system32\WBEM\scrcons.exe
827.500: Copied file: C:\WINDOWS\system32\WBEM\repdrvfs.dll
827.657: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET583.tmp
827.672: Copied file: C:\WINDOWS\system32\WBEM\provthrd.dll
827.844: Copied file: C:\WINDOWS\system32\WBEM\ntevt.dll
827.907: Copied file: C:\WINDOWS\system32\WBEM\ncprov.dll
828.219: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET586.tmp
828.282: Copied file: C:\WINDOWS\system32\WBEM\mofd.dll
828.610: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET587.tmp
828.610: Copied file: C:\WINDOWS\system32\WBEM\mofcomp.exe
828.766: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET588.tmp
828.782: Copied file: C:\WINDOWS\system32\WBEM\krnlprov.dll
828.797: Copied file: C:\WINDOWS\system32\WBEM\framedyn.dll
828.813: Copied file: C:\WINDOWS\system32\WBEM\fastprox.dll
829.047: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET58B.tmp
829.094: Copied file: C:\WINDOWS\system32\WBEM\evntrprv.dll
829.266: Copied file: C:\WINDOWS\system32\WBEM\esscli.dll
829.438: Copied file (delayed): C:\WINDOWS\system32\WBEM\SET58D.tmp
829.469: Copied file: C:\WINDOWS\system32\WBEM\cimwin32.mof
829.657: Copied file: C:\WINDOWS\system32\WBEM\cimwin32.mfl
829.938: Copied file: C:\WINDOWS\system32\WBEM\cimwin32.dll
830.094: Copied file: C:\WINDOWS\system32\DllCache\wmvds32.ax
830.313: Copied file: C:\WINDOWS\system32\DllCache\wmv8ds32.ax
830.344: Copied file: C:\WINDOWS\system32\DllCache\wmstream.dll
830.391: Copied file: C:\WINDOWS\system32\DllCache\wmsdmoe.dll
830.610: Copied file: C:\WINDOWS\system32\DllCache\shmedia.dll
830.719: Copied file: C:\WINDOWS\system32\DllCache\npwmsdrm.dll
830.829: Copied file: C:\WINDOWS\system32\DllCache\npdsplay.dll
830.860: Copied file: C:\WINDOWS\system32\DllCache\npdrmv2.dll
831.172: Copied file: C:\WINDOWS\system32\DllCache\msscds32.ax
831.204: Copied file: C:\WINDOWS\system32\DllCache\msdxmlc.dll
831.344: Copied file: C:\WINDOWS\system32\DllCache\msdxm.ocx
831.422: Copied file: C:\WINDOWS\system32\DllCache\msadds32.ax
831.500: Copied file: C:\WINDOWS\system32\DllCache\mplayer2.exe
831.641: Copied file: C:\WINDOWS\system32\DllCache\mplay32.exe
831.672: Copied file: C:\WINDOWS\system32\DllCache\mpg4ds32.ax
831.844: Copied file: C:\WINDOWS\system32\DllCache\dxmasf.dll
831.954: Copied file: C:\Program Files\Common Files\SYSTEM\wab32res.dll
832.266: Copied file: C:\Program Files\Common Files\SYSTEM\wab32.dll
832.454: Copied file: C:\Program Files\Common Files\SYSTEM\directdb.dll
832.516: Copied file: C:\WINDOWS\Help\tshoot.dll
832.704: Copied file: C:\WINDOWS\Help\sstub.dll
832.766: Copied file: C:\WINDOWS\Help\sniffpol.dll
832.875: Copied file: C:\WINDOWS\Help\apps.chm
832.922: Copied file: C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dll
833.563: Copied file (delayed): C:\Program Files\Common Files\Microsoft Shared\DAO\SET5A8.tmp
833.579: Copied file: C:\Program Files\Common Files\System\ADO\msjro.dll
833.735: Copied file (delayed): C:\Program Files\Common Files\System\ADO\SET5A9.tmp
833.750: Copied file: C:\Program Files\Common Files\System\ADO\msadrh15.dll
833.922: Copied file (delayed): C:\Program Files\Common Files\System\ADO\SET5AA.tmp
833.938: Copied file: C:\Program Files\Common Files\System\ADO\msadox.dll
834.125: Copied file (delayed): C:\Program Files\Common Files\System\ADO\SET5AB.tmp
834.125: Copied file: C:\Program Files\Common Files\System\ADO\msador15.dll
834.250: Copied file (delayed): C:\Program Files\Common Files\System\ADO\SET5AC.tmp
834.297: Copied file: C:\Program Files\Common Files\System\ADO\msadomd.dll
834.391: Copied file (delayed): C:\Program Files\Common Files\System\ADO\SET5AD.tmp
834.391: Copied file: C:\Program Files\Common Files\System\ADO\msado26.tlb
834.532: Copied file (delayed): C:\Program Files\Common Files\System\ADO\SET5AE.tmp
834.532: Copied file: C:\Program Files\Common Files\System\ADO\msado25.tlb
834.688: Copied file (delayed): C:\Program Files\Common Files\System\ADO\SET5AF.tmp
834.688: Copied file: C:\Program Files\Common Files\System\ADO\msado21.tlb
834.860: Copied file (delayed): C:\Program Files\Common Files\System\ADO\SET5B0.tmp
834.860: Copied file: C:\Program Files\Common Files\System\ADO\msado20.tlb
835.125: Copied file (delayed): C:\Program Files\Common Files\System\ADO\SET5B1.tmp
835.141: Copied file: C:\Program Files\Common Files\System\ADO\msado15.dll
835.313: Copied file (delayed): C:\Program Files\Common Files\System\ADO\SET5B2.tmp
835.313: Copied file: C:\Program Files\Common Files\System\ADO\msader15.dll
835.532: Copied file (delayed): C:\Program Files\Common Files\System\ADO\SET5B3.tmp
835.579: Copied file: C:\Program Files\Outlook Express\wabmig.exe
835.625: Copied file: C:\Program Files\Outlook Express\wabimp.dll
835.750: Copied file: C:\Program Files\Outlook Express\wabfind.dll
835.797: Copied file: C:\Program Files\Outlook Express\wab.exe
836.000: Copied file: C:\Program Files\Outlook Express\setup50.exe
836.188: Copied file: C:\Program Files\Outlook Express\oemiglib.dll
836.594: Copied file: C:\Program Files\Outlook Express\oemig50.exe
836.641: Copied file: C:\Program Files\Outlook Express\oeimport.dll
836.750: Copied file: C:\Program Files\Outlook Express\msoeres.dll
836.922: Copied file: C:\Program Files\Outlook Express\msoe.dll
837.141: Copied file: C:\Program Files\Outlook Express\msimn.exe
837.454: Copied file: C:\Program Files\Windows NT\dialer.exe
837.547: Copied file: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\fp4autl.dll
837.860: Copied file: C:\Program Files\windows media player\npwmsdrm.dll
837.875: Copied file: C:\Program Files\windows media player\npdsplay.dll
837.969: Copied file: C:\Program Files\windows media player\npdrmv2.dll
838.094: Copied file: C:\Program Files\windows media player\mplayer2.exe
838.110: Copied file: C:\Program Files\windows media player\skins\compact.wmz
838.516: Copied file: C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe
838.547: Copied file: C:\Program Files\Internet Explorer\Connection Wizard\icwutil.dll
838.610: Copied file: C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe
838.688: Copied file: C:\Program Files\Internet Explorer\Connection Wizard\icwhelp.dll
838.750: Copied file: C:\Program Files\Internet Explorer\Connection Wizard\icwdl.dll
838.766: Copied file: C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe
839.079: Copied file: C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
839.141: Copied file: C:\Program Files\Internet Explorer\Conne
839.297: Copied file: C:\WINDOWS\AppPatch\msimain.sdb
839.407: Copied file (delayed): C:\WINDOWS\AppPatch\SET5CE.tmp
839.407: Copied file: C:\WINDOWS\AppPatch\apphelp.sdb
839.532: Copied file (delayed): C:\WINDOWS\AppPatch\SET5CF.tmp
839.547: Copied file: C:\WINDOWS\AppPatch\acxtrnal.dll
839.672: Copied file (delayed): C:\WINDOWS\AppPatch\SET5D0.tmp
839.688: Copied file: C:\WINDOWS\AppPatch\acspecfc.dll
839.813: Copied file (delayed): C:\WINDOWS\AppPatch\SET5D1.tmp
839.813: Copied file: C:\WINDOWS\AppPatch\aclua.dll
839.938: Copied file (delayed): C:\WINDOWS\AppPatch\SET5D2.tmp
839.985: Copied file: C:\WINDOWS\AppPatch\aclayers.dll
840.172: Copied file (delayed): C:\WINDOWS\AppPatch\SET5D3.tmp
840.172: Copied file: C:\WINDOWS\AppPatch\acgenral.dll
840.500: Copied file (delayed): C:\WINDOWS\AppPatch\SET5D4.tmp
840.516: Copied file: C:\WINDOWS\system32\com\comrereg.exe
840.547: Copied file: C:\WINDOWS\system32\com\comrepl.exe
840.579: Copied file: C:\WINDOWS\system32\com\comadmin.dll
840.672: Copied file: C:\Program Files\NetMeeting\rrcm.dll
840.719: Copied file: C:\Program Files\NetMeeting\nmwb.dll
840.891: Copied file: C:\Program Files\NetMeeting\nmoldwb.dll
840.938: Copied file: C:\Program Files\NetMeeting\nmft.dll
840.985: Copied file: C:\Program Files\NetMeeting\nmcom.dll
841.297: Copied file: C:\Program Files\NetMeeting\nmchat.dll
841.344: Copied file: C:\Program Files\NetMeeting\nmasnt.dll
841.422: Copied file: C:\Program Files\NetMeeting\nmas.dll
841.485: Copied file: C:\Program Files\NetMeeting\nac.dll
841.516: Copied file: C:\Program Files\NetMeeting\mst123.dll
841.657: Copied file: C:\Program Files\NetMeeting\mst120.dll
841.704: Copied file: C:\Program Files\NetMeeting\h323cc.dll
841.750: Copied file: C:\Program Files\NetMeeting\dcap32.dll
841.860: Copied file: C:\Program Files\NetMeeting\confmrsl.dll
841.922: Copied file: C:\Program Files\NetMeeting\conf.exe
842.188: Copied file: C:\Program Files\NetMeeting\callcont.dll
842.329: Copied file: C:\WINDOWS\ime\sptip.dll
842.485: Copied file: C:\WINDOWS\ime\softkbd.dll
842.516: Copied file: C:\WINDOWS\ime\mscandui.dll
842.735: Copied file: C:\WINDOWS\srchasst\mui\0409\lclmm.xml
842.782: Copied file: C:\WINDOWS\srchasst\srchui.dll
842.860: Copied file: C:\WINDOWS\srchasst\srchctls.dll
842.907: Copied file: C:\WINDOWS\srchasst\msgr3en.dll
843.672: Copied file: C:\Program Files\Common Files\microsoft shared\speech\sapi.dll
843.719: Copied file: C:\Program Files\Common Files\microsoft shared\speech\sapi.cpl
843.797: Copied file: C:\WINDOWS\msagent\mslwvtts.dll
843.938: Copied file: C:\WINDOWS\msagent\agtintl.dll
843.969: Copied file: C:\WINDOWS\msagent\agtctl15.tlb
844.157: Copied file: C:\WINDOWS\msagent\agentsvr.exe
844.204: Copied file: C:\WINDOWS\msagent\agentsr.dll
844.313: Copied file: C:\WINDOWS\msagent\agentpsh.dll
844.329: Copied file: C:\WINDOWS\msagent\agentmpx.dll
844.360: Copied file: C:\WINDOWS\msagent\agentdpv.dll
844.469: Copied file: C:\WINDOWS\msagent\agentdp2.dll
844.485: Copied file: C:\WINDOWS\msagent\agentctl.dll
844.610: Copied file: C:\WINDOWS\msagent\agentanm.dll
844.657: Copied file: C:\WINDOWS\msagent\intl\agt0c0a.dll
844.704: Copied file: C:\WINDOWS\msagent\intl\agt0816.dll
844.782: Copied file: C:\WINDOWS\msagent\intl\agt041f.dll
844.813: Copied file: C:\WINDOWS\msagent\intl\agt041d.dll
844.891: Copied file: C:\WINDOWS\msagent\intl\agt0419.dll
844.907: Copied file: C:\WINDOWS\msagent\intl\agt0416.dll
844.954: Copied file: C:\WINDOWS\msagent\intl\agt0415.dll
845.157: Copied file: C:\WINDOWS\msagent\intl\agt0414.dll
845.188: Copied file: C:\WINDOWS\msagent\intl\agt0413.dll
845.266: Copied file: C:\WINDOWS\msagent\intl\agt0410.dll
845.297: Copied file: C:\WINDOWS\msagent\intl\agt040e.dll
845.329: Copied file: C:\WINDOWS\msagent\intl\agt040c.dll
845.391: Copied file: C:\WINDOWS\msagent\intl\agt040b.dll
845.422: Copied file: C:\WINDOWS\msagent\intl\agt0409.dll
845.500: Copied file: C:\WINDOWS\msagent\intl\agt0408.dll
845.516: Copied file: C:\WINDOWS\msagent\intl\agt0407.dll
845.547: Copied file: C:\WINDOWS\msagent\intl\agt0406.dll
845.657: Copied file: C:\WINDOWS\msagent\intl\agt0405.dll
845.672: Copied file: C:\WINDOWS\system32\npp\nppagent.exe
845.704: Copied file: C:\WINDOWS\system32\npp\ndisnpp.dll
845.844: Copied file: C:\WINDOWS\system32\restore\rstrui.exe
845.875: Copied file: C:\WINDOWS\system32\restore\filelist.xml
845.922: Copied file: C:\WINDOWS\Resources\Themes\Luna\luna.msstyles
846.266: Copied file: C:\Program Files\windows nt\accessories\wordpad.exe
846.375: Copied file: C:\Program Files\windows nt\pinball\pinball.exe
846.454: Copied file: C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
846.766: Copied file (delayed): C:\WINDOWS\pchealth\helpctr\binaries\SET615.tmp
846.813: Copied file: C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll
846.875: Copied file: C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
846.907: Copied file: C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
847.360: Copied file: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
847.454: Copied file: C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
847.641: Copied file: C:\WINDOWS\pchealth\uploadlb\binaries\uploadm.exe
847.891: Copied file: C:\WINDOWS\help\tours\htmltour\unlock_optimized.htm
847.907: Copied file: C:\WINDOWS\help\tours\htmltour\unlock_built.htm
847.954: Copied file: C:\WINDOWS\help\tours\htmltour\start_desktop.htm
848.188: Copied file: C:\WINDOWS\INF\wstcodec.inf
848.250: Copied file: C:\WINDOWS\INF\wbemoc.inf
848.360: Copied file: C:\WINDOWS\INF\usbport.inf
848.485: Copied file: C:\WINDOWS\INF\tsoc.inf
848.485: Copied file: C:\WINDOWS\INF\tape.inf
848.485: Copied file: C:\WINDOWS\INF\swflash.inf
848.594: Copied file: C:\WINDOWS\INF\streamip.inf
848.625: Copied file: C:\WINDOWS\INF\smartcrd.inf
848.641: Copied file: C:\WINDOWS\INF\slip.inf
848.704: Copied file: C:\WINDOWS\INF\shell.inf
848.719: Copied file: C:\WINDOWS\INF\secrecs.inf
848.797: Copied file: C:\WINDOWS\INF\scsi.inf
848.829: Copied file: C:\WINDOWS\INF\sceregvl.inf
848.860: Copied file: C:\WINDOWS\INF\pnpscsi.inf
849.094: Copied file: C:\WINDOWS\INF\ntprint.inf
849.172: Copied file: C:\WINDOWS\INF\netwzc.inf
849.235: Copied file: C:\WINDOWS\INF\netupnph.inf
849.235: Copied file: C:\WINDOWS\INF\nettcpip.inf
849.297: Copied file: C:\WINDOWS\INF\netrass.inf
849.344: Copied file: C:\WINDOWS\INF\netoc.inf
849.375: Copied file: C:\WINDOWS\INF\netmscli.inf
849.391: Copied file: C:\WINDOWS\INF\netip6.inf
849.469: Copied file: C:\WINDOWS\INF\ndisip.inf
849.469: Copied file: C:\WINDOWS\INF\nabtsfec.inf
849.579: Copied file: C:\WINDOWS\INF\mstape.inf
849.579: Copied file: C:\WINDOWS\INF\msoe50.inf
849.594: Copied file: C:\WINDOWS\INF\mshdc.inf
849.657: Copied file: C:\WINDOWS\INF\mpe.inf
849.704: Copied file: C:\WINDOWS\INF\mdac.inf
849.797: Copied file: C:\WINDOWS\INF\mchgr.inf
849.860: Copied file: C:\WINDOWS\INF\machine.inf
849.891: Copied file: C:\WINDOWS\INF\ksfilter.inf
850.125: Copied file: C:\WINDOWS\INF\kscaptur.inf
850.125: Copied file: C:\WINDOWS\INF\ks.inf
850.125: Copied file: C:\WINDOWS\INF\shl_img.inf
850.266: Copied file: C:\WINDOWS\INF\oobe.inf
850.297: Copied file: C:\WINDOWS\INF\keyboard.inf
850.375: Copied file: C:\WINDOWS\INF\intl.inf
850.579: Copied file: C:\WINDOWS\INF\input.inf
850.625: Copied file: C:\WINDOWS\INF\ims.inf
850.625: Copied file: C:\WINDOWS\INF\ieaccess.inf
850.735: Copied file: C:\WINDOWS\INF\ie.inf
850.829: Copied file: C:\WINDOWS\INF\hidserv.inf
850.891: Copied file: C:\WINDOWS\INF\drvindex.inf
850.922: Copied file: C:\WINDOWS\INF\dwup.inf
850.969: Copied file: C:\WINDOWS\INF\syssetup.inf
851.250: Copied file: C:\WINDOWS\INF\sysoc.inf
851.282: Copied file: C:\WINDOWS\INF\layout.inf
851.375: Copied file: c:\windows\ServicePackFiles\i386\ispcnerr.htm
851.422: Copied file: c:\windows\ServicePackFiles\i386\newmark8.jpg
851.454: Copied file: c:\windows\ServicePackFiles\i386\icwhelp.dll
851.469: Copied file: c:\windows\ServicePackFiles\i386\atinrvxx.sys
851.485: Copied file: c:\windows\ServicePackFiles\i386\rfcomm.sys
851.610: Copied file: c:\windows\ServicePackFiles\i386\confmrsl.dll
851.610: Copied file: c:\windows\ServicePackFiles\i386\slwdmsup.sys
851.641: Copied file: c:\windows\ServicePackFiles\i386\ks.sys
851.688: Copied file: c:\windows\ServicePackFiles\i386\sdhcinst.dll
851.719: Copied file: c:\windows\ServicePackFiles\i386\rhndshk.htm
851.719: Copied file: c:\windows\ServicePackFiles\i386\winhlp32.exe
851.735: Copied file: c:\windows\ServicePackFiles\i386\psched.sys
851.813: Copied file: c:\windows\ServicePackFiles\i386\tscupdc.dll
851.860: Copied file: c:\windows\ServicePackFiles\i386\ntkrpamp.exe
852.454: Copied file: c:\windows\ServicePackFiles\i386\onex_v1.xsd
852.500: Copied file: c:\windows\ServicePackFiles\i386\odbccr32.dll
852.516: Copied file: c:\windows\ServicePackFiles\i386\admin.exe
852.594: Copied file: c:\windows\ServicePackFiles\i386\hscupd.exe
852.672: Copied file: c:\windows\ServicePackFiles\i386\mdmvv.inf
852.704: Copied file: c:\windows\ServicePackFiles\i386\hpwm5250.gpd
852.735: Copied file: c:\windows\ServicePackFiles\i386\nscirda.sys
852.750: Copied file: c:\windows\ServicePackFiles\i386\shimgvw.dll
852.813: Copied file: c:\windows\ServicePackFiles\i386\msimg32.dll
852.844: Copied file: c:\windows\ServicePackFiles\i386\wfp2.inf
852.907: Copied file: c:\windows\ServicePackFiles\i386\moviemk.chm
853.922: Copied file: c:\windows\ServicePackFiles\i386\author.dll
853.985: Copied file: c:\windows\ServicePackFiles\i386\hdaudbus.sys
854.110: Copied file: c:\windows\ServicePackFiles\i386\rw450ext.dll
854.172: Copied file: c:\windows\ServicePackFiles\i386\xmlp_mpc.xdr
854.219: Copied file: c:\windows\ServicePackFiles\i386\msnetmtg.inf
854.282: Copied file: c:\windows\ServicePackFiles\i386\oempriv.htm
854.360: Copied file: c:\windows\ServicePackFiles\i386\mshtmler.dll
854.375: Copied file: c:\windows\ServicePackFiles\i386\agentanm.dll
854.391: Copied file: c:\windows\ServicePackFiles\i386\ati1tuxx.sys
854.438: Copied file: c:\windows\ServicePackFiles\i386\winspool.drv
854.469: Copied file: c:\windows\ServicePackFiles\i386\stdschmx.gdl
854.500: Copied file: c:\windows\ServicePackFiles\i386\ipxroute.exe
854.563: Copied file: c:\windows\ServicePackFiles\i386\occache.dll
854.579: Copied file: c:\windows\ServicePackFiles\i386\conf.chm
854.641: Copied file: c:\windows\ServicePackFiles\i386\but4_dwn.gif
854.688: Copied file: c:\windows\ServicePackFiles\i386\mciavi32.dll
854.704: Copied file: c:\windows\ServicePackFiles\i386\mtxclu.dll
854.797: Copied file: c:\windows\ServicePackFiles\i386\wldap32.dll
854.954: Copied file: c:\windows\ServicePackFiles\i386\agentpsh.dll
854.954: Copied file: c:\windows\ServicePackFiles\i386\atmadm.exe
854.954: Copied file: c:\windows\ServicePackFiles\i386\ifmon.dll
855.032: Copied file: c:\windows\ServicePackFiles\i386\msdaurl.dll
855.032: Copied file: c:\windows\ServicePackFiles\i386\wextract.exe
855.125: Copied file: c:\windows\ServicePackFiles\i386\wtv5.inf
855.172: Copied file: c:\windows\ServicePackFiles\i386\basesrv.dll
855.188: Copied file: c:\windows\ServicePackFiles\i386\hndshake.htm
855.219: Copied file: c:\windows\ServicePackFiles\i386\srsvc.dll
855.313: Copied file: c:\windows\ServicePackFiles\i386\sendcmsg.chm
855.344: Copied file: c:\windows\ServicePackFiles\i386\snmpthrd.dll
855.375: Copied file: c:\windows\ServicePackFiles\i386\nlhtml.dll
855.422: Copied file: c:\windows\ServicePackFiles\i386\ipmontr.dll
855.469: Copied file: c:\windows\ServicePackFiles\i386\mdmetech.inf
855.610: Copied file: c:\windows\ServicePackFiles\i386\evntagnt.dll
855.704: Copied file: c:\windows\ServicePackFiles\i386\aqueue.dll
855.735: Copied file: c:\windows\ServicePackFiles\i386\msadomd.dll
855.766: Copied file: c:\windows\ServicePackFiles\i386\xmlp_mcc.xdr
855.766: Copied file: c:\windows\ServicePackFiles\i386\migload.exe
855.782: Copied file: c:\windows\ServicePackFiles\i386\digcore.exe
856.157: Copied file: c:\windows\ServicePackFiles\i386\compatui.dll
856.172: Copied file: c:\windows\ServicePackFiles\i386\cabview.dll
856.204: Copied file: c:\windows\ServicePackFiles\i386\prvcyms.htm
856.313: Copied file: c:\windows\ServicePackFiles\i386\plotui.dll
856.344: Copied file: c:\windows\ServicePackFiles\i386\rasdlg.dll
856.532: Copied file: c:\windows\ServicePackFiles\i386\xprecycl.wav
856.579: Copied file: c:\windows\ServicePackFiles\i386\modem.sys
856.625: Copied file: c:\windows\ServicePackFiles\i386\w2k3rd.mst
856.641: Copied file: c:\windows\ServicePackFiles\i386\viaide.sys
856.704: Copied file: c:\windows\ServicePackFiles\i386\ieakeng.dll
856.735: Copied file: c:\windows\ServicePackFiles\i386\iasrad.dll
856.797: Copied file: c:\windows\ServicePackFiles\i386\ident1.htm
856.829: Copied file: c:\windows\ServicePackFiles\i386\usb8023x.sys
856.875: Copied file: c:\windows\ServicePackFiles\i386\videoprt.sys
856.875: Copied file: c:\windows\ServicePackFiles\i386\dhcpcsvc.dll
856.954: Copied file: c:\windows\ServicePackFiles\i386\kbdmaori.dll
857.204: Copied file: c:\windows\ServicePackFiles\i386\diskpart.exe
857.282: Copied file: c:\windows\ServicePackFiles\i386\atv01nt5.dll
857.313: Copied file: c:\windows\ServicePackFiles\i386\msgina.dll
857.422: Copied file: c:\windows\ServicePackFiles\i386\esent.dll
857.594: Copied file: c:\windows\ServicePackFiles\i386\rasauto.dll
857.672: Copied file: c:\windows\ServicePackFiles\i386\kbdinben.dll
857.719: Copied file: c:\windows\ServicePackFiles\i386\mmsys.cpl
857.829: Copied file: c:\windows\ServicePackFiles\i386\msjter40.dll
857.875: Copied file: c:\windows\ServicePackFiles\i386\wadv11nt.sys
857.907: Copied file: c:\windows\ServicePackFiles\i386\mspaint.chm
857.985: Copied file: c:\windows\ServicePackFiles\i386\ps5333.inf
858.110: Copied file: c:\windows\ServicePackFiles\i386\narrator.exe
858.172: Copied file: c:\windows\ServicePackFiles\i386\audiosrv.dll
858.172: Copied file: c:\windows\ServicePackFiles\i386\dinput8.dll
858.407: Copied file: c:\windows\ServicePackFiles\i386\remotesp.tsp
858.469: Copied file: c:\windows\ServicePackFiles\i386\winmm.dll
858.500: Copied file: c:\windows\ServicePackFiles\i386\dpnsvr.exe
858.516: Copied file: c:\windows\ServicePackFiles\i386\msado26.tlb
858.532: Copied file: c:\windows\ServicePackFiles\i386\hidusb.sys
858.688: Copied file: c:\windows\ServicePackFiles\i386\sprc0424.dll
858.750: Copied file: c:\windows\ServicePackFiles\i386\wuauserv.dll
858.782: Copied file: c:\windows\ServicePackFiles\i386\msvbvm60.dll
858.891: Copied file: c:\windows\ServicePackFiles\i386\jgpl400.dll
858.922: Copied file: c:\windows\ServicePackFiles\i386\tourstrt.exe
858.985: Copied file: c:\windows\ServicePackFiles\i386\w2k3s1rd.mst
859.063: Copied file: c:\windows\ServicePackFiles\i386\hsfcxts2.sys
859.204: Copied file: c:\windows\ServicePackFiles\i386\mouse4.gif
859.282: Copied file: c:\windows\ServicePackFiles\i386\ds32gt.dll
859.344: Copied file: c:\windows\ServicePackFiles\i386\qedit.dll
859.500: Copied file: c:\windows\ServicePackFiles\i386\devenum.dll
859.547: Copied file: c:\windows\ServicePackFiles\i386\fpexedll.dll
859.563: Copied file: c:\windows\ServicePackFiles\i386\watchdog.sys
859.610: Copied file: c:\windows\ServicePackFiles\i386\utopiacl.wav
859.641: Copied file: c:\windows\ServicePackFiles\i386\mfc42u.dll
859.704: Copied file: c:\windows\ServicePackFiles\i386\dsl_b.htm
859.719: Copied file: c:\windows\ServicePackFiles\i386\odbcji32.dll
859.735: Copied file: c:\windows\ServicePackFiles\i386\mpr.dll
859.766: Copied file: c:\windows\ServicePackFiles\i386\netwlan5.img
859.844: Copied file: c:\windows\ServicePackFiles\i386\obrb0424.dll
859.875: Copied file: c:\windows\ServicePackFiles\i386\updshell.htm
859.907: Copied file: c:\windows\ServicePackFiles\i386\odbcbcp.dll
859.954: Copied file: c:\windows\ServicePackFiles\i386\msjro.dll
859.954: Copied file: c:\windows\ServicePackFiles\i386\mofd.dll
859.969: Copied file: c:\windows\ServicePackFiles\i386\rasphone.exe
860.204: Copied file: c:\windows\ServicePackFiles\i386\kmsvc.dll
860.235: Copied file: c:\windows\ServicePackFiles\i386\els.dll
860.344: Copied file: c:\windows\ServicePackFiles\i386\osloader.exe
860.391: Copied file: c:\windows\ServicePackFiles\i386\netui0.dll
860.407: Copied file: c:\windows\ServicePackFiles\i386\cliconfg.rll
860.454: Copied file: c:\windows\ServicePackFiles\i386\halapic.dll
860.547: Copied file: c:\windows\ServicePackFiles\i386\h323msp.dll
860.610: Copied file: c:\windows\ServicePackFiles\i386\dwwin.exe
860.657: Copied file: c:\windows\ServicePackFiles\i386\setupqry.dll
860.672: Copied file: c:\windows\ServicePackFiles\i386\tape.sys
860.750: Copied file: c:\windows\ServicePackFiles\i386\mspeap1.xsd
860.782: Copied file: c:\windows\ServicePackFiles\i386\kperdpc.dll
860.813: Copied file: c:\windows\ServicePackFiles\i386\tdc.ocx
860.829: Copied file: c:\windows\ServicePackFiles\i386\dmboot.sys
860.954: Copied file: c:\windows\ServicePackFiles\i386\stub_fpsrvadm.exe
860.985: Copied file: c:\windows\ServicePackFiles\i386\tapi3.dll
861.172: Copied file: c:\windows\ServicePackFiles\i386\ixsso.dll
861.188: Copied file: c:\windows\ServicePackFiles\i386\sccbase.dll
861.219: Copied file: c:\windows\ServicePackFiles\i386\agt0816.hlp
861.360: Copied file: c:\windows\ServicePackFiles\i386\wmi.mof
861.391: Copied file: c:\windows\ServicePackFiles\i386\wsiintxx.sys
861.438: Copied file: c:\windows\ServicePackFiles\i386\msjetol1.dll
861.469: Copied file: c:\windows\ServicePackFiles\i386\nmas.dll
861.469: Copied file: c:\windows\ServicePackFiles\i386\mslbui.dll
861.500: Copied file: c:\windows\ServicePackFiles\i386\input.chm
861.563: Copied file: c:\windows\ServicePackFiles\i386\fpsrvadm.exe
861.672: Copied file: c:\windows\ServicePackFiles\i386\slbiop.dll
861.735: Copied file: c:\windows\ServicePackFiles\i386\icwip.dun
861.735: Copied file: c:\windows\ServicePackFiles\i386\scarddlg.dll
861.750: Copied file: c:\windows\ServicePackFiles\i386\srclient.dll
861.782: Copied file: c:\windows\ServicePackFiles\i386\ssflwbox.scr
861.860: Copied file: c:\windows\ServicePackFiles\i386\dmcompos.dll
861.922: Copied file: c:\windows\ServicePackFiles\i386\rasman.dll
861.938: Copied file: c:\windows\ServicePackFiles\i386\sccsccp.dll
861.985: Copied file: c:\windows\ServicePackFiles\i386\mouseimg.gif
862.016: Copied file: c:\windows\ServicePackFiles\i386\pcl4res.dll
862.172: Copied file: c:\windows\ServicePackFiles\i386\mousewn1.gif
862.204: Copied file: c:\windows\ServicePackFiles\i386\rcimlby.exe
862.235: Copied file: c:\windows\ServicePackFiles\i386\mschapv2.xsd
862.235: Copied file: c:\windows\ServicePackFiles\i386\adv05nt5.dll
862.266: Copied file: c:\windows\ServicePackFiles\i386\eappcfg.dll
862.391: Copied file: c:\windows\ServicePackFiles\i386\napschem.mof
862.454: Copied file: c:\windows\ServicePackFiles\i386\p6disp.gpd
862.500: Copied file: c:\windows\ServicePackFiles\i386\drvmain.sdb
862.516: Copied file: c:\windows\ServicePackFiles\i386\dsound.dll
862.563: Copied file: c:\windows\ServicePackFiles\i386\wlanapi.dll
862.594: Copied file: c:\windows\ServicePackFiles\i386\msdart.dll
862.625: Copied file: c:\windows\ServicePackFiles\i386\msobshel.htm
862.641: Copied file: c:\windows\ServicePackFiles\i386\msadcor.dll
862.672: Copied file: c:\windows\ServicePackFiles\i386\migx25b.dun
862.797: Copied file: c:\windows\ServicePackFiles\i386\cryptdlg.dll
862.813: Copied file: c:\windows\ServicePackFiles\i386\twain_32.dll
862.813: Copied file: c:\windows\ServicePackFiles\i386\lbrtfdc.sys
862.875: Copied file: c:\windows\ServicePackFiles\i386\paris.jpg
862.922: Copied file: c:\windows\ServicePackFiles\i386\i81xnt5.inf
862.985: Copied file: c:\windows\ServicePackFiles\i386\sortkey.nls
863.032: Copied file: c:\windows\ServicePackFiles\i386\napstat.exe
863.079: Copied file: c:\windows\ServicePackFiles\i386\avifil32.dll
863.079: Copied file: c:\windows\ServicePackFiles\i386\atinsnxx.sys
863.125: Copied file: c:\windows\ServicePackFiles\i386\uxtheme.dll
863.219: Copied file: c:\windows\ServicePackFiles\i386\xmlp_fcd.xdr
863.313: Copied file: c:\windows\ServicePackFiles\i386\wfp0.inf
863.344: Copied file: c:\windows\ServicePackFiles\i386\mciqtz32.dll
863.438: Copied file: c:\windows\ServicePackFiles\i386\wacompen.sys
863.469: Copied file: c:\windows\ServicePackFiles\i386\forcedos.exe
863.579: Copied file: c:\windows\ServicePackFiles\i386\nmcom.dll
863.594: Copied file: c:\windows\ServicePackFiles\i386\mmc30r.dll
863.672: Copied file: c:\windows\ServicePackFiles\i386\bthspp.inf
863.688: Copied file: c:\windows\ServicePackFiles\i386\wshrm.dll
863.704: Copied file: c:\windows\ServicePackFiles\i386\srrstr.dll
863.735: Copied file: c:\windows\ServicePackFiles\i386\locale.gpd
863.766: Copied file: c:\windows\ServicePackFiles\i386\wucltui.dll
863.844: Copied file: c:\windows\ServicePackFiles\i386\cmdl32.exe
863.891: Copied file: c:\windows\ServicePackFiles\i386\adsmsext.dll
863.907: Copied file: c:\windows\ServicePackFiles\i386\tapisrv.dll
863.969: Copied file: c:\windows\ServicePackFiles\i386\wmiadap.exe
863.969: Copied file: c:\windows\ServicePackFiles\i386\adojavas.inc
864.032: Copied file: c:\windows\ServicePackFiles\i386\licwmi.dll
864.079: Copied file: c:\windows\ServicePackFiles\i386\netrtsnt.inf
864.188: Copied file: c:\windows\ServicePackFiles\i386\i2omgmt.sys
864.250: Copied file: c:\windows\ServicePackFiles\i386\but3_dwn.gif
864.250: Copied file: c:\windows\ServicePackFiles\i386\nettun.inf
864.282: Copied file: c:\windows\ServicePackFiles\i386\objsel.dll
864.360: Copied file: c:\windows\ServicePackFiles\i386\xmlp_ssd.xdr
864.360: Copied file: c:\windows\ServicePackFiles\i386\mdmxsdk.sys
864.391: Copied file: c:\windows\ServicePackFiles\i386\crypt32.dll
864.438: Copied file: c:\windows\ServicePackFiles\i386\sysmon.ocx
864.579: Copied file: c:\windows\ServicePackFiles\i386\script.dll
864.594: Copied file: c:\windows\ServicePackFiles\i386\wtv3.inf
864.625: Copied file: c:\windows\ServicePackFiles\i386\mswrd8.wpc
864.672: Copied file: c:\windows\ServicePackFiles\i386\d3d8.dll
864.750: Copied file: c:\windows\ServicePackFiles\i386\fpmmc.dll
864.829: Copied file: c:\windows\ServicePackFiles\i386\msadox.dll
865.016: Copied file: c:\windows\ServicePackFiles\i386\kbd106.dll
865.094: Copied file: c:\windows\ServicePackFiles\i386\wlan_ehu.xsd
865.094: Copied file: c:\windows\ServicePackFiles\i386\icwdial.dll
865.141: Copied file: c:\windows\ServicePackFiles\i386\xptht26p.htm
865.157: Copied file: c:\windows\ServicePackFiles\i386\act_plcy.htm
865.172: Copied file: c:\windows\ServicePackFiles\i386\dsdmo.dll
865.219: Copied file: c:\windows\ServicePackFiles\i386\msnmsgs.msi
865.625: Copied file: c:\windows\ServicePackFiles\i386\strmfilt.dll
865.672: Copied file: c:\windows\ServicePackFiles\i386\ssdpapi.dll
865.719: Copied file: c:\windows\ServicePackFiles\i386\netrndis.inf
865.860: Copied file: c:\windows\ServicePackFiles\i386\migrate.obe
865.922: Copied file: c:\windows\ServicePackFiles\i386\csrsrv.dll
866.125: Copied file: c:\windows\ServicePackFiles\i386\dpnhpast.dll
866.313: Copied file: c:\windows\ServicePackFiles\i386\verclsid.exe
866.344: Copied file: c:\windows\ServicePackFiles\i386\wlan_beu.xsd
866.360: Copied file: c:\windows\ServicePackFiles\i386\licmgr10.dll
866.375: Copied file: c:\windows\ServicePackFiles\i386\msmsgs.inf
866.438: Copied file: c:\windows\ServicePackFiles\i386\blastcln.exe
866.454: Copied file: c:\windows\ServicePackFiles\i386\qmgr.inf
866.500: Copied file: c:\windows\ServicePackFiles\i386\sample1.jpg
866.516: Copied file: c:\windows\ServicePackFiles\i386\apps_sp.chm
866.579: Copied file: c:\windows\ServicePackFiles\i386\heidelb.jpg
866.610: Copied file: c:\windows\ServicePackFiles\i386\stdprov.dll
866.610: Copied file: c:\windows\ServicePackFiles\i386\wmm2filt.dll
866.641: Copied file: c:\windows\ServicePackFiles\i386\mspatcha.dll
866.672: Copied file: c:\windows\ServicePackFiles\i386\nmasnt.dll
866.672: Copied file: c:\windows\ServicePackFiles\i386\tyrolm.jpg
866.719: Copied file: c:\windows\ServicePackFiles\i386\ttyres.dll
866.750: Copied file: c:\windows\ServicePackFiles\i386\makecab.exe
866.860: Copied file: c:\windows\ServicePackFiles\i386\racpldlg.dll
866.907: Copied file: c:\windows\ServicePackFiles\i386\netsh.exe
866.938: Copied file: c:\windows\ServicePackFiles\i386\lmmib2.dll
866.985: Copied file: c:\windows\ServicePackFiles\i386\shutdown.exe
867.079: Copied file: c:\windows\ServicePackFiles\i386\sprb0424.dll
867.375: Copied file: c:\windows\ServicePackFiles\i386\sp3.cab
868.125: Copied file: c:\windows\ServicePackFiles\i386\comsvcs.dll
868.563: Copied file: c:\windows\ServicePackFiles\i386\modew.chm
868.610: Copied file: c:\windows\ServicePackFiles\i386\fp40ext.cab
868.766: Copied file: c:\windows\ServicePackFiles\i386\rnoansw.htm
868.797: Copied file: c:\windows\ServicePackFiles\i386\rtoobusy.htm
868.813: Copied file: c:\windows\ServicePackFiles\i386\admparse.dll
868.829: Copied file: c:\windows\ServicePackFiles\i386\msutb.dll
868.860: Copied file: c:\windows\ServicePackFiles\i386\mst120.dll
868.954: Copied file: c:\windows\ServicePackFiles\i386\cscript.mui
869.079: Copied file: c:\windows\ServicePackFiles\i386\fp4apws.dll
869.204: Copied file: c:\windows\ServicePackFiles\i386\ndisuio.sys
869.500: Copied file: c:\windows\ServicePackFiles\i386\sconnect.js
869.547: Copied file: c:\windows\ServicePackFiles\i386\drprov.dll
869.594: Copied file: c:\windows\ServicePackFiles\i386\ativvaxx.dll
869.641: Copied file: c:\windows\ServicePackFiles\i386\amstream.dll
869.704: Copied file: c:\windows\ServicePackFiles\i386\atinxbxx.sys
869.766: Copied file: c:\windows\ServicePackFiles\i386\nvdm.inf
869.829: Copied file: c:\windows\ServicePackFiles\i386\ntio404.sys
869.875: Copied file: c:\windows\ServicePackFiles\i386\xpob2res.dll
869.907: Copied file: c:\windows\ServicePackFiles\i386\qcliprov.dll
869.985: Copied file: c:\windows\ServicePackFiles\i386\smtpsvc.dll
870.079: Copied file: c:\windows\ServicePackFiles\i386\keymgr.dll
870.297: Copied file: c:\windows\ServicePackFiles\i386\msaddsr.dll
870.422: Copied file: c:\windows\ServicePackFiles\i386\nic1394.sys
870.500: Copied file: c:\windows\ServicePackFiles\i386\blutooth.chm
870.579: Copied file: c:\windows\ServicePackFiles\i386\wpnpinst.exe
870.766: Copied file: c:\windows\ServicePackFiles\i386\wuauhelp.chm
870.860: Copied file: c:\windows\ServicePackFiles\i386\atv04nt5.dll
870.954: Copied file: c:\windows\ServicePackFiles\i386\upnp.dll
871.282: Copied file: c:\windows\ServicePackFiles\i386\wdma_ali.inf
871.391: Copied file: c:\windows\ServicePackFiles\i386\kbdax2.dll
871.610: Copied file: c:\windows\ServicePackFiles\i386\flash.ocx
872.125: Copied file: c:\windows\ServicePackFiles\i386\imgutil.dll
872.188: Copied file: c:\windows\ServicePackFiles\i386\mgmtapi.dll
872.250: Copied file: c:\windows\ServicePackFiles\i386\mfc40u.dll
873.204: Copied file: c:\windows\ServicePackFiles\i386\msadcf.dll
873.344: Copied file: c:\windows\ServicePackFiles\i386\agt0816.dll
873.500: Copied file: c:\windows\ServicePackFiles\i386\xpballn.wav
873.594: Copied file: c:\windows\ServicePackFiles\i386\hsfcisp2.dll
873.672: Copied file: c:\windows\ServicePackFiles\i386\kd1394.dll
873.735: Copied file: c:\windows\ServicePackFiles\i386\acpi.sys
873.860: Copied file: c:\windows\ServicePackFiles\i386\xmlp_bdg.xdr
873.860: Copied file: c:\windows\ServicePackFiles\i386\netsetup.exe
874.047: Copied file: c:\windows\ServicePackFiles\i386\spgrmr.dll
874.188: Copied file: c:\windows\ServicePackFiles\i386\uagp35.sys
874.219: Copied file: c:\windows\ServicePackFiles\i386\rcbdyctl.dll
874.360: Copied file: c:\windows\ServicePackFiles\i386\mtlstrm.sys
874.735: Copied file: c:\windows\ServicePackFiles\i386\sprc041b.dll
875.094: Copied file: c:\windows\ServicePackFiles\i386\sisnic.sys
875.141: Copied file: c:\windows\ServicePackFiles\i386\imm32.dll
875.375: Copied file: c:\windows\ServicePackFiles\i386\fxsclnt.exe
875.516: Copied file: c:\windows\ServicePackFiles\i386\oobebaln.exe
875.594: Copied file: c:\windows\ServicePackFiles\i386\mspclock.sys
875.641: Copied file: c:\windows\ServicePackFiles\i386\obrb041b.dll
876.204: Copied file: c:\windows\ServicePackFiles\i386\adsldpc.dll
876.735: Copied file: c:\windows\ServicePackFiles\i386\guitrna.dll
876.938: Copied file: c:\windows\ServicePackFiles\i386\msdaosp.dll
877.250: Copied file: c:\windows\ServicePackFiles\i386\usbcamd2.sys
877.610: Copied file: c:\windows\ServicePackFiles\i386\rw430ext.dll
879.297: Copied file: c:\windows\ServicePackFiles\i386\defrag.exe
879.625: Copied file: c:\windows\ServicePackFiles\i386\dcomcnfg.exe
879.829: Copied file: c:\windows\ServicePackFiles\i386\fpadmdll.dll
879.938: Copied file: c:\windows\ServicePackFiles\i386\webpub.chm
880.204: Copied file: c:\windows\ServicePackFiles\i386\kdsui.dll
880.547: Copied file: c:\windows\ServicePackFiles\i386\kbdno1.dll
880.610: Copied file: c:\windows\ServicePackFiles\i386\ispphbsy.htm
880.813: Copied file: c:\windows\ServicePackFiles\i386\but2_dwn.gif
880.860: Copied file: c:\windows\ServicePackFiles\i386\msdaer.dll
881.032: Copied file: c:\windows\ServicePackFiles\i386\but1_up.gif
881.172: Copied file: c:\windows\ServicePackFiles\i386\onex.dll
881.813: Copied file: c:\windows\ServicePackFiles\i386\kartika.ttf
882.188: Copied file: c:\windows\ServicePackFiles\i386\auditusr.exe
882.422: Copied file: c:\windows\ServicePackFiles\i386\xplogoff.wav
882.907: Copied file: c:\windows\ServicePackFiles\i386\mouse.htm
883.110: Copied file: c:\windows\ServicePackFiles\i386\miglibnt.dll
883.391: Copied file: c:\windows\ServicePackFiles\i386\confmsp.dll
883.782: Copied file: c:\windows\ServicePackFiles\i386\nddeapi.dll
884.141: Copied file: c:\windows\ServicePackFiles\i386\cdm.dll
884.485: Copied file: c:\windows\ServicePackFiles\i386\wtv1.inf
884.625: Copied file: c:\windows\ServicePackFiles\i386\mswrd6.wpc
884.829: Copied file: c:\windows\ServicePackFiles\i386\intelide.sys
885.407: Copied file: c:\windows\ServicePackFiles\i386\xmlp_beu.xdr
885.469: Copied file: c:\windows\ServicePackFiles\i386\mstape.sys
885.625: Copied file: c:\windows\ServicePackFiles\i386\msncli.exe
889.000: Copied file: c:\windows\ServicePackFiles\i386\apphelp.dll
889.141: Copied file: c:\windows\ServicePackFiles\i386\html32.cnv
889.360: Copied file: c:\windows\ServicePackFiles\i386\msshamsg.dll
889.641: Copied file: c:\windows\ServicePackFiles\i386\eapgen.xsd
889.672: Copied file: c:\windows\ServicePackFiles\i386\mouse_k.htm
889.704: Copied file: c:\windows\ServicePackFiles\i386\iconlib.dll
889.750: Copied file: c:\windows\ServicePackFiles\i386\tdibth.inf
889.813: Copied file: c:\windows\ServicePackFiles\i386\koc.dll
889.875: Copied file: c:\windows\ServicePackFiles\i386\oledb32r.dll
890.079: Copied file: c:\windows\ServicePackFiles\i386\wadv05nt.sys
890.157: Copied file: c:\windows\ServicePackFiles\i386\adv08nt5.dll
890.219: Copied file: c:\windows\ServicePackFiles\i386\msctfime.ime
890.344: Copied file: c:\windows\ServicePackFiles\i386\ipevldpc.dll
890.563: Copied file: c:\windows\ServicePackFiles\i386\qmark.gif
890.610: Copied file: c:\windows\ServicePackFiles\i386\msdasql.dll
890.829: Copied file: c:\windows\ServicePackFiles\i386\kprodpc.dll
891.110: Copied file: c:\windows\ServicePackFiles\i386\ir50_qc.dll
891.375: Copied file: c:\windows\ServicePackFiles\i386\hidparse.sys
891.750: Copied file: c:\windows\ServicePackFiles\i386\p2p.dll
891.813: Copied file: c:\windows\ServicePackFiles\i386\comsnap.dll
892.047: Copied file: c:\windows\ServicePackFiles\i386\mydocs.dll
892.172: Copied file: c:\windows\ServicePackFiles\i386\ntprint.dll
892.235: Copied file: c:\windows\ServicePackFiles\i386\rstrui.exe
892.375: Copied file: c:\windows\ServicePackFiles\i386\dpvvox.dll
892.954: Copied file: c:\windows\ServicePackFiles\i386\ativtmxx.dll
893.110: Copied file: c:\windows\ServicePackFiles\i386\halmps.dll
893.313: Copied file: c:\windows\ServicePackFiles\i386\iprip.dll
893.563: Copied file: c:\windows\ServicePackFiles\i386\netnm.inf
893.641: Copied file: c:\windows\ServicePackFiles\i386\perfproc.dll
893.766: Copied file: c:\windows\ServicePackFiles\i386\netbt.sys
894.391: Copied file: c:\windows\ServicePackFiles\i386\ptpusd.dll
894.500: Copied file: c:\windows\ServicePackFiles\i386\wbemcons.dll
894.704: Copied file: c:\windows\ServicePackFiles\i386\tffsport.sys
894.797: Copied file: c:\windows\ServicePackFiles\i386\scntlast.htm
894.891: Copied file: c:\windows\ServicePackFiles\i386\odbcconf.rsp
894.969: Copied file: c:\windows\ServicePackFiles\i386\usbstor.sys
895.079: Copied file: c:\windows\ServicePackFiles\i386\schedsvc.dll
895.204: Copied file: c:\windows\ServicePackFiles\i386\tcpmon.dll
895.329: Copied file: c:\windows\ServicePackFiles\i386\dpvoice.dll
895.375: Copied file: c:\windows\ServicePackFiles\i386\baseeap.xsd
895.485: Copied file: c:\windows\ServicePackFiles\i386\odpdx32.dll
895.516: Copied file: c:\windows\ServicePackFiles\i386\scrobj.dll
895.610: Copied file: c:\windows\ServicePackFiles\i386\spra0424.dll
895.704: Copied file: c:\windows\ServicePackFiles\i386\msn.isp
895.750: Copied file: c:\windows\ServicePackFiles\i386\vssvc.exe
895.875: Copied file: c:\windows\ServicePackFiles\i386\olepro32.dll
895.907: Copied file: c:\windows\ServicePackFiles\i386\licdll.dll
896.032: Copied file: c:\windows\ServicePackFiles\i386\msh263.drv
896.094: Copied file: c:\windows\ServicePackFiles\i386\ntio411.sys
896.125: Copied file: c:\windows\ServicePackFiles\i386\ftp.exe
896.172: Copied file: c:\windows\ServicePackFiles\i386\msnms.ico
896.204: Copied file: c:\windows\ServicePackFiles\i386\kbdmlt48.dll
896.422: Copied file: c:\windows\ServicePackFiles\i386\qmgrprxy.dll
896.563: Copied file: c:\windows\ServicePackFiles\i386\mprdim.dll
896.641: Copied file: c:\windows\ServicePackFiles\i386\dhcpmon.dll
896.704: Copied file: c:\windows\ServicePackFiles\i386\pchsvc.dll
896.813: Copied file: c:\windows\ServicePackFiles\i386\bthport.sys
897.141: Copied file: c:\windows\ServicePackFiles\i386\powrprof.dll
897.219: Copied file: c:\windows\ServicePackFiles\i386\wuau.chm
897.266: Copied file: c:\windows\ServicePackFiles\i386\h323.tsp
897.391: Copied file: c:\windows\ServicePackFiles\i386\tip.htm
897.532: Copied file: c:\windows\ServicePackFiles\i386\mdmxsdk.dll
897.610: Copied file: c:\windows\ServicePackFiles\i386\stdschem.gdl
897.688: Copied file: c:\windows\ServicePackFiles\i386\msisip.dll
897.766: Copied file: c:\windows\ServicePackFiles\i386\autoconv.exe
898.047: Copied file: c:\windows\ServicePackFiles\i386\cscdll.dll
898.094: Copied file: c:\windows\ServicePackFiles\i386\msxml.dll
898.594: Copied file: c:\windows\ServicePackFiles\i386\encapi.dll
898.735: Copied file: c:\windows\ServicePackFiles\i386\msdaprst.dll
898.860: Copied file: c:\windows\ServicePackFiles\i386\ahui.exe
899.063: Copied file: c:\windows\ServicePackFiles\i386\offfilt.dll
899.329: Copied file: c:\windows\ServicePackFiles\i386\dmserver.dll
899.469: Copied file: c:\windows\ServicePackFiles\i386\desktop3.gif
899.579: Copied file: c:\windows\ServicePackFiles\i386\merlin.gif
899.641: Copied file: c:\windows\ServicePackFiles\i386\wlan_etc.xsd
899.735: Copied file: c:\windows\ServicePackFiles\i386\xmllite.dll
899.922: Copied file: c:\windows\ServicePackFiles\i386\icm32.dll
900.375: Copied file: c:\windows\ServicePackFiles\i386\ntmsapi.dll
900.454: Copied file: c:\windows\ServicePackFiles\i386\cfgmgr32.dll
900.500: Copied file: c:\windows\ServicePackFiles\i386\halsp.dll
900.563: Copied file: c:\windows\ServicePackFiles\i386\sfcfiles.dll
900.797: Copied file: c:\windows\ServicePackFiles\i386\backdown.jpg
900.875: Copied file: c:\windows\ServicePackFiles\i386\glu32.dll
900.969: Copied file: c:\windows\ServicePackFiles\i386\venicem.jpg
901.032: Copied file: c:\windows\ServicePackFiles\i386\instcat.sql
901.235: Copied file: c:\windows\ServicePackFiles\i386\atintuxx.sys
901.329: Copied file: c:\windows\ServicePackFiles\i386\sqlxmlx.rll
901.375: Copied file: c:\windows\ServicePackFiles\i386\xpprint.wav
901.485: Copied file: c:\windows\ServicePackFiles\i386\ipsecsnp.dll
901.563: Copied file: c:\windows\ServicePackFiles\i386\camext30.dll
901.594: Copied file: c:\windows\ServicePackFiles\i386\msxml3.dll
901.954: Copied file: c:\windows\ServicePackFiles\i386\sniffpol.dll
902.110: Copied file: c:\windows\ServicePackFiles\i386\mdmhamrw.inf
902.172: Copied file: c:\windows\ServicePackFiles\i386\vbisurf.ax
902.344: Copied file: c:\windows\ServicePackFiles\i386\drdyref.htm
902.469: Copied file: c:\windows\ServicePackFiles\i386\perfmon.exe
902.500: Copied file: c:\windows\ServicePackFiles\i386\backup.jpg
902.547: Copied file: c:\windows\ServicePackFiles\i386\changer.sys
902.672: Copied file: c:\windows\ServicePackFiles\i386\gdi32.dll
902.719: Copied file: c:\windows\ServicePackFiles\i386\adsldp.dll
902.735: Copied file: c:\windows\ServicePackFiles\i386\dialer.exe
902.782: Copied file: c:\windows\ServicePackFiles\i386\wmm2ext.dll
902.844: Copied file: c:\windows\ServicePackFiles\i386\mutohpen.sys
902.922: Copied file: c:\windows\ServicePackFiles\i386\osk.exe
902.969: Copied file: c:\windows\ServicePackFiles\i386\agt0409.hlp
903.016: Copied file: c:\windows\ServicePackFiles\i386\ddrawex.dll
903.079: Copied file: c:\windows\ServicePackFiles\i386\sprb041b.dll
903.219: Copied file: c:\windows\ServicePackFiles\i386\mtxdm.dll
903.344: Copied file: c:\windows\ServicePackFiles\i386\mmcshext.dll
903.469: Copied file: c:\windows\ServicePackFiles\i386\icaapi.dll
903.485: Copied file: c:\windows\ServicePackFiles\i386\secur32.dll
903.532: Copied file: c:\windows\ServicePackFiles\i386\mscms.dll
903.547: Copied file: c:\windows\ServicePackFiles\i386\wmipjobj.dll
903.579: Copied file: c:\windows\ServicePackFiles\i386\sqlsrv32.rll
903.657: Copied file: c:\windows\ServicePackFiles\i386\msobshel.dll
903.688: Copied file: c:\windows\ServicePackFiles\i386\ntio.sys
903.735: Copied file: c:\windows\ServicePackFiles\i386\wtsapi32.dll
903.766: Copied file: c:\windows\ServicePackFiles\i386\wmiprvsd.dll
903.797: Copied file: c:\windows\ServicePackFiles\i386\signup.mar
903.891: Copied file: c:\windows\ServicePackFiles\i386\wscsvc.dll
903.954: Copied file: c:\windows\ServicePackFiles\i386\hh.exe
904.141: Copied file: c:\windows\ServicePackFiles\i386\ispdtone.htm
904.188: Copied file: c:\windows\ServicePackFiles\i386\sqlqp20.dll
904.266: Copied file: c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
904.579: Copied file: c:\windows\ServicePackFiles\i386\usbohci.sys
904.610: Copied file: c:\windows\ServicePackFiles\i386\wintrust.dll
904.657: Copied file: c:\windows\ServicePackFiles\i386\qdv.dll
904.688: Copied file: c:\windows\ServicePackFiles\i386\i2omp.sys
904.735: Copied file: c:\windows\ServicePackFiles\i386\feclient.dll
904.750: Copied file: c:\windows\ServicePackFiles\i386\ativmvxx.ax
904.797: Copied file: c:\windows\ServicePackFiles\i386\serial.sys
904.813: Copied file: c:\windows\ServicePackFiles\i386\mscpx32r.dll
904.844: Copied file: c:\windows\ServicePackFiles\i386\sysmoda.dll
904.907: Copied file: c:\windows\ServicePackFiles\i386\msgr3en.dll
905.860: Copied file: c:\windows\ServicePackFiles\i386\but1_dwn.gif
905.875: Copied file: c:\windows\ServicePackFiles\i386\qic157.sys
905.922: Copied file: c:\windows\ServicePackFiles\i386\xpding.wav
905.969: Copied file: c:\windows\ServicePackFiles\i386\ipp_0007.asp
905.985: Copied file: c:\windows\ServicePackFiles\i386\imapi.exe
906.110: Copied file: c:\windows\ServicePackFiles\i386\hidbth.inf
906.125: Copied file: c:\windows\ServicePackFiles\i386\dciman32.dll
906.141: Copied file: c:\windows\ServicePackFiles\i386\rw330ext.dll
906.172: Copied file: c:\windows\ServicePackFiles\i386\oleaut32.dll
906.297: Copied file: c:\windows\ServicePackFiles\i386\xpmenu.wav
906.313: Copied file: c:\windows\ServicePackFiles\i386\wsock32.dll
906.360: Copied file: c:\windows\ServicePackFiles\i386\regsvc.dll
906.469: Copied file: c:\windows\ServicePackFiles\i386\msi.dll
906.672: Copied file: c:\windows\ServicePackFiles\i386\watv01nt.sys
906.719: Copied file: c:\windows\ServicePackFiles\i386\sonydcam.sys
906.750: Copied file: c:\windows\ServicePackFiles\i386\iesetup.dll
906.829: Copied file: c:\windows\ServicePackFiles\i386\mouse_i.htm
906.860: Copied file: c:\windows\ServicePackFiles\i386\cscript.exe
906.875: Copied file: c:\windows\ServicePackFiles\i386\inetcomm.dll
907.000: Copied file: c:\windows\ServicePackFiles\i386\msadcs.dll
907.032: Copied file: c:\windows\ServicePackFiles\i386\dpvacm.dll
907.079: Copied file: c:\windows\ServicePackFiles\i386\dialup.gif
907.188: Copied file: c:\windows\ServicePackFiles\i386\ispid.dll
907.235: Copied file: c:\windows\ServicePackFiles\i386\xmlp_wp.xdr
907.235: Copied file: c:\windows\ServicePackFiles\i386\ntmarta.dll
907.313: Copied file: c:\windows\ServicePackFiles\i386\faxpatch.exe
907.313: Copied file: c:\windows\ServicePackFiles\i386\spoolss.dll
907.360: Copied file: c:\windows\ServicePackFiles\i386\sspipes.scr
907.547: Copied file: c:\windows\ServicePackFiles\i386\fp4avnb.dll
907.579: Copied file: c:\windows\ServicePackFiles\i386\msltus40.dll
907.610: Copied file: c:\windows\ServicePackFiles\i386\dot3clnt.dll
907.797: Copied file: c:\windows\ServicePackFiles\i386\rocket.sys
907.829: Copied file: c:\windows\ServicePackFiles\i386\migrate.js
907.907: Copied file: c:\windows\ServicePackFiles\i386\rshx32.dll
907.922: Copied file: c:\windows\ServicePackFiles\i386\icwconn2.exe
907.969: Copied file: c:\windows\ServicePackFiles\i386\icwphbk.dll
907.985: Copied file: c:\windows\ServicePackFiles\i386\sr.sys
908.016: Copied file: c:\windows\ServicePackFiles\i386\xpexcl.wav
908.125: Copied file: c:\windows\ServicePackFiles\i386\ntoskrnl.exe
908.500: Copied file: c:\windows\ServicePackFiles\i386\usbaudio.sys
908.532: Copied file: c:\windows\ServicePackFiles\i386\neweula.htm
908.563: Copied file: c:\windows\ServicePackFiles\i386\dialtone.htm
908.625: Copied file: c:\windows\ServicePackFiles\i386\fxsdrv.dll
908.641: Copied file: c:\windows\ServicePackFiles\i386\sdbinst.exe
908.672: Copied file: c:\windows\ServicePackFiles\i386\dhcpqec.dll
908.750: Copied file: c:\windows\ServicePackFiles\i386\wpakey.jpg
908.782: Copied file: c:\windows\ServicePackFiles\i386\adv11nt5.dll
908.813: Copied file: c:\windows\ServicePackFiles\i386\pngfilt.dll
908.844: Copied file: c:\windows\ServicePackFiles\i386\vidcap.ax
908.875: Copied file: c:\windows\ServicePackFiles\i386\actconn.htm
908.954: Copied file: c:\windows\ServicePackFiles\i386\mswstr10.dll
909.110: Copied file: c:\windows\ServicePackFiles\i386\pjlmon.dll
909.141: Copied file: c:\windows\ServicePackFiles\i386\utopiade.wav
909.188: Copied file: c:\windows\ServicePackFiles\i386\watv06nt.sys
909.204: Copied file: c:\windows\ServicePackFiles\i386\xactsrv.dll
909.235: Copied file: c:\windows\ServicePackFiles\i386\apphelp.sdb
909.266: Copied file: c:\windows\ServicePackFiles\i386\cmcfg32.dll
909.282: Copied file: c:\windows\ServicePackFiles\i386\migdial.htm
909.313: Copied file: c:\windows\ServicePackFiles\i386\xperror.wav
909.375: Copied file: c:\windows\ServicePackFiles\i386\log.dll
909.391: Copied file: c:\windows\ServicePackFiles\i386\but4_up.gif
909.454: Copied file: c:\windows\ServicePackFiles\i386\wshom.mui
909.485: Copied file: c:\windows\ServicePackFiles\i386\msado20.tlb
909.532: Copied file: c:\windows\ServicePackFiles\i386\msdaremr.dll
909.547: Copied file: c:\windows\ServicePackFiles\i386\shlwapi.dll
909.594: Copied file: c:\windows\ServicePackFiles\i386\msv1_0.dll
909.625: Copied file: c:\windows\ServicePackFiles\i386\ippromon.dll
909.688: Copied file: c:\windows\ServicePackFiles\i386\nmwb.dll
909.860: Copied file: c:\windows\ServicePackFiles\i386\ipseldpc.dll
909.891: Copied file: c:\windows\ServicePackFiles\i386\msh261.drv
909.922: Copied file: c:\windows\ServicePackFiles\i386\aaclient.mui
910.157: Copied file: c:\windows\ServicePackFiles\i386\vbscript.dll
910.235: Copied file: c:\windows\ServicePackFiles\i386\apph_sp.sdb
910.360: Copied file: c:\windows\ServicePackFiles\i386\migisma.dll
910.500: Copied file: c:\windows\ServicePackFiles\i386\vbajet32.dll
910.547: Copied file: c:\windows\ServicePackFiles\i386\idq.dll
910.579: Copied file: c:\windows\ServicePackFiles\i386\msjtes40.dll
910.594: Copied file: c:\windows\ServicePackFiles\i386\ntldr
910.672: Copied file: c:\windows\ServicePackFiles\i386\winshfhc.dll
910.719: Copied file: c:\windows\ServicePackFiles\i386\wsnmp32.dll
910.735: Copied file: c:\windows\ServicePackFiles\i386\msieftp.dll
910.782: Copied file: c:\windows\ServicePackFiles\i386\dsprop.dll
910.813: Copied file: c:\windows\ServicePackFiles\i386\iprtrmgr.dll
910.875: Copied file: c:\windows\ServicePackFiles\i386\wlan_wlp.xsd
910.907: Copied file: c:\windows\ServicePackFiles\i386\nmoldwb.dll
911.000: Copied file: c:\windows\ServicePackFiles\i386\adcvbs.inc
911.000: Copied file: c:\windows\ServicePackFiles\i386\mcastmib.dll
911.313: Copied file: c:\windows\ServicePackFiles\i386\hsfbs2s2.sys
911.407: Copied file: c:\windows\ServicePackFiles\i386\tcpmonui.dll
911.500: Copied file: c:\windows\ServicePackFiles\i386\pscript.hlp
911.547: Copied file: c:\windows\ServicePackFiles\i386\msdaprsr.dll
911.594: Copied file: c:\windows\ServicePackFiles\i386\perm3.sys
911.641: Copied file: c:\windows\ServicePackFiles\i386\migism.inf
911.704: Copied file: c:\windows\ServicePackFiles\i386\webfldrs.msi
911.782: Copied file: c:\windows\ServicePackFiles\i386\tty.ini
911.797: Copied file: c:\windows\ServicePackFiles\i386\msrd2x40.dll
911.875: Copied file: c:\windows\ServicePackFiles\i386\duser.dll
911.907: Copied file: c:\windows\ServicePackFiles\i386\locale.nls
911.969: Copied file: c:\windows\ServicePackFiles\i386\bulzano.jpg
912.000: Copied file: c:\windows\ServicePackFiles\i386\mscpxl32.dll
912.032: Copied file: c:\windows\ServicePackFiles\i386\p6font.gpd
912.110: Copied file: c:\windows\ServicePackFiles\i386\ntlsapi.dll
912.438: Copied file: c:\windows\ServicePackFiles\i386\utopiami.wav
912.454: Copied file: c:\windows\ServicePackFiles\i386\explorer.exe
912.516: Copied file: c:\windows\ServicePackFiles\i386\utopia~4.wav
912.516: Copied file: c:\windows\ServicePackFiles\i386\xmlp_hlp.xdr
912.516: Copied file: c:\windows\ServicePackFiles\i386\hid.dll
912.532: Copied file: c:\windows\ServicePackFiles\i386\datime.dll
912.563: Copied file: c:\windows\ServicePackFiles\i386\callcont.dll
912.657: Copied file: c:\windows\ServicePackFiles\i386\agt0416.hlp
912.672: Copied file: c:\windows\ServicePackFiles\i386\msoert2.dll
912.719: Copied file: c:\windows\ServicePackFiles\i386\dmime.dll
912.797: Copied file: c:\windows\ServicePackFiles\i386\wdma_via.inf
912.813: Copied file: c:\windows\ServicePackFiles\i386\expsrv.dll
912.844: Copied file: c:\windows\ServicePackFiles\i386\comctl32.dll
912.891: Copied file: c:\windows\ServicePackFiles\i386\usbehci.sys
912.954: Copied file: c:\windows\ServicePackFiles\i386\wuapi.dll
913.016: Copied file: c:\windows\ServicePackFiles\i386\c_g18030.dll
913.219: Copied file: c:\windows\ServicePackFiles\i386\pjl.gpd
913.250: Copied file: c:\windows\ServicePackFiles\i386\bitsprx3.dll
913.313: Copied file: c:\windows\ServicePackFiles\i386\sysmod.dll
913.469: Copied file: c:\windows\ServicePackFiles\i386\avc.sys
913.516: Copied file: c:\windows\ServicePackFiles\i386\xpstartu.wav
913.547: Copied file: c:\windows\ServicePackFiles\i386\wuaueng.dll
913.688: Copied file: c:\windows\ServicePackFiles\i386\alg.exe
913.704: Copied file: c:\windows\ServicePackFiles\i386\rnomdm.htm
913.782: Copied file: c:\windows\ServicePackFiles\i386\msdaorar.dll
913.813: Copied file: c:\windows\ServicePackFiles\i386\xprngout.wav
913.875: Copied file: c:\windows\ServicePackFiles\i386\iedkcs32.dll
913.907: Copied file: c:\windows\ServicePackFiles\i386\wshext.mui
913.938: Copied file: c:\windows\ServicePackFiles\i386\diantz.exe
913.985: Copied file: c:\windows\ServicePackFiles\i386\cryptui.dll
914.016: Copied file: c:\windows\ServicePackFiles\i386\sfloppy.sys
914.110: Copied file: c:\windows\ServicePackFiles\i386\agt0407.hlp
914.141: Copied file: c:\windows\ServicePackFiles\i386\amdagp.sys
914.157: Copied file: c:\windows\ServicePackFiles\i386\ntvdmd.dll
914.188: Copied file: c:\windows\ServicePackFiles\i386\spra041b.dll
914.329: Copied file: c:\windows\ServicePackFiles\i386\lsass.exe
914.375: Copied file: c:\windows\ServicePackFiles\i386\cxthsfs2.cty
914.422: Copied file: c:\windows\ServicePackFiles\i386\agt0409.dll
914.438: Copied file: c:\windows\ServicePackFiles\i386\gagp30kx.sys
914.516: Copied file: c:\windows\ServicePackFiles\i386\rpulse.htm
914.547: Copied file: c:\windows\ServicePackFiles\i386\clbcatex.dll
914.579: Copied file: c:\windows\ServicePackFiles\i386\xpsp1res.dll
914.625: Copied file: c:\windows\ServicePackFiles\i386\win32spl.dll
914.657: Copied file: c:\windows\ServicePackFiles\i386\ws2_32.dll
914.672: Copied file: c:\windows\ServicePackFiles\i386\ncpsres.dll
914.719: Copied file: c:\windows\ServicePackFiles\i386\bthserv.dll
914.750: Copied file: c:\windows\ServicePackFiles\i386\spoolsv.exe
914.782: Copied file: c:\windows\ServicePackFiles\i386\rpberr.htm
914.797: Copied file: c:\windows\ServicePackFiles\i386\6to4svc.dll
914.922: Copied file: c:\windows\ServicePackFiles\i386\vchnt5.dll
915.000: Copied file: c:\windows\ServicePackFiles\i386\kswdmcap.ax
915.032: Copied file: c:\windows\ServicePackFiles\i386\ipxwan.dll
915.110: Copied file: c:\windows\ServicePackFiles\i386\ipp_0014.asp
915.141: Copied file: c:\windows\ServicePackFiles\i386\access.cpl
915.297: Copied file: c:\windows\ServicePackFiles\i386\neweula2.htm
915.329: Copied file: c:\windows\ServicePackFiles\i386\wmipdskq.dll
915.344: Copied file: c:\windows\ServicePackFiles\i386\inetppui.dll
915.375: Copied file: c:\windows\ServicePackFiles\i386\softkbd.dll
915.391: Copied file: c:\windows\ServicePackFiles\i386\desk.cpl
915.438: Copied file: c:\windows\ServicePackFiles\i386\services.exe
915.454: Copied file: c:\windows\ServicePackFiles\i386\xpbatlow.wav
915.610: Copied file: c:\windows\ServicePackFiles\i386\isptype.htm
915.625: Copied file: c:\windows\ServicePackFiles\i386\nmchat.dll
915.641: Copied file: c:\windows\ServicePackFiles\i386\wordpad.exe
915.672: Copied file: c:\windows\ServicePackFiles\i386\ipp_0005.asp
915.704: Copied file: c:\windows\ServicePackFiles\i386\csrss.exe
915.750: Copied file: c:\windows\ServicePackFiles\i386\baseeap0.xsd
915.766: Copied file: c:\windows\ServicePackFiles\i386\ksecdd.sys
915.797: Copied file: c:\windows\ServicePackFiles\i386\icwx25c.dun
915.813: Copied file: c:\windows\ServicePackFiles\i386\winhttp.dll
915.844: Copied file: c:\windows\ServicePackFiles\i386\ac97ali.sys
915.891: Copied file: c:\windows\ServicePackFiles\i386\badpkey.htm
915.907: Copied file: c:\windows\ServicePackFiles\i386\comres.dll
915.985: Copied file: c:\windows\ServicePackFiles\i386\storprop.dll
916.063: Copied file: c:\windows\ServicePackFiles\i386\trkwks.dll
916.125: Copied file: c:\windows\ServicePackFiles\i386\grn_btn.gif
916.157: Copied file: c:\windows\ServicePackFiles\i386\mmc.exe
916.250: Copied file: c:\windows\ServicePackFiles\i386\atv10nt5.dll
916.329: Copied file: c:\windows\ServicePackFiles\i386\serenum.sys
916.391: Copied file: c:\windows\ServicePackFiles\i386\kstvtune.ax
916.438: Copied file: c:\windows\ServicePackFiles\i386\jscript.dll
916.485: Copied file: c:\windows\ServicePackFiles\i386\msdv.sys
916.532: Copied file: c:\windows\ServicePackFiles\i386\knperpid.dll
916.563: Copied file: c:\windows\ServicePackFiles\i386\mskssrv.sys
916.610: Copied file: c:\windows\ServicePackFiles\i386\mouse_g.htm
916.704: Copied file: c:\windows\ServicePackFiles\i386\odbcjt32.dll
916.750: Copied file: c:\windows\ServicePackFiles\i386\clickhr.gif
916.750: Copied file: c:\windows\ServicePackFiles\i386\netoc.dll
916.797: Copied file: c:\windows\ServicePackFiles\i386\kbdsmsfi.dll
916.829: Copied file: c:\windows\ServicePackFiles\i386\daxctle.ocx
916.875: Copied file: c:\windows\ServicePackFiles\i386\iccvid.dll
916.907: Copied file: c:\windows\ServicePackFiles\i386\nddeapir.exe
916.922: Copied file: c:\windows\ServicePackFiles\i386\wmidcprv.dll
916.954: Copied file: c:\windows\ServicePackFiles\i386\asctrls.ocx
916.969: Copied file: c:\windows\ServicePackFiles\i386\secdrv.sys
916.985: Copied file: c:\windows\ServicePackFiles\i386\sndrec32.exe
917.016: Copied file: c:\windows\ServicePackFiles\i386\comexp.chm
917.141: Copied file: c:\windows\ServicePackFiles\i386\tp4mon.exe
917.172: Copied file: c:\windows\ServicePackFiles\i386\proquota.exe
917.235: Copied file: c:\windows\ServicePackFiles\i386\wlan_onx.xsd
917.297: Copied file: c:\windows\ServicePackFiles\i386\more.com
917.391: Copied file: c:\windows\ServicePackFiles\i386\framedyn.dll
917.407: Copied file: c:\windows\ServicePackFiles\i386\unires.dll
917.500: Copied file: c:\windows\ServicePackFiles\i386\msxactps.dll
917.532: Copied file: c:\windows\ServicePackFiles\i386\adv01nt5.dll
917.594: Copied file: c:\windows\ServicePackFiles\i386\newtop1.jpg
917.672: Copied file: c:\windows\ServicePackFiles\i386\netwlan5.sys
917.735: Copied file: c:\windows\ServicePackFiles\i386\inetwiz.exe
917.750: Copied file: c:\windows\ServicePackFiles\i386\ispwait.htm
917.750: Copied file: c:\windows\ServicePackFiles\i386\wiashext.dll
917.860: Copied file: c:\windows\ServicePackFiles\i386\agtctl15.tlb
917.891: Copied file: c:\windows\ServicePackFiles\i386\parport.sys
917.922: Copied file: c:\windows\ServicePackFiles\i386\html.iec
917.954: Copied file: c:\windows\ServicePackFiles\i386\framebuf.dll
918.000: Copied file: c:\windows\ServicePackFiles\i386\stub_fpsrvwin.exe
918.032: Copied file: c:\windows\ServicePackFiles\i386\npptools.dll
918.063: Copied file: c:\windows\ServicePackFiles\i386\ntdll.dll
918.188: Copied file: c:\windows\ServicePackFiles\i386\termmgr.dll
918.360: Copied file: c:\windows\ServicePackFiles\i386\helpctr.exe
918.500: Copied file: c:\windows\ServicePackFiles\i386\archvapp.inf
918.547: Copied file: c:\windows\ServicePackFiles\i386\rsmps.dll
918.719: Copied file: c:\windows\ServicePackFiles\i386\ausrinfo.htm
918.797: Copied file: c:\windows\ServicePackFiles\i386\msicw.isp
918.797: Copied file: c:\windows\ServicePackFiles\i386\oleprn.dll
918.829: Copied file: c:\windows\ServicePackFiles\i386\lcladvd.xml
918.875: Copied file: c:\windows\ServicePackFiles\i386\nvts.inf
918.891: Copied file: c:\windows\ServicePackFiles\i386\sconnect.htm
918.938: Copied file: c:\windows\ServicePackFiles\i386\itss.dll
918.969: Copied file: c:\windows\ServicePackFiles\i386\icwrmind.exe
919.000: Copied file: c:\windows\ServicePackFiles\i386\dtiwait.htm
919.032: Copied file: c:\windows\ServicePackFiles\i386\powercfg.exe
919.110: Copied file: c:\windows\ServicePackFiles\i386\mf3216.dll
919.141: Copied file: c:\windows\ServicePackFiles\i386\adeskerr.htm
919.297: Copied file: c:\windows\ServicePackFiles\i386\xpmin.wav
919.344: Copied file: c:\windows\ServicePackFiles\i386\psapi.dll
919.375: Copied file: c:\windows\ServicePackFiles\i386\shgina.dll
919.438: Copied file: c:\windows\ServicePackFiles\i386\usp10.dll
919.469: Copied file: c:\windows\ServicePackFiles\i386\lprmon.dll
919.500: Copied file: c:\windows\ServicePackFiles\i386\ati1btxx.sys
919.563: Copied file: c:\windows\ServicePackFiles\i386\pulse.htm
919.594: Copied file: c:\windows\ServicePackFiles\i386\monitor2.gif
919.657: Copied file: c:\windows\ServicePackFiles\i386\ati3duag.dll
919.922: Copied file: c:\windows\ServicePackFiles\i386\telnet.exe
919.969: Copied file: c:\windows\ServicePackFiles\i386\repdrvfs.dll
920.000: Copied file: c:\windows\ServicePackFiles\i386\wmiaprpl.dll
920.047: Copied file: c:\windows\ServicePackFiles\i386\rw001ext.dll
920.235: Copied file: c:\windows\ServicePackFiles\i386\bthci.dll
920.266: Copied file: c:\windows\ServicePackFiles\i386\pberr.htm
920.297: Copied file: c:\windows\ServicePackFiles\i386\epcl5res.dll
920.344: Copied file: c:\windows\ServicePackFiles\i386\wmiprvse.exe
920.375: Copied file: c:\windows\ServicePackFiles\i386\mstee.sys
920.391: Copied file: c:\windows\ServicePackFiles\i386\inetcfg.dll
920.500: Copied file: c:\windows\ServicePackFiles\i386\wab.exe
920.516: Copied file: c:\windows\ServicePackFiles\i386\dpmodemx.dll
920.532: Copied file: c:\windows\ServicePackFiles\i386\netplwiz.dll
920.625: Copied file: c:\windows\ServicePackFiles\i386\comrepl.exe
920.750: Copied file: c:\windows\ServicePackFiles\i386\hal.dll
920.782: Copied file: c:\windows\ServicePackFiles\i386\profmap.dll
920.797: Copied file: c:\windows\ServicePackFiles\i386\udfs.sys
920.844: Copied file: c:\windows\ServicePackFiles\i386\utopia~2.wav
920.875: Copied file: c:\windows\ServicePackFiles\i386\fxsevent.dll
920.891: Copied file: c:\windows\ServicePackFiles\i386\nac.dll
920.954: Copied file: c:\windows\ServicePackFiles\i386\gameenum.sys
921.032: Copied file: c:\windows\ServicePackFiles\i386\cimwin32.mof
921.219: Copied file: c:\windows\ServicePackFiles\i386\smlogcfg.dll
921.250: Copied file: c:\windows\ServicePackFiles\i386\msoeacct.dll
921.360: Copied file: c:\windows\ServicePackFiles\i386\eapconf.xsd
921.360: Copied file: c:\windows\ServicePackFiles\i386\agt0414.hlp
921.391: Copied file: c:\windows\ServicePackFiles\i386\msinfo.dll
921.454: Copied file: c:\windows\ServicePackFiles\i386\rdpsnd.dll
921.500: Copied file: c:\windows\ServicePackFiles\i386\agt0416.dll
921.547: Copied file: c:\windows\ServicePackFiles\i386\ssmyst.scr
921.579: Copied file: c:\windows\ServicePackFiles\i386\catsrvut.dll
921.641: Copied file: c:\windows\ServicePackFiles\i386\ohci1394.sys
921.688: Copied file: c:\windows\ServicePackFiles\i386\praguem.jpg
921.719: Copied file: c:\windows\ServicePackFiles\i386\umpnpmgr.dll
921.875: Copied file: c:\windows\ServicePackFiles\i386\mup.sys
921.891: Copied file: c:\windows\ServicePackFiles\i386\hidserv.dll
921.938: Copied file: c:\windows\ServicePackFiles\i386\courtney.acs
922.219: Copied file: c:\windows\ServicePackFiles\i386\dlttape.sys
922.297: Copied file: c:\windows\ServicePackFiles\i386\webclnt.dll
922.344: Copied file: c:\windows\ServicePackFiles\i386\agt0405.hlp
922.391: Copied file: c:\windows\ServicePackFiles\i386\hardware.chm
922.469: Copied file: c:\windows\ServicePackFiles\i386\agt0407.dll
922.500: Copied file: c:\windows\ServicePackFiles\i386\p3.sys
922.563: Copied file: c:\windows\ServicePackFiles\i386\arrow.gif
922.563: Copied file: c:\windows\ServicePackFiles\i386\i81xnt5.sys
922.610: Copied file: c:\windows\ServicePackFiles\i386\msscript.ocx
922.641: Copied file: c:\windows\ServicePackFiles\i386\odexl32.dll
922.672: Copied file: c:\windows\ServicePackFiles\i386\venice.jpg
922.719: Copied file: c:\windows\ServicePackFiles\i386\g400.inf
922.735: Copied file: c:\windows\ServicePackFiles\i386\ati2mtag.sys
922.813: Copied file: c:\windows\ServicePackFiles\i386\dbmsrpcn.dll
922.829: Copied file: c:\windows\ServicePackFiles\i386\mmcbase.dll
923.000: Copied file: c:\windows\ServicePackFiles\i386\sqldb20.dll
923.032: Copied file: c:\windows\ServicePackFiles\i386\credssp.dll
923.047: Copied file: c:\windows\ServicePackFiles\i386\fxsocm.dll
923.079: Copied file: c:\windows\ServicePackFiles\i386\sapi.dll
923.219: Copied file: c:\windows\ServicePackFiles\i386\classpnp.sys
923.235: Copied file: c:\windows\ServicePackFiles\i386\mobsync.exe
923.344: Copied file: c:\windows\ServicePackFiles\i386\hhsetup.dll
923.438: Copied file: c:\windows\ServicePackFiles\i386\slextspk.dll
923.469: Copied file: c:\windows\ServicePackFiles\i386\msctf.dll
923.500: Copied file: c:\windows\ServicePackFiles\i386\fp4awebs.dll
923.532: Copied file: c:\windows\ServicePackFiles\i386\es.dll
923.750: Copied file: c:\windows\ServicePackFiles\i386\ltmdmntt.sys
923.782: Copied file: c:\windows\ServicePackFiles\i386\ipsec.sys
923.813: Copied file: c:\windows\ServicePackFiles\i386\mpg2splt.ax
923.860: Copied file: c:\windows\ServicePackFiles\i386\i8042prt.sys
923.875: Copied file: c:\windows\ServicePackFiles\i386\agentsvr.exe
924.016: Copied file: c:\windows\ServicePackFiles\i386\snmpsnap.dll
924.079: Copied file: c:\windows\ServicePackFiles\i386\icwx25a.dun
924.079: Copied file: c:\windows\ServicePackFiles\i386\ps_schm.gdl
924.157: Copied file: c:\windows\ServicePackFiles\i386\pisam.jpg
924.188: Copied file: c:\windows\ServicePackFiles\i386\agt040d.hlp
924.375: Copied file: c:\windows\ServicePackFiles\i386\mouse_e.htm
924.391: Copied file: c:\windows\ServicePackFiles\i386\obeip.dun
924.391: Copied file: c:\windows\ServicePackFiles\i386\mdmgen.inf
924.438: Copied file: c:\windows\ServicePackFiles\i386\wadv01nt.sys
924.469: Copied file: c:\windows\ServicePackFiles\i386\msadco.dll
924.500: Copied file: c:\windows\ServicePackFiles\i386\pchshell.dll
924.516: Copied file: c:\windows\ServicePackFiles\i386\but4_idl.gif
924.516: Copied file: c:\windows\ServicePackFiles\i386\msimtf.dll
924.594: Copied file: c:\windows\ServicePackFiles\i386\psisdecd.dll
924.641: Copied file: c:\windows\ServicePackFiles\i386\nabtsfec.sys
924.657: Copied file: c:\windows\ServicePackFiles\i386\msrle32.dll
924.735: Copied file: c:\windows\ServicePackFiles\i386\dmusic.sys
924.813: Copied file: c:\windows\ServicePackFiles\i386\shtml.dll
924.860: Copied file: c:\windows\ServicePackFiles\i386\wuaucpl.cpl
924.969: Copied file: c:\windows\ServicePackFiles\i386\mmsystem.dll
925.032: Copied file: c:\windows\ServicePackFiles\i386\setup50.exe
925.063: Copied file: c:\windows\ServicePackFiles\i386\hypertrm.dll
925.141: Copied file: c:\windows\ServicePackFiles\i386\arial.ttf
925.219: Copied file: c:\windows\ServicePackFiles\i386\winnls.dll
925.266: Copied file: c:\windows\ServicePackFiles\i386\pscript5.dll
925.297: Copied file: c:\windows\ServicePackFiles\i386\ncprov.dll
925.469: Copied file: c:\windows\ServicePackFiles\i386\msdatl3.dll
925.547: Copied file: c:\windows\ServicePackFiles\i386\lhmstscx.dll
925.719: Copied file: c:\windows\ServicePackFiles\i386\wlan_bmc.xsd
925.719: Copied file: c:\windows\ServicePackFiles\i386\msimsg.dll
925.860: Copied file: c:\windows\ServicePackFiles\i386\xmlp_loc.xdr
925.875: Copied file: c:\windows\ServicePackFiles\i386\afd.sys
925.985: Copied file: c:\windows\ServicePackFiles\i386\ciodm.dll
926.000: Copied file: c:\windows\ServicePackFiles\i386\dmband.dll
926.032: Copied file: c:\windows\ServicePackFiles\i386\wdmaud.sys
926.141: Copied file: c:\windows\ServicePackFiles\i386\wfp7.inf
926.157: Copied file: c:\windows\ServicePackFiles\i386\pci.sys
926.172: Copied file: c:\windows\ServicePackFiles\i386\moviemk.exe
926.813: Copied file: c:\windows\ServicePackFiles\i386\phone.inf
926.844: Copied file: c:\windows\ServicePackFiles\i386\smbclass.sys
926.938: Copied file: c:\windows\ServicePackFiles\i386\xrxwiadr.dll
926.985: Copied file: c:\windows\ServicePackFiles\i386\wbemcomn.dll
927.016: Copied file: c:\windows\ServicePackFiles\i386\ndproxy.sys
927.172: Copied file: c:\windows\ServicePackFiles\i386\rdchost.dll
927.204: Copied file: c:\windows\ServicePackFiles\i386\oobeinfo.ini
927.204: Copied file: c:\windows\ServicePackFiles\i386\fsquirt.exe
927.282: Copied file: c:\windows\ServicePackFiles\i386\rhttpaa.dll
927.360: Copied file: c:\windows\ServicePackFiles\i386\usbmon.dll
927.454: Copied file: c:\windows\ServicePackFiles\i386\hidir.sys
927.485: Copied file: c:\windows\ServicePackFiles\i386\wshcon.dll
927.610: Copied file: c:\windows\ServicePackFiles\i386\wbemtest.exe
927.704: Copied file: c:\windows\ServicePackFiles\i386\fxsui.dll
910.719: Copied file: c:\windows\ServicePackFiles\i386\wsnmp32.dll
910.735: Copied file: c:\windows\ServicePackFiles\i386\msieftp.dll
910.782: Copied file: c:\windows\ServicePackFiles\i386\dsprop.dll
910.813: Copied file: c:\windows\ServicePackFiles\i386\iprtrmgr.dll
910.875: Copied file: c:\windows\ServicePackFiles\i386\wlan_wlp.xsd
910.907: Copied file: c:\windows\ServicePackFiles\i386\nmoldwb.dll
911.000: Copied file: c:\windows\ServicePackFiles\i386\adcvbs.inc
911.000: Copied file: c:\windows\ServicePackFiles\i386\mcastmib.dll
911.313: Copied file: c:\windows\ServicePackFiles\i386\hsfbs2s2.sys
911.407: Copied file: c:\windows\ServicePackFiles\i386\tcpmonui.dll
911.500: Copied file: c:\windows\ServicePackFiles\i386\pscript.hlp
911.547: Copied file: c:\windows\ServicePackFiles\i386\msdaprsr.dll
911.594: Copied file: c:\windows\ServicePackFiles\i386\perm3.sys
911.641: Copied file: c:\windows\ServicePackFiles\i386\migism.inf
911.704: Copied file: c:\windows\ServicePackFiles\i386\webfldrs.msi
911.782: Copied file: c:\windows\ServicePackFiles\i386\tty.ini
911.797: Copied file: c:\windows\ServicePackFiles\i386\msrd2x40.dll
911.875: Copied file: c:\windows\ServicePackFiles\i386\duser.dll
911.907: Copied file: c:\windows\ServicePackFiles\i386\locale.nls
911.969: Copied file: c:\windows\ServicePackFiles\i386\bulzano.jpg
912.000: Copied file: c:\windows\ServicePackFiles\i386\mscpxl32.dll
912.032: Copied file: c:\windows\ServicePackFiles\i386\p6font.gpd
912.110: Copied file: c:\windows\ServicePackFiles\i386\ntlsapi.dll
912.438: Copied file: c:\windows\ServicePackFiles\i386\utopiami.wav
912.454: Copied file: c:\windows\ServicePackFiles\i386\explorer.exe
912.516: Copied file: c:\windows\ServicePackFiles\i386\utopia~4.wav
912.516: Copied file: c:\windows\ServicePackFiles\i386\xmlp_hlp.xdr
912.516: Copied file: c:\windows\ServicePackFiles\i386\hid.dll
912.532: Copied file: c:\windows\ServicePackFiles\i386\datime.dll
912.563: Copied file: c:\windows\ServicePackFiles\i386\callcont.dll
912.657: Copied file: c:\windows\ServicePackFiles\i386\agt0416.hlp
912.672: Copied file: c:\windows\ServicePackFiles\i386\msoert2.dll
912.719: Copied file: c:\windows\ServicePackFiles\i386\dmime.dll
912.797: Copied file: c:\windows\ServicePackFiles\i386\wdma_via.inf
912.813: Copied file: c:\windows\ServicePackFiles\i386\expsrv.dll
912.844: Copied file: c:\windows\ServicePackFiles\i386\comctl32.dll
912.891: Copied file: c:\windows\ServicePackFiles\i386\usbehci.sys
912.954: Copied file: c:\windows\ServicePackFiles\i386\wuapi.dll
913.016: Copied file: c:\windows\ServicePackFiles\i386\c_g18030.dll
913.219: Copied file: c:\windows\ServicePackFiles\i386\pjl.gpd
913.250: Copied file: c:\windows\ServicePackFiles\i386\bitsprx3.dll
913.313: Copied file: c:\windows\ServicePackFiles\i386\sysmod.dll
913.469: Copied file: c:\windows\ServicePackFiles\i386\avc.sys
913.516: Copied file: c:\windows\ServicePackFiles\i386\xpstartu.wav
913.547: Copied file: c:\windows\ServicePackFiles\i386\wuaueng.dll
913.688: Copied file: c:\windows\ServicePackFiles\i386\alg.exe
913.704: Copied file: c:\windows\ServicePackFiles\i386\rnomdm.htm
913.782: Copied file: c:\windows\ServicePackFiles\i386\msdaorar.dll
913.813: Copied file: c:\windows\ServicePackFiles\i386\xprngout.wav
913.875: Copied file: c:\windows\ServicePackFiles\i386\iedkcs32.dll
913.907: Copied file: c:\windows\ServicePackFiles\i386\wshext.mui
913.938: Copied file: c:\windows\ServicePackFiles\i386\diantz.exe
913.985: Copied file: c:\windows\ServicePackFiles\i386\cryptui.dll
914.016: Copied file: c:\windows\ServicePackFiles\i386\sfloppy.sys
914.110: Copied file: c:\windows\ServicePackFiles\i386\agt0407.hlp
914.141: Copied file: c:\windows\ServicePackFiles\i386\amdagp.sys
914.157: Copied file: c:\windows\ServicePackFiles\i386\ntvdmd.dll
914.188: Copied file: c:\windows\ServicePackFiles\i386\spra041b.dll
914.329: Copied file: c:\windows\ServicePackFiles\i386\lsass.exe
914.375: Copied file: c:\windows\ServicePackFiles\i386\cxthsfs2.cty
914.422: Copied file: c:\windows\ServicePackFiles\i386\agt0409.dll
914.438: Copied file: c:\windows\ServicePackFiles\i386\gagp30kx.sys
914.516: Copied file: c:\windows\ServicePackFiles\i386\rpulse.htm
914.547: Copied file: c:\windows\ServicePackFiles\i386\clbcatex.dll
914.579: Copied file: c:\windows\ServicePackFiles\i386\xpsp1res.dll
914.625: Copied file: c:\windows\ServicePackFiles\i386\win32spl.dll
914.657: Copied file: c:\windows\ServicePackFiles\i386\ws2_32.dll
914.672: Copied file: c:\windows\ServicePackFiles\i386\ncpsres.dll
914.719: Copied file: c:\windows\ServicePackFiles\i386\bthserv.dll
914.750: Copied file: c:\windows\ServicePackFiles\i386\spoolsv.exe
914.782: Copied file: c:\windows\ServicePackFiles\i386\rpberr.htm
914.797: Copied file: c:\windows\ServicePackFiles\i386\6to4svc.dll
914.922: Copied file: c:\windows\ServicePackFiles\i386\vchnt5.dll
915.000: Copied file: c:\windows\ServicePackFiles\i386\kswdmcap.ax
915.032: Copied file: c:\windows\ServicePackFiles\i386\ipxwan.dll
915.110: Copied file: c:\windows\ServicePackFiles\i386\ipp_0014.asp
915.141: Copied file: c:\windows\ServicePackFiles\i386\access.cpl
915.297: Copied file: c:\windows\ServicePackFiles\i386\neweula2.htm
915.329: Copied file: c:\windows\ServicePackFiles\i386\wmipdskq.dll
915.344: Copied file: c:\windows\ServicePackFiles\i386\inetppui.dll
915.375: Copied file: c:\windows\ServicePackFiles\i386\softkbd.dll
915.391: Copied file: c:\windows\ServicePackFiles\i386\desk.cpl
915.438: Copied file: c:\windows\ServicePackFiles\i386\services.exe
915.454: Copied file: c:\windows\ServicePackFiles\i386\xpbatlow.wav
915.610: Copied file: c:\windows\ServicePackFiles\i386\isptype.htm
915.625: Copied file: c:\windows\ServicePackFiles\i386\nmchat.dll
915.641: Copied file: c:\windows\ServicePackFiles\i386\wordpad.exe
915.672: Copied file: c:\windows\ServicePackFiles\i386\ipp_0005.asp
915.704: Copied file: c:\windows\ServicePackFiles\i386\csrss.exe
915.750: Copied file: c:\windows\ServicePackFiles\i386\baseeap0.xsd
915.766: Copied file: c:\windows\ServicePackFiles\i386\ksecdd.sys
915.797: Copied file: c:\windows\ServicePackFiles\i386\icwx25c.dun
915.813: Copied file: c:\windows\ServicePackFiles\i386\winhttp.dll
915.844: Copied file: c:\windows\ServicePackFiles\i386\ac97ali.sys
915.891: Copied file: c:\windows\ServicePackFiles\i386\badpkey.htm
915.907: Copied file: c:\windows\ServicePackFiles\i386\comres.dll
915.985: Copied file: c:\windows\ServicePackFiles\i386\storprop.dll
916.063: Copied file: c:\windows\ServicePackFiles\i386\trkwks.dll
916.125: Copied file: c:\windows\ServicePackFiles\i386\grn_btn.gif
916.157: Copied file: c:\windows\ServicePackFiles\i386\mmc.exe
916.250: Copied file: c:\windows\ServicePackFiles\i386\atv10nt5.dll
916.329: Copied file: c:\windows\ServicePackFiles\i386\serenum.sys
916.391: Copied file: c:\windows\ServicePackFiles\i386\kstvtune.ax
916.438: Copied file: c:\windows\ServicePackFiles\i386\jscript.dll
916.485: Copied file: c:\windows\ServicePackFiles\i386\msdv.sys
916.532: Copied file: c:\windows\ServicePackFiles\i386\knperpid.dll
916.563: Copied file: c:\windows\ServicePackFiles\i386\mskssrv.sys
916.610: Copied file: c:\windows\ServicePackFiles\i386\mouse_g.htm
916.704: Copied file: c:\windows\ServicePackFiles\i386\odbcjt32.dll
916.750: Copied file: c:\windows\ServicePackFiles\i386\clickhr.gif
916.750: Copied file: c:\windows\ServicePackFiles\i386\netoc.dll
916.797: Copied file: c:\windows\ServicePackFiles\i386\kbdsmsfi.dll
916.829: Copied file: c:\windows\ServicePackFiles\i386\daxctle.ocx
916.875: Copied file: c:\windows\ServicePackFiles\i386\iccvid.dll
916.907: Copied file: c:\windows\ServicePackFiles\i386\nddeapir.exe
916.922: Copied file: c:\windows\ServicePackFiles\i386\wmidcprv.dll
916.954: Copied file: c:\windows\ServicePackFiles\i386\asctrls.ocx
916.969: Copied file: c:\windows\ServicePackFiles\i386\secdrv.sys
916.985: Copied file: c:\windows\ServicePackFiles\i386\sndrec32.exe
917.016: Copied file: c:\windows\ServicePackFiles\i386\comexp.chm
917.141: Copied file: c:\windows\ServicePackFiles\i386\tp4mon.exe
917.172: Copied file: c:\windows\ServicePackFiles\i386\proquota.exe
917.235: Copied file: c:\windows\ServicePackFiles\i386\wlan_onx.xsd
917.297: Copied file: c:\windows\ServicePackFiles\i386\more.com
917.391: Copied file: c:\windows\ServicePackFiles\i386\framedyn.dll
917.407: Copied file: c:\windows\ServicePackFiles\i386\unires.dll
917.500: Copied file: c:\windows\ServicePackFiles\i386\msxactps.dll
917.532: Copied file: c:\windows\ServicePackFiles\i386\adv01nt5.dll
917.594: Copied file: c:\windows\ServicePackFiles\i386\newtop1.jpg
917.672: Copied file: c:\windows\ServicePackFiles\i386\netwlan5.sys
917.735: Copied file: c:\windows\ServicePackFiles\i386\inetwiz.exe
917.750: Copied file: c:\windows\ServicePackFiles\i386\ispwait.htm
917.750: Copied file: c:\windows\ServicePackFiles\i386\wiashext.dll
917.860: Copied file: c:\windows\ServicePackFiles\i386\agtctl15.tlb
917.891: Copied file: c:\windows\ServicePackFiles\i386\parport.sys
917.922: Copied file: c:\windows\ServicePackFiles\i386\html.iec
917.954: Copied file: c:\windows\ServicePackFiles\i386\framebuf.dll
918.000: Copied file: c:\windows\ServicePackFiles\i386\stub_fpsrvwin.exe
918.032: Copied file: c:\windows\ServicePackFiles\i386\npptools.dll
918.063: Copied file: c:\windows\ServicePackFiles\i386\ntdll.dll
918.188: Copied file: c:\windows\ServicePackFiles\i386\termmgr.dll
918.360: Copied file: c:\windows\ServicePackFiles\i386\helpctr.exe
918.500: Copied file: c:\windows\ServicePackFiles\i386\archvapp.inf
918.547: Copied file: c:\windows\ServicePackFiles\i386\rsmps.dll
918.719: Copied file: c:\windows\ServicePackFiles\i386\ausrinfo.htm
918.797: Copied file: c:\windows\ServicePackFiles\i386\msicw.isp
918.797: Copied file: c:\windows\ServicePackFiles\i386\oleprn.dll
918.829: Copied file: c:\windows\ServicePackFiles\i386\lcladvd.xml
918.875: Copied file: c:\windows\ServicePackFiles\i386\nvts.inf
918.891: Copied file: c:\windows\ServicePackFiles\i386\sconnect.htm
918.938: Copied file: c:\windows\ServicePackFiles\i386\itss.dll
918.969: Copied file: c:\windows\ServicePackFiles\i386\icwrmind.exe
919.000: Copied file: c:\windows\ServicePackFiles\i386\dtiwait.htm
919.032: Copied file: c:\windows\ServicePackFiles\i386\powercfg.exe
919.110: Copied file: c:\windows\ServicePackFiles\i386\mf3216.dll
919.141: Copied file: c:\windows\ServicePackFiles\i386\adeskerr.htm
919.297: Copied file: c:\windows\ServicePackFiles\i386\xpmin.wav
919.344: Copied file: c:\windows\ServicePackFiles\i386\psapi.dll
919.375: Copied file: c:\windows\ServicePackFiles\i386\shgina.dll
919.438: Copied file: c:\windows\ServicePackFiles\i386\usp10.dll
919.469: Copied file: c:\windows\ServicePackFiles\i386\lprmon.dll
919.500: Copied file: c:\windows\ServicePackFiles\i386\ati1btxx.sys
919.563: Copied file: c:\windows\ServicePackFiles\i386\pulse.htm
919.594: Copied file: c:\windows\ServicePackFiles\i386\monitor2.gif
919.657: Copied file: c:\windows\ServicePackFiles\i386\ati3duag.dll
919.922: Copied file: c:\windows\ServicePackFiles\i386\telnet.exe
919.969: Copied file: c:\windows\ServicePackFiles\i386\repdrvfs.dll
920.000: Copied file: c:\windows\ServicePackFiles\i386\wmiaprpl.dll
920.047: Copied file: c:\windows\ServicePackFiles\i386\rw001ext.dll
920.235: Copied file: c:\windows\ServicePackFiles\i386\bthci.dll
920.266: Copied file: c:\windows\ServicePackFiles\i386\pberr.htm
920.297: Copied file: c:\windows\ServicePackFiles\i386\epcl5res.dll
920.344: Copied file: c:\windows\ServicePackFiles\i386\wmiprvse.exe
920.375: Copied file: c:\windows\ServicePackFiles\i386\mstee.sys
920.391: Copied file: c:\windows\ServicePackFiles\i386\inetcfg.dll
920.500: Copied file: c:\windows\ServicePackFiles\i386\wab.exe
920.516: Copied file: c:\windows\ServicePackFiles\i386\dpmodemx.dll
920.532: Copied file: c:\windows\ServicePackFiles\i386\netplwiz.dll
920.625: Copied file: c:\windows\ServicePackFiles\i386\comrepl.exe
920.750: Copied file: c:\windows\ServicePackFiles\i386\hal.dll
920.782: Copied file: c:\windows\ServicePackFiles\i386\profmap.dll
920.797: Copied file: c:\windows\ServicePackFiles\i386\udfs.sys
920.844: Copied file: c:\windows\ServicePackFiles\i386\utopia~2.wav
920.875: Copied file: c:\windows\ServicePackFiles\i386\fxsevent.dll
920.891: Copied file: c:\windows\ServicePackFiles\i386\nac.dll
920.954: Copied file: c:\windows\ServicePackFiles\i386\gameenum.sys
921.032: Copied file: c:\windows\ServicePackFiles\i386\cimwin32.mof
921.219: Copied file: c:\windows\ServicePackFiles\i386\smlogcfg.dll
921.250: Copied file: c:\windows\ServicePackFiles\i386\msoeacct.dll
921.360: Copied file: c:\windows\ServicePackFiles\i386\eapconf.xsd
921.360: Copied file: c:\windows\ServicePackFiles\i386\agt0414.hlp
921.391: Copied file: c:\windows\ServicePackFiles\i386\msinfo.dll
921.454: Copied file: c:\windows\ServicePackFiles\i386\rdpsnd.dll
921.500: Copied file: c:\windows\ServicePackFiles\i386\agt0416.dll
921.547: Copied file: c:\windows\ServicePackFiles\i386\ssmyst.scr
921.579: Copied file: c:\windows\ServicePackFiles\i386\catsrvut.dll
921.641: Copied file: c:\windows\ServicePackFiles\i386\ohci1394.sys
921.688: Copied file: c:\windows\ServicePackFiles\i386\praguem.jpg
921.719: Copied file: c:\windows\ServicePackFiles\i386\umpnpmgr.dll
921.875: Copied file: c:\windows\ServicePackFiles\i386\mup.sys
921.891: Copied file: c:\windows\ServicePackFiles\i386\hidserv.dll
921.938: Copied file: c:\windows\ServicePackFiles\i386\courtney.acs
922.219: Copied file: c:\windows\ServicePackFiles\i386\dlttape.sys
922.297: Copied file: c:\windows\ServicePackFiles\i386\webclnt.dll
922.344: Copied file: c:\windows\ServicePackFiles\i386\agt0405.hlp
922.391: Copied file: c:\windows\ServicePackFiles\i386\hardware.chm
922.469: Copied file: c:\windows\ServicePackFiles\i386\agt0407.dll
922.500: Copied file: c:\windows\ServicePackFiles\i386\p3.sys
922.563: Copied file: c:\windows\ServicePackFiles\i386\arrow.gif
922.563: Copied file: c:\windows\ServicePackFiles\i386\i81xnt5.sys
922.610: Copied file: c:\windows\ServicePackFiles\i386\msscript.ocx
922.641: Copied file: c:\windows\ServicePackFiles\i386\odexl32.dll
922.672: Copied file: c:\windows\ServicePackFiles\i386\venice.jpg
922.719: Copied file: c:\windows\ServicePackFiles\i386\g400.inf
922.735: Copied file: c:\windows\ServicePackFiles\i386\ati2mtag.sys
922.813: Copied file: c:\windows\ServicePackFiles\i386\dbmsrpcn.dll
922.829: Copied file: c:\windows\ServicePackFiles\i386\mmcbase.dll
923.000: Copied file: c:\windows\ServicePackFiles\i386\sqldb20.dll
923.032: Copied file: c:\windows\ServicePackFiles\i386\credssp.dll
923.047: Copied file: c:\windows\ServicePackFiles\i386\fxsocm.dll
923.079: Copied file: c:\windows\ServicePackFiles\i386\sapi.dll
923.219: Copied file: c:\windows\ServicePackFiles\i386\classpnp.sys
923.235: Copied file: c:\windows\ServicePackFiles\i386\mobsync.exe
923.344: Copied file: c:\windows\ServicePackFiles\i386\hhsetup.dll
923.438: Copied file: c:\windows\ServicePackFiles\i386\slextspk.dll
923.469: Copied file: c:\windows\ServicePackFiles\i386\msctf.dll
923.500: Copied file: c:\windows\ServicePackFiles\i386\fp4awebs.dll
923.532: Copied file: c:\windows\ServicePackFiles\i386\es.dll
923.750: Copied file: c:\windows\ServicePackFiles\i386\ltmdmntt.sys
923.782: Copied file: c:\windows\ServicePackFiles\i386\ipsec.sys
923.813: Copied file: c:\windows\ServicePackFiles\i386\mpg2splt.ax
923.860: Copied file: c:\windows\ServicePackFiles\i386\i8042prt.sys
923.875: Copied file: c:\windows\ServicePackFiles\i386\agentsvr.exe
924.016: Copied file: c:\windows\ServicePackFiles\i386\snmpsnap.dll
924.079: Copied file: c:\windows\ServicePackFiles\i386\icwx25a.dun
924.079: Copied file: c:\windows\ServicePackFiles\i386\ps_schm.gdl
924.157: Copied file: c:\windows\ServicePackFiles\i386\pisam.jpg
924.188: Copied file: c:\windows\ServicePackFiles\i386\agt040d.hlp
924.375: Copied file: c:\windows\ServicePackFiles\i386\mouse_e.htm
924.391: Copied file: c:\windows\ServicePackFiles\i386\obeip.dun
924.391: Copied file: c:\windows\ServicePackFiles\i386\mdmgen.inf
924.438: Copied file: c:\windows\ServicePackFiles\i386\wadv01nt.sys
924.469: Copied file: c:\windows\ServicePackFiles\i386\msadco.dll
924.500: Copied file: c:\windows\ServicePackFiles\i386\pchshell.dll
924.516: Copied file: c:\windows\ServicePackFiles\i386\but4_idl.gif
924.516: Copied file: c:\windows\ServicePackFiles\i386\msimtf.dll
924.594: Copied file: c:\windows\ServicePackFiles\i386\psisdecd.dll
924.641: Copied file: c:\windows\ServicePackFiles\i386\nabtsfec.sys
924.657: Copied file: c:\windows\ServicePackFiles\i386\msrle32.dll
924.735: Copied file: c:\windows\ServicePackFiles\i386\dmusic.sys
924.813: Copied file: c:\windows\ServicePackFiles\i386\shtml.dll
924.860: Copied file: c:\windows\ServicePackFiles\i386\wuaucpl.cpl
924.969: Copied file: c:\windows\ServicePackFiles\i386\mmsystem.dll
925.032: Copied file: c:\windows\ServicePackFiles\i386\setup50.exe
925.063: Copied file: c:\windows\ServicePackFiles\i386\hypertrm.dll
925.141: Copied file: c:\windows\ServicePackFiles\i386\arial.ttf
925.219: Copied file: c:\windows\ServicePackFiles\i386\winnls.dll
925.266: Copied file: c:\windows\ServicePackFiles\i386\pscript5.dll
925.297: Copied file: c:\windows\ServicePackFiles\i386\ncprov.dll
925.469: Copied file: c:\windows\ServicePackFiles\i386\msdatl3.dll
925.547: Copied file: c:\windows\ServicePackFiles\i386\lhmstscx.dll
925.719: Copied file: c:\windows\ServicePackFiles\i386\wlan_bmc.xsd
925.719: Copied file: c:\windows\ServicePackFiles\i386\msimsg.dll
925.860: Copied file: c:\windows\ServicePackFiles\i386\xmlp_loc.xdr
925.875: Copied file: c:\windows\ServicePackFiles\i386\afd.sys
925.985: Copied file: c:\windows\ServicePackFiles\i386\ciodm.dll
926.000: Copied file: c:\windows\ServicePackFiles\i386\dmband.dll
926.032: Copied file: c:\windows\ServicePackFiles\i386\wdmaud.sys
926.141: Copied file: c:\windows\ServicePackFiles\i386\wfp7.inf
926.157: Copied file: c:\windows\ServicePackFiles\i386\pci.sys
926.172: Copied file: c:\windows\ServicePackFiles\i386\moviemk.exe
926.813: Copied file: c:\windows\ServicePackFiles\i386\phone.inf
926.844: Copied file: c:\windows\ServicePackFiles\i386\smbclass.sys
926.938: Copied file: c:\windows\ServicePackFiles\i386\xrxwiadr.dll
926.985: Copied file: c:\windows\ServicePackFiles\i386\wbemcomn.dll
927.016: Copied file: c:\windows\ServicePackFiles\i386\ndproxy.sys
927.172: Copied file: c:\windows\ServicePackFiles\i386\rdchost.dll
927.204: Copied file: c:\windows\ServicePackFiles\i386\oobeinfo.ini
927.204: Copied file: c:\windows\ServicePackFiles\i386\fsquirt.exe
927.282: Copied file: c:\windows\ServicePackFiles\i386\rhttpaa.dll
927.360: Copied file: c:\windows\ServicePackFiles\i386\usbmon.dll
927.454: Copied file: c:\windows\ServicePackFiles\i386\hidir.sys
927.485: Copied file: c:\windows\ServicePackFiles\i386\wshcon.dll
927.610: Copied file: c:\windows\ServicePackFiles\i386\wbemtest.exe
927.704: Copied file: c:\windows\ServicePackFiles\i386\fxsui.dll
927.735: Copied file: c:\windows\ServicePackFiles\i386\progress.gif
927.735: Copied file: c:\windows\ServicePackFiles\i386\cmstp.exe
927.750: Copied file: c:\windows\ServicePackFiles\i386\conf.exe
927.860: Copied file: c:\windows\ServicePackFiles\i386\sqlse20.dll
927.907: Copied file: c:\windows\ServicePackFiles\i386\xphdrem.wav
927.954: Copied file: c:\windows\ServicePackFiles\i386\msnsspc.dll
928.016: Copied file: c:\windows\ServicePackFiles\i386\ariblk.ttf
928.032: Copied file: c:\windows\ServicePackFiles\i386\irmon.dll
928.110: Copied file: c:\windows\ServicePackFiles\i386\rndismp.sys
928.157: Copied file: c:\windows\ServicePackFiles\i386\msidle.dll
928.188: Copied file: c:\windows\ServicePackFiles\i386\fltmc.exe
928.219: Copied file: c:\windows\ServicePackFiles\i386\msdaenum.dll
928.297: Copied file: c:\windows\ServicePackFiles\i386\msado15.dll
928.516: Copied file: c:\windows\ServicePackFiles\i386\ndiswan.sys
928.532: Copied file: c:\windows\ServicePackFiles\i386\agp440.sys
928.563: Copied file: c:\windows\ServicePackFiles\i386\btpanui.dll
928.625: Copied file: c:\windows\ServicePackFiles\i386\mswdat10.dll
928.704: Copied file: c:\windows\ServicePackFiles\i386\ntvdm.exe
928.860: Copied file: c:\windows\ServicePackFiles\i386\sessmgr.exe
928.922: Copied file: c:\windows\ServicePackFiles\i386\wuweb.dll
928.954: Copied file: c:\windows\ServicePackFiles\i386\admin.dll
929.000: Copied file: c:\windows\ServicePackFiles\i386\news.png
929.172: Copied file: c:\windows\ServicePackFiles\i386\logonui.exe
929.219: Copied file: c:\windows\ServicePackFiles\i386\wavemsp.dll
929.266: Copied file: c:\windows\ServicePackFiles\i386\runonce.exe
929.282: Copied file: c:\windows\ServicePackFiles\i386\dnsapi.dll
929.297: Copied file: c:\windows\ServicePackFiles\i386\1394bus.sys
929.344: Copied file: c:\windows\ServicePackFiles\i386\jndomain.htm
929.375: Copied file: c:\windows\ServicePackFiles\i386\urlmon.dll
929.547: Copied file: c:\windows\ServicePackFiles\i386\credui.dll
929.594: Copied file: c:\windows\ServicePackFiles\i386\moviemk.inf
929.625: Copied file: c:\windows\ServicePackFiles\i386\usbuhci.sys
929.797: Copied file: c:\windows\ServicePackFiles\i386\utopiame.wav
929.875: Copied file: c:\windows\ServicePackFiles\i386\redshd.gif
929.891: Copied file: c:\windows\ServicePackFiles\i386\btn3.gif
929.938: Copied file: c:\windows\ServicePackFiles\i386\recagent.sys
929.969: Copied file: c:\windows\ServicePackFiles\i386\agt0412.hlp
930.000: Copied file: c:\windows\ServicePackFiles\i386\mouclass.sys
930.063: Copied file: c:\windows\ServicePackFiles\i386\lhrdesk.chm
930.094: Copied file: c:\windows\ServicePackFiles\i386\knpropid.dll
930.125: Copied file: c:\windows\ServicePackFiles\i386\kernel32.dll
930.235: Copied file: c:\windows\ServicePackFiles\i386\agt0414.dll
930.266: Copied file: c:\windows\ServicePackFiles\i386\mspaint.exe
930.313: Copied file: c:\windows\ServicePackFiles\i386\unimdmat.dll
930.344: Copied file: c:\windows\ServicePackFiles\i386\sethc.exe
930.375: Copied file: c:\windows\ServicePackFiles\i386\sysocmgr.exe
930.454: Copied file: c:\windows\ServicePackFiles\i386\mtstocom.exe
930.485: Copied file: c:\windows\ServicePackFiles\i386\usbport.sys
930.516: Copied file: c:\windows\ServicePackFiles\i386\pcmcia.sys
930.610: Copied file: c:\windows\ServicePackFiles\i386\cimwin32.mfl
930.766: Copied file: c:\windows\ServicePackFiles\i386\rasadhlp.dll
930.813: Copied file: c:\windows\ServicePackFiles\i386\kbdlk41a.dll
930.954: Copied file: c:\windows\ServicePackFiles\i386\wmphoto.dll
931.000: Copied file: c:\windows\ServicePackFiles\i386\iepeers.dll
931.172: Copied file: c:\windows\ServicePackFiles\i386\ramdisk.inf
931.204: Copied file: c:\windows\ServicePackFiles\i386\wmicookr.dll
931.219: Copied file: c:\windows\ServicePackFiles\i386\agt0405.dll
931.235: Copied file: c:\windows\ServicePackFiles\i386\rdpdr.sys
931.266: Copied file: c:\windows\ServicePackFiles\i386\shell32.dll
931.829: Copied file: c:\windows\ServicePackFiles\i386\msjint40.dll
931.922: Copied file: c:\windows\ServicePackFiles\i386\icwdial.chm
932.079: Copied file: c:\windows\ServicePackFiles\i386\simpdata.tlb
932.141: Copied file: c:\windows\ServicePackFiles\i386\fontview.exe
932.188: Copied file: c:\windows\ServicePackFiles\i386\wmaccess.inf
932.188: Copied file: c:\windows\ServicePackFiles\i386\msobmain.dll
932.235: Copied file: c:\windows\ServicePackFiles\i386\amdk6.sys
932.282: Copied file: c:\windows\ServicePackFiles\i386\w95upgnt.dll
932.344: Copied file: c:\windows\ServicePackFiles\i386\usbscan.sys
932.375: Copied file: c:\windows\ServicePackFiles\i386\ipp_0010.asp
932.422: Copied file: c:\windows\ServicePackFiles\i386\dxdiag.chm
932.454: Copied file: c:\windows\ServicePackFiles\i386\ati1xsxx.sys
932.469: Copied file: c:\windows\ServicePackFiles\i386\sffdisk.sys
932.500: Copied file: c:\windows\ServicePackFiles\i386\mmcexr.dll
932.625: Copied file: c:\windows\ServicePackFiles\i386\hpcjrrps.dll
932.657: Copied file: c:\windows\ServicePackFiles\i386\format.com
932.688: Copied file: c:\windows\ServicePackFiles\i386\usbhub.sys
932.766: Copied file: c:\windows\ServicePackFiles\i386\setupapi.dll
932.860: Copied file: c:\windows\ServicePackFiles\i386\msapsspc.dll
932.875: Copied file: c:\windows\ServicePackFiles\i386\hand1.gif
932.907: Copied file: c:\windows\ServicePackFiles\i386\fxsperf.dll
932.954: Copied file: c:\windows\ServicePackFiles\i386\wlan_mpu.xsd
932.969: Copied file: c:\windows\ServicePackFiles\i386\iconnect.js
932.985: Copied file: c:\windows\ServicePackFiles\i386\rsh.exe
933.000: Copied file: c:\windows\ServicePackFiles\i386\wdmaud.drv
933.063: Copied file: c:\windows\ServicePackFiles\i386\ipp_0001.asp
933.282: Copied file: c:\windows\ServicePackFiles\i386\svchost.exe
933.422: Copied file: c:\windows\ServicePackFiles\i386\eapqec.dll
933.438: Copied file: c:\windows\ServicePackFiles\i386\mstinit.exe
933.516: Copied file: c:\windows\ServicePackFiles\i386\cobramsg.dll
933.547: Copied file: c:\windows\ServicePackFiles\i386\isenpid.dll
933.594: Copied file: c:\windows\ServicePackFiles\i386\kbdibm02.dll
933.625: Copied file: c:\windows\ServicePackFiles\i386\luna.mst
933.829: Copied file: c:\windows\ServicePackFiles\i386\ocmsn.dll
933.844: Copied file: c:\windows\ServicePackFiles\i386\netmeet.htm
933.875: Copied file: c:\windows\ServicePackFiles\i386\acxtrnal.dll
933.938: Copied file: c:\windows\ServicePackFiles\i386\scrrun.dll
933.985: Copied file: c:\windows\ServicePackFiles\i386\mshtml.tlb
934.125: Copied file: c:\windows\ServicePackFiles\i386\agt040b.hlp
934.157: Copied file: c:\windows\ServicePackFiles\i386\tsoc.dll
934.547: Copied file: c:\windows\ServicePackFiles\i386\mouse_c.htm
934.563: Copied file: c:\windows\ServicePackFiles\i386\utopiaas.wav
934.594: Copied file: c:\windows\ServicePackFiles\i386\ac97via.sys
934.610: Copied file: c:\windows\ServicePackFiles\i386\xpnetdg.xsl
934.610: Copied file: c:\windows\ServicePackFiles\i386\agt040d.dll
934.625: Copied file: c:\windows\ServicePackFiles\i386\msasn1.dll
934.657: Copied file: c:\windows\ServicePackFiles\i386\mssmbios.sys
934.719: Copied file: c:\windows\ServicePackFiles\i386\but3_idl.gif
934.719: Copied file: c:\windows\ServicePackFiles\i386\fp40ext.inf
934.782: Copied file: c:\windows\ServicePackFiles\i386\xpinfbar.wav
934.813: Copied file: c:\windows\ServicePackFiles\i386\4mmdat.sys
934.829: Copied file: c:\windows\ServicePackFiles\i386\perfctrs.dll
934.860: Copied file: c:\windows\ServicePackFiles\i386\wlan_mcu.xsd
934.860: Copied file: c:\windows\ServicePackFiles\i386\nv4_mini.sys
935.063: Copied file: c:\windows\ServicePackFiles\i386\localsec.dll
935.188: Copied file: c:\windows\ServicePackFiles\i386\stclient.dll
935.235: Copied file: c:\windows\ServicePackFiles\i386\newbtm1.jpg
935.266: Copied file: c:\windows\ServicePackFiles\i386\odbcint.dll
935.329: Copied file: c:\windows\ServicePackFiles\i386\xfp.xml
935.329: Copied file: c:\windows\ServicePackFiles\i386\nwprovau.dll
935.344: Copied file: c:\windows\ServicePackFiles\i386\mspbde40.dll
935.579: Copied file: c:\windows\ServicePackFiles\i386\cisvc.exe
935.610: Copied file: c:\windows\ServicePackFiles\i386\atm.chm
935.625: Copied file: c:\windows\ServicePackFiles\i386\ss3dfo.scr
935.735: Copied file: c:\windows\ServicePackFiles\i386\lhmstsc.chm
935.829: Copied file: c:\windows\ServicePackFiles\i386\lprhelp.dll
935.891: Copied file: c:\windows\ServicePackFiles\i386\oddbse32.dll
935.922: Copied file: c:\windows\ServicePackFiles\i386\triedit.dll
935.954: Copied file: c:\windows\ServicePackFiles\i386\ndptsp.tsp
935.985: Copied file: c:\windows\ServicePackFiles\i386\txflog.dll
936.000: Copied file: c:\windows\ServicePackFiles\i386\iernonce.dll
936.016: Copied file: c:\windows\ServicePackFiles\i386\cryptdll.dll
936.047: Copied file: c:\windows\ServicePackFiles\i386\cmsetacl.dll
936.047: Copied file: c:\windows\ServicePackFiles\i386\cliconfg.exe
936.079: Copied file: c:\windows\ServicePackFiles\i386\portcls.sys
936.172: Copied file: c:\windows\ServicePackFiles\i386\watv02nt.sys
936.344: Copied file: c:\windows\ServicePackFiles\i386\odbcad32.exe
936.375: Copied file: c:\windows\ServicePackFiles\i386\wfp5.inf
936.375: Copied file: c:\windows\ServicePackFiles\i386\xpnetdg.exe
936.422: Copied file: c:\windows\ServicePackFiles\i386\sxs.dll
936.485: Copied file: c:\windows\ServicePackFiles\i386\comic.ttf
936.532: Copied file: c:\windows\ServicePackFiles\i386\xpbatcrt.wav
936.563: Copied file: c:\windows\ServicePackFiles\i386\filemgmt.dll
936.766: Copied file: c:\windows\ServicePackFiles\i386\dslmain.htm
936.797: Copied file: c:\windows\ServicePackFiles\i386\mfcsubs.dll
936.813: Copied file: c:\windows\ServicePackFiles\i386\wshtcpip.dll
936.844: Copied file: c:\windows\ServicePackFiles\i386\inetpp.dll
936.875: Copied file: c:\windows\ServicePackFiles\i386\fxscom.dll
936.891: Copied file: c:\windows\ServicePackFiles\i386\msdtcuiu.dll
936.922: Copied file: c:\windows\ServicePackFiles\i386\aec.sys
936.954: Copied file: c:\windows\ServicePackFiles\i386\atmfd.dll
937.000: Copied file: c:\windows\ServicePackFiles\i386\shimeng.dll
937.110: Copied file: c:\windows\ServicePackFiles\i386\sffp_sd.sys
937.141: Copied file: c:\windows\ServicePackFiles\i386\imaadp32.acm
937.157: Copied file: c:\windows\ServicePackFiles\i386\mschap2.xsd
937.157: Copied file: c:\windows\ServicePackFiles\i386\nmnt.sys
937.172: Copied file: c:\windows\ServicePackFiles\i386\oobestyl.css
937.235: Copied file: c:\windows\ServicePackFiles\i386\dataspec.xml
937.250: Copied file: c:\windows\ServicePackFiles\i386\usb101et.sys
937.313: Copied file: c:\windows\ServicePackFiles\i386\tscinst.vbs
937.516: Copied file: c:\windows\ServicePackFiles\i386\bthenum.sys
937.579: Copied file: c:\windows\ServicePackFiles\i386\rasmans.dll
937.594: Copied file: c:\windows\ServicePackFiles\i386\mtlmnt5.sys
937.610: Copied file: c:\windows\ServicePackFiles\i386\riafui2.dll
937.641: Copied file: c:\windows\ServicePackFiles\i386\riafres.dll
937.672: Copied file: c:\windows\ServicePackFiles\i386\xptht27d.jpg
937.719: Copied file: c:\windows\ServicePackFiles\i386\migpage.htm
937.735: Copied file: c:\windows\ServicePackFiles\i386\jndom_a.htm
937.891: Copied file: c:\windows\ServicePackFiles\i386\snmpincl.dll
937.938: Copied file: c:\windows\ServicePackFiles\i386\dmstyle.dll
938.000: Copied file: c:\windows\ServicePackFiles\i386\toobusy.htm
938.032: Copied file: c:\windows\ServicePackFiles\i386\dfsshlex.dll
938.047: Copied file: c:\windows\ServicePackFiles\i386\wzcsapi.dll
938.172: Copied file: c:\windows\ServicePackFiles\i386\dimsroam.dll
938.219: Copied file: c:\windows\ServicePackFiles\i386\helpsvc.exe
938.391: Copied file: c:\windows\ServicePackFiles\i386\capesnpn.dll
938.422: Copied file: c:\windows\ServicePackFiles\i386\uploadm.exe
938.469: Copied file: c:\windows\ServicePackFiles\i386\wbemsvc.dll
938.485: Copied file: c:\windows\ServicePackFiles\i386\mslogo.jpg
938.579: Copied file: c:\windows\ServicePackFiles\i386\ntoc.dll
938.625: Copied file: c:\windows\ServicePackFiles\i386\mstask.dll
938.672: Copied file: c:\windows\ServicePackFiles\i386\dgnet.dll
938.719: Copied file: c:\windows\ServicePackFiles\i386\wiaacmgr.exe
938.829: Copied file: c:\windows\ServicePackFiles\i386\modemui.dll
939.204: Copied file: c:\windows\ServicePackFiles\i386\btn1.gif
939.313: Copied file: c:\windows\ServicePackFiles\i386\filters.xml
939.344: Copied file: c:\windows\ServicePackFiles\i386\dpnhupnp.dll
939.407: Copied file: c:\windows\ServicePackFiles\i386\agt0410.hlp
939.563: Copied file: c:\windows\ServicePackFiles\i386\tdpipe.sys
939.657: Copied file: c:\windows\ServicePackFiles\i386\d3dim700.dll
939.704: Copied file: c:\windows\ServicePackFiles\i386\homepage.inf
939.704: Copied file: c:\windows\ServicePackFiles\i386\ssmypics.scr
939.782: Copied file: c:\windows\ServicePackFiles\i386\dmusic.dll
939.829: Copied file: c:\windows\ServicePackFiles\i386\odfox32.dll
939.860: Copied file: c:\windows\ServicePackFiles\i386\ole32.dll
939.969: Copied file: c:\windows\ServicePackFiles\i386\paint.png
940.157: Copied file: c:\windows\ServicePackFiles\i386\agt0412.dll
940.188: Copied file: c:\windows\ServicePackFiles\i386\phone.icw
940.219: Copied file: c:\windows\ServicePackFiles\i386\jgdw400.dll
940.266: Copied file: c:\windows\ServicePackFiles\i386\nextover.jpg
940.297: Copied file: c:\windows\ServicePackFiles\i386\vfwwdm32.dll
940.360: Copied file: c:\windows\ServicePackFiles\i386\wpatop.jpg
940.407: Copied file: c:\windows\ServicePackFiles\i386\ipnat.sys
940.469: Copied file: c:\windows\ServicePackFiles\i386\wmiutils.dll
940.485: Copied file: c:\windows\ServicePackFiles\i386\kerberos.dll
940.579: Copied file: c:\windows\ServicePackFiles\i386\ltotape.sys
940.641: Copied file: c:\windows\ServicePackFiles\i386\pdh.dll
940.735: Copied file: c:\windows\ServicePackFiles\i386\wbemcntl.dll
940.875: Copied file: c:\windows\ServicePackFiles\i386\wlan_ecp.xsd
940.875: Copied file: c:\windows\ServicePackFiles\i386\xolehlp.dll
940.907: Copied file: c:\windows\ServicePackFiles\i386\usmtdef.inf
940.922: Copied file: c:\windows\ServicePackFiles\i386\qmgr.dll
941.032: Copied file: c:\windows\ServicePackFiles\i386\page1.asp
941.094: Copied file: c:\windows\ServicePackFiles\i386\imsinsnt.dll
941.125: Copied file: c:\windows\ServicePackFiles\i386\wbemcore.dll
941.157: Copied file: c:\windows\ServicePackFiles\i386\cfgwiz.exe
941.329: Copied file: c:\windows\ServicePackFiles\i386\untfs.dll
941.360: Copied file: c:\windows\ServicePackFiles\i386\ulib.dll
941.391: Copied file: c:\windows\ServicePackFiles\i386\prodkey.htm
941.422: Copied file: c:\windows\ServicePackFiles\i386\agt0401.hlp
941.454: Copied file: c:\windows\ServicePackFiles\i386\fontext.dll
941.485: Copied file: c:\windows\ServicePackFiles\i386\comadmin.dll
941.516: Copied file: c:\windows\ServicePackFiles\i386\evntrprv.dl
941.579: Copied file: c:\windows\ServicePackFiles\i386\xmlp_mpu.xdr
941.579: Copied file: c:\windows\ServicePackFiles\i386\dskquop.chm
941.641: Copied file: c:\windows\ServicePackFiles\i386\utopiaop.wav
941.672: Copied file: c:\windows\ServicePackFiles\i386\findstr.exe
941.704: Copied file: c:\windows\ServicePackFiles\i386\nextoff.jpg
941.766: Copied file: c:\windows\ServicePackFiles\i386\mfc42.dll
941.860: Copied file: c:\windows\ServicePackFiles\i386\recycle.wav
941.922: Copied file: c:\windows\ServicePackFiles\i386\obelog.dll
941.969: Copied file: c:\windows\ServicePackFiles\i386\xmlprov.dll
942.047: Copied file: c:\windows\ServicePackFiles\i386\qprocess.exe
942.157: Copied file: c:\windows\ServicePackFiles\i386\msident.dll
942.469: Copied file: c:\windows\ServicePackFiles\i386\termsrv.dll
942.532: Copied file: c:\windows\ServicePackFiles\i386\halacpi.dll
942.579: Copied file: c:\windows\ServicePackFiles\i386\reg.isp
942.579: Copied file: c:\windows\ServicePackFiles\i386\oemiglib.dll
942.610: Copied file: c:\windows\ServicePackFiles\i386\drm.inf
942.625: Copied file: c:\windows\ServicePackFiles\i386\irda.sys
942.657: Copied file: c:\windows\ServicePackFiles\i386\ir41_32.ax
942.735: Copied file: c:\windows\ServicePackFiles\i386\arialbd.ttf
942.891: Copied file: c:\windows\ServicePackFiles\i386\xmlprovi.dll
942.922: Copied file: c:\windows\ServicePackFiles\i386\kbdinbe1.dll
942.938: Copied file: c:\windows\ServicePackFiles\i386\ipnathlp.dll
943.032: Copied file: c:\windows\ServicePackFiles\i386\mshtmled.dll
943.110: Copied file: c:\windows\ServicePackFiles\i386\fxstiff.dll
943.172: Copied file: c:\windows\ServicePackFiles\i386\adv07nt5.dll
943.375: Copied file: c:\windows\ServicePackFiles\i386\cdrom.sys
943.625: Copied file: c:\windows\ServicePackFiles\i386\atiixpag.inf
943.641: Copied file: c:\windows\ServicePackFiles\i386\setup.exe
943.672: Copied file: c:\windows\ServicePackFiles\i386\xmlp_mcu.xdr
943.672: Copied file: c:\windows\ServicePackFiles\i386\hidbth.sys
943.688: Copied file: c:\windows\ServicePackFiles\i386\an983.sys
943.704: Copied file: c:\windows\ServicePackFiles\i386\autochk.exe
943.766: Copied file: c:\windows\ServicePackFiles\i386\battc.sys
943.782: Copied file: c:\windows\ServicePackFiles\i386\ntmtlfax.sys
943.829: Copied file: c:\windows\ServicePackFiles\i386\spdwnwxp.exe
943.829: Copied file: c:\windows\ServicePackFiles\i386\ipv6mon.dll
943.860: Copied file: c:\windows\ServicePackFiles\i386\fltmgr.sys
943.954: Copied file: c:\windows\ServicePackFiles\i386\mstlsapi.dll
944.032: Copied file: c:\windows\ServicePackFiles\i386\rasl2tp.sys
944.063: Copied file: c:\windows\ServicePackFiles\i386\spnpinst.exe
944.344: Copied file: c:\windows\ServicePackFiles\i386\dsound3d.dll
944.454: Copied file: c:\windows\ServicePackFiles\i386\fp4autl.dll
944.672: Copied file: c:\windows\ServicePackFiles\i386\dllhost.exe
944.735: Copied file: c:\windows\ServicePackFiles\i386\msadcer.dll
944.766: Copied file: c:\windows\ServicePackFiles\i386\compbatt.sys
944.782: Copied file: c:\windows\ServicePackFiles\i386\ds16gt.dll
944.797: Copied file: c:\windows\ServicePackFiles\i386\mouse_a.htm
944.813: Copied file: c:\windows\ServicePackFiles\i386\agt040b.dll
944.860: Copied file: c:\windows\ServicePackFiles\i386\but2_idl.gif
944.860: Copied file: c:\windows\ServicePackFiles\i386\smss.exe
944.891: Copied file: c:\windows\ServicePackFiles\i386\agt0c0a.hlp
944.907: Copied file: c:\windows\ServicePackFiles\i386\oobeutil.js
944.938: Copied file: c:\windows\ServicePackFiles\i386\stdole2.tlb
944.969: Copied file: c:\windows\ServicePackFiles\i386\fontsub.dll
945.079: Copied file: c:\windows\ServicePackFiles\i386\nslookup.exe
945.141: Copied file: c:\windows\ServicePackFiles\i386\xpringin.wav
945.360: Copied file: c:\windows\ServicePackFiles\i386\xptht41w.htm
945.422: Copied file: c:\windows\ServicePackFiles\i386\kmddsp.tsp
945.563: Copied file: c:\windows\ServicePackFiles\i386\dpnaddr.dll
945.704: Copied file: c:\windows\ServicePackFiles\i386\wstdecod.dll
945.797: Copied file: c:\windows\ServicePackFiles\i386\wmipsess.dll
945.844: Copied file: c:\windows\ServicePackFiles\i386\xprestor.wav
945.891: Copied file: c:\windows\ServicePackFiles\i386\mdmntstm.inf
945.907: Copied file: c:\windows\ServicePackFiles\i386\atinbtxx.sys
945.954: Copied file: c:\windows\ServicePackFiles\i386\winbrand.dll
946.125: Copied file: c:\windows\ServicePackFiles\i386\msoe.dll
946.297: Copied file: c:\windows\ServicePackFiles\i386\imapi.sys
946.329: Copied file: c:\windows\ServicePackFiles\i386\sysfiles.inf
946.485: Copied file: c:\windows\ServicePackFiles\i386\sorttbls.nls
946.516: Copied file: c:\windows\ServicePackFiles\i386\wmi.dll
946.579: Copied file: c:\windows\ServicePackFiles\i386\wanarp.sys
946.594: Copied file: c:\windows\ServicePackFiles\i386\eapcom.xsd
946.594: Copied file: c:\windows\ServicePackFiles\i386\h323cc.dll
946.625: Copied file: c:\windows\ServicePackFiles\i386\iis.dll
946.704: Copied file: c:\windows\ServicePackFiles\i386\dssenh.dll
946.922: Copied file: c:\windows\ServicePackFiles\i386\reg.exe
946.969: Copied file: c:\windows\ServicePackFiles\i386\slntamr.sys
947.125: Copied file: c:\windows\ServicePackFiles\i386\pcx500.sys
947.157: Copied file: c:\windows\ServicePackFiles\i386\wfp3.inf
947.188: Copied file: c:\windows\ServicePackFiles\i386\dmadmin.exe
947.235: Copied file: c:\windows\ServicePackFiles\i386\ndisnpp.dll
947.266: Copied file: c:\windows\ServicePackFiles\i386\twext.dll
947.313: Copied file: c:\windows\ServicePackFiles\i386\snmptrap.exe
947.360: Copied file: c:\windows\ServicePackFiles\i386\eapcon1.xsd
947.360: Copied file: c:\windows\ServicePackFiles\i386\tcpip6.sys
947.407: Copied file: c:\windows\ServicePackFiles\i386\mstime.dll
947.454: Copied file: c:\windows\ServicePackFiles\i386\attrib.exe
947.485: Copied file: c:\windows\ServicePackFiles\i386\atmarpc.sys
947.516: Copied file: c:\windows\ServicePackFiles\i386\nv4_disp.inf
947.735: Copied file: c:\windows\ServicePackFiles\i386\umandlg.dll
947.782: Copied file: c:\windows\ServicePackFiles\i386\msdatsrc.tlb
947.797: Copied file: c:\windows\ServicePackFiles\i386\fp4avss.dll
947.829: Copied file: c:\windows\ServicePackFiles\i386\muisetup.exe
947.860: Copied file: c:\windows\ServicePackFiles\i386\kbdinmal.dll
947.891: Copied file: c:\windows\ServicePackFiles\i386\ndistapi.sys
947.907: Copied file: c:\windows\ServicePackFiles\i386\drdymig.htm
948.032: Copied file: c:\windows\ServicePackFiles\i386\msconfig.exe
948.110: Copied file: c:\windows\ServicePackFiles\i386\nmwhiteb.chm
948.125: Copied file: c:\windows\ServicePackFiles\i386\joy.cpl
948.188: Copied file: c:\windows\ServicePackFiles\i386\p2pnetsh.dll
948.204: Copied file: c:\windows\ServicePackFiles\i386\inetcpl.cpl
948.579: Copied file: c:\windows\ServicePackFiles\i386\mmcfxcr.dll
948.625: Copied file: c:\windows\ServicePackFiles\i386\cacls.exe
948.641: Copied file: c:\windows\ServicePackFiles\i386\dx7vb.dll
948.704: Copied file: c:\windows\ServicePackFiles\i386\xmlp_ecp.xdr
948.704: Copied file: c:\windows\ServicePackFiles\i386\usbui.dll
948.813: Copied file: c:\windows\ServicePackFiles\i386\msconv97.dll
948.860: Copied file: c:\windows\ServicePackFiles\i386\update.sys
948.969: Copied file: c:\windows\ServicePackFiles\i386\magnify.gif
949.047: Copied file: c:\windows\ServicePackFiles\i386\avcstrm.sys
949.188: Copied file: c:\windows\ServicePackFiles\i386\wmm2fxa.dll
949.266: Copied file: c:\windows\ServicePackFiles\i386\veronam.jpg
949.313: Copied file: c:\windows\ServicePackFiles\i386\intl.cpl
949.375: Copied file: c:\windows\ServicePackFiles\i386\wiavideo.dll
949.485: Copied file: c:\windows\ServicePackFiles\i386\ident2.htm
949.516: Copied file: c:\windows\ServicePackFiles\i386\utopiama.wav
949.563: Copied file: c:\windows\ServicePackFiles\i386\activsvc.htm
949.579: Copied file: c:\windows\ServicePackFiles\i386\isapnp.sys
949.610: Copied file: c:\windows\ServicePackFiles\i386\drdyisp.htm
949.625: Copied file: c:\windows\ServicePackFiles\i386\rtl8139.sys
949.657: Copied file: c:\windows\ServicePackFiles\i386\flpydisk.sys
949.672: Copied file: c:\windows\ServicePackFiles\i386\pciidex.sys
949.704: Copied file: c:\windows\ServicePackFiles\i386\dot3svc.dll
949.750: Copied file: c:\windows\ServicePackFiles\i386\snmp.exe
949.829: Copied file: c:\windows\ServicePackFiles\i386\mouse.gif
949.891: Copied file: c:\windows\ServicePackFiles\i386\pclxl.dll
949.922: Copied file: c:\windows\ServicePackFiles\i386\raschap.dll
949.969: Copied file: c:\windows\ServicePackFiles\i386\agt0410.dll
950.219: Copied file: c:\windows\ServicePackFiles\i386\actlan.htm
950.313: Copied file: c:\windows\ServicePackFiles\i386\fpmmcsat.dll
950.344: Copied file: c:\windows\ServicePackFiles\i386\regwizc.dll
950.407: Copied file: c:\windows\ServicePackFiles\i386\tzchange.exe
950.438: Copied file: c:\windows\ServicePackFiles\i386\fips.sys
950.516: Copied file: c:\windows\ServicePackFiles\i386\parhmse.inf
950.532: Copied file: c:\windows\ServicePackFiles\i386\themeui.dll
950.672: Copied file: c:\windows\ServicePackFiles\i386\ati3d1ag.dll
950.766: Copied file: c:\windows\ServicePackFiles\i386\scardsvr.exe
950.891: Copied file: c:\windows\ServicePackFiles\i386\wxprd.mst
950.969: Copied file: c:\windows\ServicePackFiles\i386\batt.dll
951.016: Copied file: c:\windows\ServicePackFiles\i386\ntprint.cat
951.313: Copied file: c:\windows\ServicePackFiles\i386\wiadss.dll
951.407: Copied file: c:\windows\ServicePackFiles\i386\tscfgwmi.mof
951.454: Copied file: c:\windows\ServicePackFiles\i386\atv06nt5.dll
951.485: Copied file: c:\windows\ServicePackFiles\i386\mtxparhd.dll
951.610: Copied file: c:\windows\ServicePackFiles\i386\oakley.dll
951.766: Copied file: c:\windows\ServicePackFiles\i386\mssap.dll
951.813: Copied file: c:\windows\ServicePackFiles\i386\faultrep.dll
951.938: Copied file: c:\windows\ServicePackFiles\i386\msado27.tlb
951.985: Copied file: c:\windows\ServicePackFiles\i386\agt0401.dll
952.000: Copied file: c:\windows\ServicePackFiles\i386\netshell.dll
952.266: Copied file: c:\windows\ServicePackFiles\i386\miguser.inf
952.313: Copied file: c:\windows\ServicePackFiles\i386\sfc_os.dll
952.329: Copied file: c:\windows\ServicePackFiles\i386\netklsi.inf
952.422: Copied file: c:\windows\ServicePackFiles\i386\tracert.exe
952.547: Copied file: c:\windows\ServicePackFiles\i386\inetres.dll
952.563: Copied file: c:\windows\ServicePackFiles\i386\ati2mtaa.sys
952.610: Copied file: c:\windows\ServicePackFiles\i386\sysdm.cpl
952.641: Copied file: c:\windows\ServicePackFiles\i386\asyncmac.sys
952.688: Copied file: c:\windows\ServicePackFiles\i386\mmcperf.exe
952.704: Copied file: c:\windows\ServicePackFiles\i386\verona.jpg
952.735: Copied file: c:\windows\ServicePackFiles\i386\msvcp60.dll
952.766: Copied file: c:\windows\ServicePackFiles\i386\kbdclass.sys
952.797: Copied file: c:\windows\ServicePackFiles\i386\mst123.dll
952.860: Copied file: c:\windows\ServicePackFiles\i386\dsdmoprp.dll
952.907: Copied file: c:\windows\ServicePackFiles\i386\nextup.jpg
952.922: Copied file: c:\windows\ServicePackFiles\i386\state.icw
952.922: Copied file: c:\windows\ServicePackFiles\i386\wmiapres.dll
953.000: Copied file: c:\windows\ServicePackFiles\i386\wstcodec.sys
953.172: Copied file: c:\windows\ServicePackFiles\i386\compname.htm
953.219: Copied file: c:\windows\ServicePackFiles\i386\upnpcont.exe
953.297: Copied file: c:\windows\ServicePackFiles\i386\slip.sys
953.375: Copied file: c:\windows\ServicePackFiles\i386\clbcatq.dll
953.391: Copied file: c:\windows\ServicePackFiles\i386\netui1.dll
953.422: Copied file: c:\windows\ServicePackFiles\i386\rasppp.dll
953.454: Copied file: c:\windows\ServicePackFiles\i386\connect.hlp
953.485: Copied file: c:\windows\ServicePackFiles\i386\twclient.hlp
953.500: Copied file: c:\windows\ServicePackFiles\i386\icntlast.htm
953.516: Copied file: c:\windows\ServicePackFiles\i386\rcnterr.htm
953.672: Copied file: c:\windows\ServicePackFiles\i386\devmgr.dll
953.735: Copied file: c:\windows\ServicePackFiles\i386\agentmpx.dll
953.766: Copied file: c:\windows\ServicePackFiles\i386\safrslv.dll
953.797: Copied file: c:\windows\ServicePackFiles\i386\ativmc20.cod
953.813: Copied file: c:\windows\ServicePackFiles\i386\msdmo.dll
953.829: Copied file: c:\windows\ServicePackFiles\i386\msdvbnp.ax
953.875: Copied file: c:\windows\ServicePackFiles\i386\rtutils.dll
953.875: Copied file: c:\windows\ServicePackFiles\i386\msiexec.exe
953.922: Copied file: c:\windows\ServicePackFiles\i386\rastapi.dll
954.016: Copied file: c:\windows\ServicePackFiles\i386\msexcl40.dll
954.282: Copied file: c:\windows\ServicePackFiles\i386\but1_idl.gif
954.282: Copied file: c:\windows\ServicePackFiles\i386\iexplore.exe
954.313: Copied file: c:\windows\ServicePackFiles\i386\winsrv.dll
954.407: Copied file: c:\windows\ServicePackFiles\i386\fp4amsft.dll
954.469: Copied file: c:\windows\ServicePackFiles\i386\agt0c0a.dll
954.594: Copied file: c:\windows\ServicePackFiles\i386\dnsrslvr.dll
954.641: Copied file: c:\windows\ServicePackFiles\i386\but3_up.gif
954.657: Copied file: c:\windows\ServicePackFiles\i386\wbemdisp.dll
954.782: Copied file: c:\windows\ServicePackFiles\i386\odbc32gt.dll
954.797: Copied file: c:\windows\ServicePackFiles\i386\vgx.dll
954.954: Copied file: c:\windows\ServicePackFiles\i386\compstui.dll
955.094: Copied file: c:\windows\ServicePackFiles\i386\isdpc.dll
955.141: Copied file: c:\windows\ServicePackFiles\i386\sensapi.dll
955.235: Copied file: c:\windows\ServicePackFiles\i386\wmm2eres.dll
955.266: Copied file: c:\windows\ServicePackFiles\i386\icwconn.dll
955.297: Copied file: c:\windows\ServicePackFiles\i386\cleanmgr.exe
955.375: Copied file: c:\windows\ServicePackFiles\i386\msdaipp.dll
955.485: Copied file: c:\windows\ServicePackFiles\i386\raspppoe.sys
955.532: Copied file: c:\windows\ServicePackFiles\i386\ipinip.sys
955.547: Copied file: c:\windows\ServicePackFiles\i386\error.js
955.579: Copied file: c:\windows\ServicePackFiles\i386\msafd.dll
955.688: Copied file: c:\windows\ServicePackFiles\i386\migx25c.dun
955.688: Copied file: c:\windows\ServicePackFiles\i386\netstat.exe
955.735: Copied file: c:\windows\ServicePackFiles\i386\gpkcsp.dll
955.750: Copied file: c:\windows\ServicePackFiles\i386\netlogon.dll
955.875: Copied file: c:\windows\ServicePackFiles\i386\actxprxy.dll
955.922: Copied file: c:\windows\ServicePackFiles\i386\mdmsuprv.inf
955.938: Copied file: c:\windows\ServicePackFiles\i386\wfp1.inf
955.969: Copied file: c:\windows\ServicePackFiles\i386\resutils.dll
956.016: Copied file: c:\windows\ServicePackFiles\i386\wscript.mui
956.141: Copied file: c:\windows\ServicePackFiles\i386\wadv02nt.sys
956.172: Copied file: c:\windows\ServicePackFiles\i386\skipoff.jpg
956.204: Copied file: c:\windows\ServicePackFiles\i386\catsrvps.dll
956.250: Copied file: c:\windows\ServicePackFiles\i386\msjet40.dll
956.469: Copied file: c:\windows\ServicePackFiles\i386\fpencode.dll
956.532: Copied file: c:\windows\ServicePackFiles\i386\esscli.dll
956.563: Copied file: c:\windows\ServicePackFiles\i386\scrcons.exe
956.594: Copied file: c:\windows\ServicePackFiles\i386\skipup.jpg
956.657: Copied file: c:\windows\ServicePackFiles\i386\wabimp.dll
956.688: Copied file: c:\windows\ServicePackFiles\i386\adrdyreg.htm
956.704: Copied file: c:\windows\ServicePackFiles\i386\migwiz.exe
956.954: Copied file: c:\windows\ServicePackFiles\i386\isp.htm
956.985: Copied file: c:\windows\ServicePackFiles\i386\migrate.isp
957.032: Copied file: c:\windows\ServicePackFiles\i386\proxycfg.exe
957.063: Copied file: c:\windows\ServicePackFiles\i386\iphlpapi.dll
957.188: Copied file: c:\windows\ServicePackFiles\i386\wtv4.inf
957.297: Copied file: c:\windows\ServicePackFiles\i386\d3d9.dll
957.610: Copied file: c:\windows\ServicePackFiles\i386\dplayx.dll
957.657: Copied file: c:\windows\ServicePackFiles\i386\61883.sys
957.688: Copied file: c:\windows\ServicePackFiles\i386\bthusb.sys
957.719: Copied file: c:\windows\ServicePackFiles\i386\imagehlp.dll
957.750: Copied file: c:\windows\ServicePackFiles\i386\itircl.dll
957.797: Copied file: c:\windows\ServicePackFiles\i386\kbdnepr.dll
957.844: Copied file: c:\windows\ServicePackFiles\i386\pcl5eres.dll
957.938: Copied file: c:\windows\ServicePackFiles\i386\wadv07nt.sys
958.157: Copied file: c:\windows\ServicePackFiles\i386\locator.exe
958.438: Copied file: c:\windows\ServicePackFiles\i386\seclogon.dll
958.516: Copied file: c:\windows\ServicePackFiles\i386\oemcoa.jpg
958.594: Copied file: c:\windows\ServicePackFiles\i386\slnthal.sys
958.625: Copied file: c:\windows\ServicePackFiles\i386\colbact.dll
958.657: Copied file: c:\windows\ServicePackFiles\i386\mofcomp.exe
958.672: Copied file: c:\windows\ServicePackFiles\i386\browsewm.dll
958.688: Copied file: c:\windows\ServicePackFiles\i386\unidrvui.dll
958.735: Copied file: c:\windows\ServicePackFiles\i386\sapi.cpl
958.766: Copied file: c:\windows\ServicePackFiles\i386\wvchntxx.sys
958.782: Copied file: c:\windows\ServicePackFiles\i386\rpcss.dll
958.922: Copied file: c:\windows\ServicePackFiles\i386\atinxsxx.sys
958.969: Copied file: c:\windows\ServicePackFiles\i386\eapp3hst.dll
959.313: Copied file: c:\windows\ServicePackFiles\i386\cdfview.dll
959.360: Copied file: c:\windows\ServicePackFiles\i386\lpk.dll
959.391: Copied file: c:\windows\ServicePackFiles\i386\http.sys
959.438: Copied file: c:\windows\ServicePackFiles\i386\rasqec.dll
959.469: Copied file: c:\windows\ServicePackFiles\i386\migwiza.exe
959.500: Copied file: c:\windows\ServicePackFiles\i386\mmcfxc.dll
959.532: Copied file: c:\windows\ServicePackFiles\i386\msdasc.dll
959.547: Copied file: c:\windows\ServicePackFiles\i386\newtop8.jpg
959.610: Copied file: c:\windows\ServicePackFiles\i386\sample2.jpg
959.641: Copied file: c:\windows\ServicePackFiles\i386\migwiz.inf
959.657: Copied file: c:\windows\ServicePackFiles\i386\ati1raxx.sys
959.704: Copied file: c:\windows\ServicePackFiles\i386\iuengine.dll
959.750: Copied file: c:\windows\ServicePackFiles\i386\ati2dvag.dll
959.813: Copied file: c:\windows\ServicePackFiles\i386\inetpref.xml
959.844: Copied file: c:\windows\ServicePackFiles\i386\filelist.xml
959.860: Copied file: c:\windows\ServicePackFiles\i386\help.exe
959.907: Copied file: c:\windows\ServicePackFiles\i386\acterror.htm
959.938: Copied file: c:\windows\ServicePackFiles\i386\atixpwdm.inf
960.375: Copied file: c:\windows\ServicePackFiles\i386\fwcfg.dll
960.485: Copied file: c:\windows\ServicePackFiles\i386\dslmain.js
960.500: Copied file: c:\windows\ServicePackFiles\i386\obepopc.dll
960.532: Copied file: c:\windows\ServicePackFiles\i386\bidispl.dll
960.563: Copied file: c:\windows\ServicePackFiles\i386\ddeshare.exe
960.610: Copied file: c:\windows\ServicePackFiles\i386\msado25.tlb
960.625: Copied file: c:\windows\ServicePackFiles\i386\isign32.dll
960.657: Copied file: c:\windows\ServicePackFiles\i386\acgenral.dll
960.797: Copied file: c:\windows\ServicePackFiles\i386\wuauclt1.exe
960.829: Copied file: c:\windows\ServicePackFiles\i386\ringout.wav
960.875: Copied file: c:\windows\ServicePackFiles\i386\sqlunirl.dll
960.891: Copied file: c:\windows\ServicePackFiles\i386\xpcrtstp.wav
960.954: Copied file: c:\windows\ServicePackFiles\i386\msvfw32.dll
961.016: Copied file: c:\windows\ServicePackFiles\i386\mimefilt.dll
961.094: Copied file: c:\windows\ServicePackFiles\i386\hlink.dll
961.110: Copied file: c:\windows\ServicePackFiles\i386\fxscover.exe
961.891: Copied file: c:\windows\ServicePackFiles\i386\dsl_a.htm
961.907: Copied file: c:\windows\ServicePackFiles\i386\mnmdd.dll
961.922: Copied file: c:\windows\ServicePackFiles\i386\swmidi.sys
961.954: Copied file: c:\windows\ServicePackFiles\i386\netcfgx.dll
962.047: Copied file: c:\windows\ServicePackFiles\i386\w32time.dll
962.079: Copied file: c:\windows\ServicePackFiles\i386\dialtone.gif
962.141: Copied file: c:\windows\ServicePackFiles\i386\ch7xxnt5.dll
962.157: Copied file: c:\windows\ServicePackFiles\i386\dmloader.dll
962.172: Copied file: c:\windows\ServicePackFiles\i386\streamip.sys
962.219: Copied file: c:\windows\ServicePackFiles\i386\tscfgwmi.mfl
962.313: Copied file: c:\windows\ServicePackFiles\i386\netapi32.dll
962.375: Copied file: c:\windows\ServicePackFiles\i386\odbcconf.exe
962.391: Copied file: c:\windows\ServicePackFiles\i386\rdpwd.sys
962.454: Copied file: c:\windows\ServicePackFiles\i386\hotplug.dll
962.485: Copied file: c:\windows\ServicePackFiles\i386\hidbatt.sys
962.625: Copied file: c:\windows\ServicePackFiles\i386\autoupdt.htm
962.657: Copied file: c:\windows\ServicePackFiles\i386\termdd.sys
962.688: Copied file: c:\windows\ServicePackFiles\i386\viewprov.dll
962.735: Copied file: c:\windows\ServicePackFiles\i386\adovbs.inc
962.766: Copied file: c:\windows\ServicePackFiles\i386\wabfind.dll
962.797: Copied file: c:\windows\ServicePackFiles\i386\fxswzrd.dll
962.829: Copied file: c:\windows\ServicePackFiles\i386\perfdisk.dll
962.954: Copied file: c:\windows\ServicePackFiles\i386\mmcndmgr.dll
963.235: Copied file: c:\windows\ServicePackFiles\i386\langbar.chm
963.329: Copied file: c:\windows\ServicePackFiles\i386\pscript.ntf
963.454: Copied file: c:\windows\ServicePackFiles\i386\ati1xwdm.inf
963.485: Copied file: c:\windows\ServicePackFiles\i386\hnwprmpt.htm
963.500: Copied file: c:\windows\ServicePackFiles\i386\davclnt.dll
963.563: Copied file: c:\windows\ServicePackFiles\i386\ics.htm
963.579: Copied file: c:\windows\ServicePackFiles\i386\mmcs.chm
963.594: Copied file: c:\windows\ServicePackFiles\i386\msador15.dll
963.625: Copied file: c:\windows\ServicePackFiles\i386\wpabaln.exe
963.657: Copied file: c:\windows\ServicePackFiles\i386\moricons.dll
963.688: Copied file: c:\windows\ServicePackFiles\i386\thanks8.png
963.766: Copied file: c:\windows\ServicePackFiles\i386\dot3msm.dll
963.797: Copied file: c:\windows\ServicePackFiles\i386\autofmt.exe
963.860: Copied file: c:\windows\ServicePackFiles\i386\migism.dll
963.891: Copied file: c:\windows\ServicePackFiles\i386\smbinst.exe
963.922: Copied file: c:\windows\ServicePackFiles\i386\pmh.dll
964.141: Copied file: c:\windows\ServicePackFiles\i386\tty.dll
964.219: Copied file: c:\windows\ServicePackFiles\i386\utopiaex.wav
964.266: Copied file: c:\windows\ServicePackFiles\i386\msw3prt.dll
964.297: Copied file: c:\windows\ServicePackFiles\i386\cmbatt.sys
964.313: Copied file: c:\windows\ServicePackFiles\i386\sti_ci.dll
964.329: Copied file: c:\windows\ServicePackFiles\i386\dmdskmgr.dll
964.360: Copied file: c:\windows\ServicePackFiles\i386\ringin.wav
964.375: Copied file: c:\windows\ServicePackFiles\i386\fxsst.dll
964.532: Copied file: c:\windows\ServicePackFiles\i386\aclayers.dll
964.563: Copied file: c:\windows\ServicePackFiles\i386\thanks10.png
964.657: Copied file: c:\windows\ServicePackFiles\i386\dimsntfy.dll
964.688: Copied file: c:\windows\ServicePackFiles\i386\username.htm
964.719: Copied file: c:\windows\ServicePackFiles\i386\xmlp_wiz.xdr
964.750: Copied file: c:\windows\ServicePackFiles\i386\ntmsdba.dll
964.782: Copied file: c:\windows\ServicePackFiles\i386\msvcirt.dll
964.813: Copied file: c:\windows\ServicePackFiles\i386\rpcrt4.dll
964.844: Copied file: c:\windows\ServicePackFiles\i386\olecli32.dll
965.016: Copied file: c:\windows\ServicePackFiles\i386\verifier.dll
965.047: Copied file: c:\windows\ServicePackFiles\i386\at.exe
965.219: Copied file: c:\windows\ServicePackFiles\i386\xplogon.wav
965.266: Copied file: c:\windows\ServicePackFiles\i386\skipover.jpg
965.297: Copied file: c:\windows\ServicePackFiles\i386\kbdlk41j.dll
965.329: Copied file: c:\windows\ServicePackFiles\i386\knperdpc.dll
965.360: Copied file: c:\windows\ServicePackFiles\i386\cabinet.dll
965.391: Copied file: c:\windows\ServicePackFiles\i386\xmlp_mas.xdr
965.407: Copied file: c:\windows\ServicePackFiles\i386\secupd.sig
965.438: Copied file: c:\windows\ServicePackFiles\i386\odbccp32.dll
965.469: Copied file: c:\windows\ServicePackFiles\i386\timedate.cpl
965.500: Copied file: c:\windows\ServicePackFiles\i386\kdsusd.dll
965.563: Copied file: c:\windows\ServicePackFiles\i386\bulzanom.jpg
965.625: Copied file: c:\windows\ServicePackFiles\i386\snmpcl.dll
965.672: Copied file: c:\windows\ServicePackFiles\i386\fxsapi.dll
965.719: Copied file: c:\windows\ServicePackFiles\i386\printui.dll
965.782: Copied file: c:\windows\ServicePackFiles\i386\fp4areg.dll
965.829: Copied file: c:\windows\ServicePackFiles\i386\wmm2ae.dll
965.844: Copied file: c:\windows\ServicePackFiles\i386\migx25a.dun
965.985: Copied file: c:\windows\ServicePackFiles\i386\migregdb.exe
966.032: Copied file: c:\windows\ServicePackFiles\i386\ncobjapi.dll
966.047: Copied file: c:\windows\ServicePackFiles\i386\ws2help.dll
966.094: Copied file: c:\windows\ServicePackFiles\i386\xenroll.dll
966.125: Copied file: c:\windows\ServicePackFiles\i386\wxpsp1rd.mst
966.157: Copied file: c:\windows\ServicePackFiles\i386\asycfilt.dll
966.188: Copied file: c:\windows\ServicePackFiles\i386\comrereg.exe
966.313: Copied file: c:\windows\ServicePackFiles\i386\regapi.dll
966.344: Copied file: c:\windows\ServicePackFiles\i386\rndismpx.sys
966.360: Copied file: c:\windows\ServicePackFiles\i386\timezone.htm
966.391: Copied file: c:\windows\ServicePackFiles\i386\migwiz.man
966.391: Copied file: c:\windows\ServicePackFiles\i386\wbemprox.dll
966.422: Copied file: c:\windows\ServicePackFiles\i386\ie4uinit.exe
966.500: Copied file: c:\windows\ServicePackFiles\i386\wmm2res.dll
966.813: Copied file: c:\windows\ServicePackFiles\i386\xpstart.wav
966.829: Copied file: c:\windows\ServicePackFiles\i386\setupn.exe
966.907: Copied file: c:\windows\ServicePackFiles\i386\dumprep.exe
966.938: Copied file: c:\windows\ServicePackFiles\i386\ctmasetp.dll
966.969: Copied file: c:\windows\ServicePackFiles\i386\mstsweb.cat
967.000: Copied file: c:\windows\ServicePackFiles\i386\winrnr.dll
967.110: Copied file: c:\windows\ServicePackFiles\i386\odtext32.dll
967.157: Copied file: c:\windows\ServicePackFiles\i386\comdlg32.dll
967.266: Copied file: c:\windows\ServicePackFiles\i386\wdigest.dll
967.391: Copied file: c:\windows\ServicePackFiles\i386\scripta.dll
967.485: Copied file: c:\windows\ServicePackFiles\i386\sqloledb.dll
967.532: Copied file: c:\windows\ServicePackFiles\i386\winsta.dll
967.563: Copied file: c:\windows\ServicePackFiles\i386\odbccu32.dll
967.579: Copied file: c:\windows\ServicePackFiles\i386\hccoin.dll
967.625: Copied file: c:\windows\ServicePackFiles\i386\rdpclip.exe
967.719: Copied file: c:\windows\ServicePackFiles\i386\wtv2.inf
967.750: Copied file: c:\windows\ServicePackFiles\i386\catsrv.dll
967.860: Copied file: c:\windows\ServicePackFiles\i386\wlan_etu.xsd
967.860: Copied file: c:\windows\ServicePackFiles\i386\pautoenr.dll
967.891: Copied file: c:\windows\ServicePackFiles\i386\alrsvc.dll
967.938: Copied file: c:\windows\ServicePackFiles\i386\diskcopy.dll
968.141: Copied file: c:\windows\ServicePackFiles\i386\msobe.isp
968.141: Copied file: c:\windows\ServicePackFiles\i386\rasapi32.dll
968.422: Copied file: c:\windows\ServicePackFiles\i386\packager.exe
968.532: Copied file: c:\windows\ServicePackFiles\i386\perm2dll.dll
968.579: Copied file: c:\windows\ServicePackFiles\i386\comaddin.dll
968.594: Copied file: c:\windows\ServicePackFiles\i386\ssstars.scr
968.657: Copied file: c:\windows\ServicePackFiles\i386\bthpan.inf
968.704: Copied file: c:\windows\ServicePackFiles\i386\samsrv.dll
968.766: Copied file: c:\windows\ServicePackFiles\i386\f3ahvoas.dll
968.782: Copied file: c:\windows\ServicePackFiles\i386\smbali.sys
968.829: Copied file: c:\windows\ServicePackFiles\i386\wbemupgd.dll
968.875: Copied file: c:\windows\ServicePackFiles\i386\rdtone.htm
968.907: Copied file: c:\windows\ServicePackFiles\i386\cfgbkend.dll
968.922: Copied file: c:\windows\ServicePackFiles\i386\processr.sys
968.954: Copied file: c:\windows\ServicePackFiles\i386\mdmlt3.inf
968.985: Copied file: c:\windows\ServicePackFiles\i386\riched20.dll
969.250: Copied file: c:\windows\ServicePackFiles\i386\basecred.xsd
969.266: Copied file: c:\windows\ServicePackFiles\i386\olecnv32.dll
969.313: Copied file: c:\windows\ServicePackFiles\i386\servdeps.dll
969.329: Copied file: c:\windows\ServicePackFiles\i386\docprop2.dll
969.360: Copied file: c:\windows\ServicePackFiles\i386\pinball.exe
969.454: Copied file: c:\windows\ServicePackFiles\i386\eventlog.dll
969.485: Copied file: c:\windows\ServicePackFiles\i386\tdi.sys
969.610: Copied file: c:\windows\ServicePackFiles\i386\msihnd.dll
969.688: Copied file: c:\windows\ServicePackFiles\i386\keybdcmt.htm
969.750: Copied file: c:\windows\ServicePackFiles\i386\bth.inf
969.782: Copied file: c:\windows\ServicePackFiles\i386\forehe.sys
969.797: Copied file: c:\windows\ServicePackFiles\i386\sfc.dll
969.813: Copied file: c:\windows\ServicePackFiles\i386\ieaksie.dll
969.875: Copied file: c:\windows\ServicePackFiles\i386\httpapi.dll
969.907: Copied file: c:\windows\ServicePackFiles\i386\msdadiag.dll
969.938: Copied file: c:\windows\ServicePackFiles\i386\mtxparhm.sys
969.985: Copied file: c:\windows\ServicePackFiles\i386\perfos.dll
970.000: Copied file: c:\windows\ServicePackFiles\i386\ramdisk.sys
970.032: Copied file: c:\windows\ServicePackFiles\i386\eudcedit.exe
970.141: Copied file: c:\windows\ServicePackFiles\i386\spider.exe
970.329: Copied file: c:\windows\ServicePackFiles\i386\fastfat.sys
970.407: Copied file: c:\windows\ServicePackFiles\i386\dskquota.dll
970.500: Copied file: c:\windows\ServicePackFiles\i386\mciwave.dll
970.563: Copied file: c:\windows\ServicePackFiles\i386\netwlan2.inf
970.579: Copied file: c:\windows\ServicePackFiles\i386\lwadihid.sys
970.704: Copied file: c:\windows\ServicePackFiles\i386\ir50_32.dll
970.766: Copied file: c:\windows\ServicePackFiles\i386\eapsvc.dll
970.797: Copied file: c:\windows\ServicePackFiles\i386\msader15.dll
970.860: Copied file: c:\windows\ServicePackFiles\i386\hnetcfg.dll
970.907: Copied file: c:\windows\ServicePackFiles\i386\aregsty2.css
970.907: Copied file: c:\windows\ServicePackFiles\i386\badeula.htm
970.922: Copied file: c:\windows\ServicePackFiles\i386\msorc32r.dll
970.954: Copied file: c:\windows\ServicePackFiles\i386\advapi32.dll
971.016: Copied file: c:\windows\ServicePackFiles\i386\noanswer.htm
971.094: Copied file: c:\windows\ServicePackFiles\i386\eappprxy.dll
971.110: Copied file: c:\windows\ServicePackFiles\i386\trebuc.ttf
971.125: Copied file: c:\windows\ServicePackFiles\i386\ntio412.sys
971.157: Copied file: c:\windows\ServicePackFiles\i386\mdmbtmdm.inf
971.172: Copied file: c:\windows\ServicePackFiles\i386\obemtllc.dll
971.204: Copied file: c:\windows\ServicePackFiles\i386\ispsbusy.htm
971.219: Copied file: c:\windows\ServicePackFiles\i386\s3gnbm.sys
971.422: Copied file: c:\windows\ServicePackFiles\i386\newdev.dll
971.469: Copied file: c:\windows\ServicePackFiles\i386\fxsext32.dll
971.516: Copied file: c:\windows\ServicePackFiles\i386\msadrh15.dll
971.532: Copied file: c:\windows\ServicePackFiles\i386\mshta.exe
971.547: Copied file: c:\windows\ServicePackFiles\i386\mtxlegih.dll
971.579: Copied file: c:\windows\ServicePackFiles\i386\atl.dll
971.610: Copied file: c:\windows\ServicePackFiles\i386\migapp.inf
971.657: Copied file: c:\windows\ServicePackFiles\i386\s3gnb.dll
971.829: Copied file: c:\windows\ServicePackFiles\i386\grserial.sys
971.922: Copied file: c:\windows\ServicePackFiles\i386\webcheck.dll
971.969: Copied file: c:\windows\ServicePackFiles\i386\lsasrv.dll
972.063: Copied file: c:\windows\ServicePackFiles\i386\shsvcs.dll
972.141: Copied file: c:\windows\ServicePackFiles\i386\ping.exe
972.172: Copied file: c:\windows\ServicePackFiles\i386\atiixpaa.inf
972.219: Copied file: c:\windows\ServicePackFiles\i386\wscript.exe
972.360: Copied file: c:\windows\ServicePackFiles\i386\georgia.ttf
972.391: Copied file: c:\windows\ServicePackFiles\i386\wshbth.dll
972.422: Copied file: c:\windows\ServicePackFiles\i386\dao360.dll
972.516: Copied file: c:\windows\ServicePackFiles\i386\lhmstsc.mui
972.532: Copied file: c:\windows\ServicePackFiles\i386\fxst30.dll
972.594: Copied file: c:\windows\ServicePackFiles\i386\xpsp3res.dll
972.891: Copied file: c:\windows\ServicePackFiles\i386\msdaora.dll
972.954: Copied file: c:\windows\ServicePackFiles\i386\secupd.dat
973.000: Copied file: c:\windows\ServicePackFiles\i386\msobcomm.dll
973.047: Copied file: c:\windows\ServicePackFiles\i386\ieencode.dll
973.094: Copied file: c:\windows\ServicePackFiles\i386\author.exe
973.110: Copied file: c:\windows\ServicePackFiles\i386\xcopy.exe
973.172: Copied file: c:\windows\ServicePackFiles\i386\slrundll.exe
973.188: Copied file: c:\windows\ServicePackFiles\i386\mrxdav.sys
973.485: Copied file: c:\windows\ServicePackFiles\i386\mshtml.dll
973.782: Copied file: c:\windows\ServicePackFiles\i386\wlan_ehc.xsd
973.829: Copied file: c:\windows\ServicePackFiles\i386\bthmodem.sys
973.860: Copied file: c:\windows\ServicePackFiles\i386\agt0419.hlp
973.891: Copied file: c:\windows\ServicePackFiles\i386\conf.hlp
974.063: Copied file: c:\windows\ServicePackFiles\i386\aclui.dll
974.110: Copied file: c:\windows\ServicePackFiles\i386\mdmrpci.inf
974.141: Copied file: c:\windows\ServicePackFiles\i386\msadce.dll
974.516: Copied file: c:\windows\ServicePackFiles\i386\msdadc.dll
974.532: Copied file: c:\windows\ServicePackFiles\i386\webvw.dll
974.625: Copied file: c:\windows\ServicePackFiles\i386\wuauclt.exe
974.657: Copied file: c:\windows\ServicePackFiles\i386\eapolqec.dll
974.657: Copied file: c:\windows\ServicePackFiles\i386\dxg.sys
974.719: Copied file: c:\windows\ServicePackFiles\i386\regsvr32.exe
974.782: Copied file: c:\windows\ServicePackFiles\i386\upnphost.dll
974.813: Copied file: c:\windows\ServicePackFiles\i386\iconnect.htm
974.829: Copied file: c:\windows\ServicePackFiles\i386\partmgr.sys
974.891: Copied file: c:\windows\ServicePackFiles\i386\dot4.sys
975.000: Copied file: c:\windows\ServicePackFiles\i386\proctexe.ocx
975.047: Copied file: c:\windows\ServicePackFiles\i386\evcon.chm
975.282: Copied file: c:\windows\ServicePackFiles\i386\file_srv.chm
975.313: Copied file: c:\windows\ServicePackFiles\i386\agt0804.hlp
975.344: Copied file: c:\windows\ServicePackFiles\i386\xpshutdn.wav
975.407: Copied file: c:\windows\ServicePackFiles\i386\qutil.dll
975.438: Copied file: c:\windows\ServicePackFiles\i386\srchui.dll
975.579: Copied file: c:\windows\ServicePackFiles\i386\wlan_bec.xsd
975.594: Copied file: c:\windows\ServicePackFiles\i386\licwmi.mof
975.625: Copied file: c:\windows\ServicePackFiles\i386\plotter.dll
975.657: Copied file: c:\windows\ServicePackFiles\i386\sisagp.sys
975.735: Copied file: c:\windows\ServicePackFiles\i386\market.mar
975.766: Copied file: c:\windows\ServicePackFiles\i386\vga.sys
975.766: Copied file: c:\windows\ServicePackFiles\i386\fxsres.dll
975.797: Copied file: c:\windows\ServicePackFiles\i386\dplaysvr.exe
975.813: Copied file: c:\windows\ServicePackFiles\i386\hhctrl.ocx
975.938: Copied file: c:\windows\ServicePackFiles\i386\dpwsockx.dll
975.954: Copied file: c:\windows\ServicePackFiles\i386\comrepl.dll
975.985: Copied file: c:\windows\ServicePackFiles\i386\dhtmled.ocx
976.344: Copied file: c:\windows\ServicePackFiles\i386\corpol.dll
976.391: Copied file: c:\windows\ServicePackFiles\i386\napmontr.dll
976.422: Copied file: c:\windows\ServicePackFiles\i386\ipsink.ax
976.516: Copied file: c:\windows\ServicePackFiles\i386\dmscript.dll
976.547: Copied file: c:\windows\ServicePackFiles\i386\safrcdlg.dll
976.641: Copied file: c:\windows\ServicePackFiles\i386\ims.cat
976.672: Copied file: c:\windows\ServicePackFiles\i386\mspaint.hlp
976.719: Copied file: c:\windows\ServicePackFiles\i386\pstorsvc.dll
976.766: Copied file: c:\windows\ServicePackFiles\i386\pclxl.gpd
976.797: Copied file: c:\windows\ServicePackFiles\i386\tdtcp.sys
976.829: Copied file: c:\windows\ServicePackFiles\i386\wow32.dll
976.875: Copied file: c:\windows\ServicePackFiles\i386\msadds.dll
976.907: Copied file: c:\windows\ServicePackFiles\i386\utopiare.wav
977.000: Copied file: c:\windows\ServicePackFiles\i386\write.wpc
977.360: Copied file: c:\windows\ServicePackFiles\i386\ttfsub.gpd
977.469: Copied file: c:\windows\ServicePackFiles\i386\ps5ui.dll
977.516: Copied file: c:\windows\ServicePackFiles\i386\msorcl32.dll
977.532: Copied file: c:\windows\ServicePackFiles\i386\pcl5ures.dll
977.657: Copied file: c:\windows\ServicePackFiles\i386\wtv0.inf
977.719: Copied file: c:\windows\ServicePackFiles\i386\greenshd.gif
977.782: Copied file: c:\windows\ServicePackFiles\i386\icmp.dll
977.844: Copied file: c:\windows\ServicePackFiles\i386\msdaps.dll
977.907: Copied file: c:\windows\ServicePackFiles\i386\cinfo.xml
977.938: Copied file: c:\windows\ServicePackFiles\i386\winipsec.dll
977.954: Copied file: c:\windows\ServicePackFiles\i386\mouse_j.htm
977.985: Copied file: c:\windows\ServicePackFiles\i386\sbp2port.sys
978.016: Copied file: c:\windows\ServicePackFiles\i386\wab32.dll
978.172: Copied file: c:\windows\ServicePackFiles\i386\acadproc.dll
978.204: Copied file: c:\windows\ServicePackFiles\i386\mountmgr.sys
978.235: Copied file: c:\windows\ServicePackFiles\i386\redir.exe
978.500: Copied file: c:\windows\ServicePackFiles\i386\rundll32.exe
978.547: Copied file: c:\windows\ServicePackFiles\i386\mmcex.dll
978.579: Copied file: c:\windows\ServicePackFiles\i386\welcome.htm
978.610: Copied file: c:\windows\ServicePackFiles\i386\samlib.dll
978.641: Copied file: c:\windows\ServicePackFiles\i386\mtxoci.dll
978.688: Copied file: c:\windows\ServicePackFiles\i386\msgsvc.dll
978.704: Copied file: c:\windows\ServicePackFiles\i386\aregdone.htm
978.766: Copied file: c:\windows\ServicePackFiles\i386\scrnsave.scr
978.782: Copied file: c:\windows\ServicePackFiles\i386\wpabtm.jpg
978.797: Copied file: c:\windows\ServicePackFiles\i386\dispex.dll
978.829: Copied file: c:\windows\ServicePackFiles\i386\isphdshk.htm
978.860: Copied file: c:\windows\ServicePackFiles\i386\newbtm8.jpg
978.922: Copied file: c:\windows\ServicePackFiles\i386\ntmsmgr.dll
978.985: Copied file: c:\windows\ServicePackFiles\i386\slbcsp.dll
979.016: Copied file: c:\windows\ServicePackFiles\i386\unimdm.tsp
979.063: Copied file: c:\windows\ServicePackFiles\i386\xrxscnui.dll
979.063: Copied file: c:\windows\ServicePackFiles\i386\osloader.ntd
979.110: Copied file: c:\windows\ServicePackFiles\i386\monitor.gif
979.141: Copied file: c:\windows\ServicePackFiles\i386\digest.dll
979.204: Copied file: c:\windows\ServicePackFiles\i386\ntfs.sys
979.610: Copied file: c:\windows\ServicePackFiles\i386\ssmarque.scr
979.641: Copied file: c:\windows\ServicePackFiles\i386\ispnoanw.htm
979.688: Copied file: c:\windows\ServicePackFiles\i386\dpnet.dll
979.750: Copied file: c:\windows\ServicePackFiles\i386\mobsync.dll
979.797: Copied file: c:\windows\ServicePackFiles\i386\localspl.dll
979.829: Copied file: c:\windows\ServicePackFiles\i386\scsiport.sys
979.875: Copied file: c:\windows\ServicePackFiles\i386\eappgnui.dll
979.954: Copied file: c:\windows\ServicePackFiles\i386\iexpress.exe
980.000: Copied file: c:\windows\ServicePackFiles\i386\smlogsvc.exe
980.047: Copied file: c:\windows\ServicePackFiles\i386\napipsec.dll
980.250: Copied file: c:\windows\ServicePackFiles\i386\fpremadm.exe
980.297: Copied file: c:\windows\ServicePackFiles\i386\sbeio.dll
980.532: Copied file: c:\windows\ServicePackFiles\i386\msiregmv.exe
980.579: Copied file: c:\windows\ServicePackFiles\i386\sffp_mmc.sys
980.719: Copied file: c:\windows\ServicePackFiles\i386\loadperf.dll
980.813: Copied file: c:\windows\ServicePackFiles\i386\dx8vb.dll
981.204: Copied file: c:\windows\ServicePackFiles\i386\datetime.chm
981.266: Copied file: c:\windows\ServicePackFiles\i386\clickerx.wav
981.329: Copied file: c:\windows\ServicePackFiles\i386\agtcore.js
981.438: Copied file: c:\windows\ServicePackFiles\i386\atmlane.sys
981.485: Copied file: c:\windows\ServicePackFiles\i386\dfrgfat.exe
981.500: Copied file: c:\windows\ServicePackFiles\i386\msvcrt40.dll
981.547: Copied file: c:\windows\ServicePackFiles\i386\dfrgui.dll
981.610: Copied file: c:\windows\ServicePackFiles\i386\comuid.dll
981.672: Copied file: c:\windows\ServicePackFiles\i386\aaclient.dll
981.844: Copied file: c:\windows\ServicePackFiles\i386\knprodpc.dll
981.875: Copied file: c:\windows\ServicePackFiles\i386\msado21.tlb
981.907: Copied file: c:\windows\ServicePackFiles\i386\adsnt.dll
982.016: Copied file: c:\windows\ServicePackFiles\i386\scsiscan.sys
982.079: Copied file: c:\windows\ServicePackFiles\i386\provthrd.dll
982.094: Copied file: c:\windows\ServicePackFiles\i386\input.hlp
982.125: Copied file: c:\windows\ServicePackFiles\i386\comntwks.inf
982.157: Copied file: c:\windows\ServicePackFiles\i386\ding.wav
982.172: Copied file: c:\windows\ServicePackFiles\i386\halaacpi.dll
982.219: Copied file: c:\windows\ServicePackFiles\i386\ati1mdxx.sys
982.266: Copied file: c:\windows\ServicePackFiles\i386\scrobj.mui
982.297: Copied file: c:\windows\ServicePackFiles\i386\stddtype.gdl
982.329: Copied file: c:\windows\ServicePackFiles\i386\actdone.htm
982.360: Copied file: c:\windows\ServicePackFiles\i386\l2store.dll
982.407: Copied file: c:\windows\ServicePackFiles\i386\kbdmlt47.dll
982.454: Copied file: c:\windows\ServicePackFiles\i386\watv10nt.sys
982.594: Copied file: c:\windows\ServicePackFiles\i386\oeaccess.inf
982.610: Copied file: c:\windows\ServicePackFiles\i386\ativdaxx.ax
982.625: Copied file: c:\windows\ServicePackFiles\i386\user32.dll
982.688: Copied file: c:\windows\ServicePackFiles\i386\tsweb1.htm
982.704: Copied file: c:\windows\ServicePackFiles\i386\usbcamd.sys
982.735: Copied file: c:\windows\ServicePackFiles\i386\midimap.dll
982.813: Copied file: c:\windows\ServicePackFiles\i386\jsproxy.dll
982.938: Copied file: c:\windows\ServicePackFiles\i386\actmovie.exe
983.000: Copied file: c:\windows\ServicePackFiles\i386\mssha.dll
983.032: Copied file: c:\windows\ServicePackFiles\i386\progman.exe
983.204: Copied file: c:\windows\ServicePackFiles\i386\userinit.exe
983.329: Copied file: c:\windows\ServicePackFiles\i386\wbemess.dll
983.422: Copied file: c:\windows\ServicePackFiles\i386\dinput.dll
983.500: Copied file: c:\windows\ServicePackFiles\i386\keyboard.sys
983.594: Copied file: c:\windows\ServicePackFiles\i386\shscrap.dll
983.610: Copied file: c:\windows\ServicePackFiles\i386\kmixer.sys
983.641: Copied file: c:\windows\ServicePackFiles\i386\fp98sadm.exe
983.688: Copied file: c:\windows\ServicePackFiles\i386\ati3d2ag.dll
983.782: Copied file: c:\windows\ServicePackFiles\i386\setupqry.inf
983.938: Copied file: c:\windows\ServicePackFiles\i386\tscdsbl.bat
984.047: Copied file: c:\windows\ServicePackFiles\i386\msimn.exe
984.063: Copied file: c:\windows\ServicePackFiles\i386\utopiaqu.wav
984.079: Copied file: c:\windows\ServicePackFiles\i386\wiascr.dll
984.110: Copied file: c:\windows\ServicePackFiles\i386\icsmgr.js
984.141: Copied file: c:\windows\ServicePackFiles\i386\qcap.dll
984.172: Copied file: c:\windows\ServicePackFiles\i386\activ.htm
984.204: Copied file: c:\windows\ServicePackFiles\i386\msscript.mui
984.219: Copied file: c:\windows\ServicePackFiles\i386\wininet.dll
984.360: Copied file: c:\windows\ServicePackFiles\i386\xmlp_bec.xdr
984.375: Copied file: c:\windows\ServicePackFiles\i386\zipfldr.dll
984.454: Copied file: c:\windows\ServicePackFiles\i386\d3d8thk.dll
984.579: Copied file: c:\windows\ServicePackFiles\i386\cmd.exe
984.641: Copied file: c:\windows\ServicePackFiles\i386\dbghelp.dll
984.750: Copied file: c:\windows\ServicePackFiles\i386\dfrgsnap.dll
984.782: Copied file: c:\windows\ServicePackFiles\i386\agentctl.dll
984.844: Copied file: c:\windows\ServicePackFiles\i386\isptype.js
984.844: Copied file: c:\windows\ServicePackFiles\i386\isp2busy.htm
984.860: Copied file: c:\windows\ServicePackFiles\i386\msexch40
Could this possibly what you want? There's 2/3 of the file left.
Oh my goodness gracious! I didn't expect it to be that large! This is going to take some time to sift through. I'll post back with my findings as soon as possible.
Thank you for the log. :)
Do you want me to post the rest or wait til you get thru with what I've already posted? I guess this is what you wanted after all. There's still twice as much left to post.
Go ahead and post the rest, although if you can it might be best to send it to a zip file and upload the file to SkyDrive or Dropbox.
Please follow Corrine's instructions.
Here are some instructions on how to create a Dropbox acct and Upload the file to DropboxNote: If you prefer, the same techniques may be applied to Skydrive however these instructions may not necessarily work for Skydrive.
- If you haven't already created a Dropbox account, please do so Here (http://db.tt/HDZpJufT)
- Although this procedure can be done directly through the website, it is much easier to do so via the Windows client which can be downloaded from the Dropbox website:
https://www.dropbox.com/install (https://www.dropbox.com/install)
- After you have downloaded and installed that, you should now see Dropbox in your Favourites box in Windows Explorer. This is the folder that will be synchronised with the Dropbox servers, anything that you wish to back up online can be put in here, but today we will be using it to transfer files.
(https://dl.dropbox.com/u/16537616/Static/Tutorials/Dropbox/Favourites%20list.PNG)
- To access your Dropbox folder, just click on the link in the top left hand corner of Windows Explorer (accessible from any location - Documents etc.). Alternatively, you can double click on the icon (https://dl.dropbox.com/u/16537616/Static/Tutorials/Dropbox/icon.jpg) found in your system tray (next to the time). If you are still having issues locating this folder, unless otherwise specified, it can be found under this location: C:\Users\{Your username}\Dropbox
- Copy all of the following files to the Public folder in your Dropbox:
- Select all files by pressing Ctrl+A then right-click and select Send to > Compressed (zipped) folder
- This will create a .zip (https://dl.dropbox.com/u/16537616/Static/Tutorials/Dropbox/zip_icon.png) file in your Public folder.
- Right-click on this file and select Dropbox > Copy Public Link then Paste (Ctrl + V) this link into your next post for me please
I downloaded Dropbox and created an acct. I think I created a zipfile with the svcpack log, I assumed that's what you wanted. I attempted to share the file in Dropbox. I don't know if I completely get how to make it public. When I rt click on the file in Dropbox I don't get Dropbox > Copy Public Link.
Make sure the file is in the Public folder
Click on the Public folder to open it.
Inside the Public folder do you see the zip folder you created?
Right click on the zip folder found in the Public folder and from the list look for Copy Public Link (it might be found about half way down the list)
Paste public link in reply box.
Let me know if this helps.
I've been all over that page, even did a search. Cannot find Public Folder in Dropbox. There's a Share File, but when I click on that there are places for emails and message.
mare_wbpa,
The logs will not be needed. You did provide enough of the log to see that you have MAJOR registry corruption obviously brought on by years of using registry cleaners. Personally, I don't think those discs you have will fix it either. You really need to get this computer to a reputable tech shop and to be honest, due to the age of the computer and the cost of bringing it up to standards for it to run properly, you would have a nice down payment on a new computer. This computer will nickle and dime you to death.
I'm sorry for the bad news.
Donna
No problem Donna. I'm puzzled tho, I don't remember using registry cleaners. I did use Mbam and did disc cleanups and defrags. I'm not upset in the least, I was ready to retire this machine. I have a laptop that I bought around the time I was having problems after trying to install SP2, it's hardly been used and runs well. I've been backing up the desktop, so I can transfer my photos and music files to the laptop. It's good to know that the team is here if I need you again. A big thank you to everyone who has been involved with helping me on this journey.