View Full Version : malware has removed the desktop icons
Hello,
I need help with an infection on my Windows XP computer. Upon boot up the desktop appears for a few seconds, then all the icons disappear and I can no longer navigate. When I booted up in safe mode, windows loaded, then immediately went to shut down and rebooted itself. I've tried safe mode a few times now and it always shuts down and reboots. I cannot seem to access anything on that computer right now.
Can anyone help with this?
Thanks,
fmy
Hi fmy321,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Last Known Good Configuration
How to start your computer by using the Last Known Good Configuration feature
(read through the steps before starting)
Remove all floppy disks and CDs from your computer and then restart your computer.
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Last Known Good Configuration using the arrow keys.
Then press enter on your keyboard.
=========================
If the computer boots normally now please run the following scans and post the corresponding logs. If not, report back with how the computer is acting.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) aswMBR
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Make sure all other windows are closed and to let it run uninterrupted.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.
=========================
In your next post please provide the following:
aswMBR.txt
attach MBR.zip
OTL.txt
Extras.txt
Hi OCD,
It's great that you will be able to help me. Thank you.
I restarted the machine in "Last Known Good Configuration" mode as you suggested. This is what happened:
computer starts to load Windows
desktop appears, including all the icons
after approximately 10 seconds all icons disappear, my desktop background is still there but there is no access to the start button
the mouse still controls the cursor but there is nothing to do, still no access to start button even through the keyboard
I've waited up to five minutes....nothing happens and I have to perform a hard shutdown
Thanks again for the help,
fmy321
Hi fmy321,
Let's try this and see if we can access the Task Bar and Start Menu.
Press and hold the "Ctrl" key simultaneously with the "Esc" key to access the Windows Start Menu.
OR
If your computer has a Windows key, see if that works.
=========================
If you are able to access the Start Menu with the above steps do the following next, if not report back.
=========================
In the Run box type "taskmgr.exe" (without quotes) this should open the Task Manager
Next choose File > New Task (run) > enter "explorer.exe" (without quotes)
Select OK
=========================
Reboot
=========================
If the computer reboots and the Desktop Icons, Start Menu & Task Bar are visible, then continue. If not report back.
=========================
System File Checker
Click Start, in the run box:
Type: sfc /scannow (There's a space between sfc and /scannow.)
Type: exit to close the command prompt window
Include the findings in your next reply
In your next post please provide the following:
Update status
Hi OCD,
I tried both of your suggestions: the windows key and ctrl + esc keys simultaneously. Neither brings up the task bar or start menu.
fmy321
Hi fmy321,
Boot your computer and tap the F8 key repeatedly to access the Advanced Boot Options menu.
What are the options available in the Advanced Boot menu?
Do you have Windows XP Disks?
OCD,
My options are:
last known good configuration
directory services restore mode
debugging mode
disable automatic restart on system failure
start windows normally
reboot
return to OS choices menu
safe mode
safe mode with networking
safe mode with command prompt
Unfortunately, I do not have XP disks
fmy321
Hi fmy321,
Boot once again to the Advance Boot Options menu.
This time select Safe Mode with Command Prompt
Once the Command Prompt windows appears type: sfc /scannow (There's a space between sfc and /scannow.)
Then press Enter.
After the scan has finished, reboot the computer into Normal Mode
=========================
In your next post please provide the following:
Report back the results of the System File Checker
Hi OCD,
I started the computer in safe mode with command prompt. The computer goes into safe mode (black screen with “safe mode” in all four corners). After a couple seconds, Windows starts to load. It then immediately shuts down the computer, then reboots.
Note: my screensaver still starts up if there is no activity for a few minutes.
I restarted the computer in Normal Mode. While the icons were still on the desktop, I quickly clicked the start button, clicked run and typed in cmd. The command prompt window appeared (this took a couple attempts to do it quickly enough). I typed in your suggested command: sfc /scannow. The Windows File Protection box popped up and the scan started. The scan took 30 – 40 minutes to complete. During the scan I repeatedly got a couple messages. Either:
“Files that are required for Windows to run properly must be copied to the DLL cache. Insert your Windows XP Professional Service Pack 3 cd now”
Or
“Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original version of these files. Insert your Windows XP Professional Service Pack 2 cd now”
Since I don’t have the disks, I had to cancel out each time one of these messages appeared (a total of 15 times during the scan).
Once the scan was finished, I closed out the command prompt window, shut down the computer and restarted in Normal Mode. The machine booted up, the desktop and icons showed up and the icons disappeared within 10 seconds or so. Same as before.
Hope this isn’t too much info. I didn’t know what you needed.
fmy321
Hi fmy321,
Hope this isn’t too much info. I didn’t know what you needed.The more detailed the explaination the better, thanks. Let's try a slightly different approach:
Boot once again to the Advance Boot Options menu.
This time select Safe Mode with Command Prompt
Once the Command Prompt windows appears type: chkdsk /f C: (Replace if C is not your hard drive with the appropriate drive letter) - [There is a space between chkdsk and /f C:]
Then press Enter.
After the scan has finished, reboot the computer into Normal Mode
=========================
In your next post please provide the following:
chkdsk update
Hi OCD,
Tried your suggestion. Unfortunately, when I start up in safe mode with command prompt I get to the safe mode screen, then windows starts to load and then reboots the computer. I never get a command prompt.
I tried it the way I mentioned in my last post…quickly click the start button and run cmd in the ten seconds or so before my icons and task bar disappear. I got to the command prompt this way and tried to run chkdsk but got the message:
“Cannot lock current drive. Volume is in use by another process.”
It asked if I wanted to run chkdsk on start up, so I said yes. Doing this I was able to run chkdsk. It completed all three stages then put up some statistics on the screen. However, it rebooted so fast I was not able to read any of the stats. It rebooted into Normal Mode, leaving me with the same problem.
Also, I’ve found a friend who has a disk I can borrow if you think it will help. I believe it is labeled as a “reinstall disk, Windows XP Professional SP 2”. We did not buy our computers at the same time but both are Dell computers running XP Professional. Didn’t know if this could help or just make things worse.
fmy321
Hi fmy321,
A reinstall might be the best option. It seems your current version of Windows has become corrupt. Unfortunately, with a reinstall you will lose all your currently installed programs and data.
If this is the route you would like to take let me know when you have the disks and we will go from there.
Hi OCD,
I would prefer to solve the problem without reinstalling windows, if that is possible. Is there anything else we can try?
If we cannot solve the issue, my two options for xp disks are:
A Dell disk labeled "Recovery disk, XP Professional SP 2"
or
A Microsoft disk labeled "Microsoft XP Professional, Version 2002"
Is there anything we can try before re-installing?
fmy321
Hi fmy321,
Is there anything we can try before re-installing?
You stated it you leave the computer for awhile your screensaver will kick in.
Boot up in Normal Mode and once the Start button and Task Bar disappear try hitting the F11 key. If it resolves the problem skip the next set of instructions.
I usually don't just give links to other websites that have directions for steps to try but in this instance I am. Please go here (https://kb.wisc.edu/helpdesk/page.php?id=592) and work through the suggested solutions and see if any of these remedy the situation. Report back with your results.
Hi OCD,
The F11 key did not do anything.
I tried the website you suggested. None of the suggestions worked. I was able to open the task manager. When I typed in "explorer.exe" I noticed that in the task manager, under the Image Name column, "explorer.exe" appeared for a few seconds. It disappeared and "rundll32.exe" appeared for a few seconds, then disappeared. Nothing else happened and I never did get a task bar.
fmy321
Hi fmy321,
I'm still trying to figure out a way around this issue, but we may still need to end up re-installing the OS.
Can you give me the Make, Model of the computer?
It's a Dell Dimension E310
Hi fmy321,
Unfortunately, I'm not coming up with much. Let's give System File Checker again and when prompted for a CD use the Microsoft XP Professional, Version 2002
Boot once again to the Advance Boot Options menu.
This time select Safe Mode with Command Prompt
Once the Command Prompt windows appears type: sfc /scannow (There's a space between sfc and /scannow.)
Then press Enter.
After the scan has finished, reboot the computer into Normal Mode
=========================
In your next post please provide the following:
Report back with the results.
Hi OCD,
Since I can’t boot in Safe Mode with Command Prompt I accessed the command prompt by running cmd from the Task Manager. Don’t know if this is a problem (since I’m not in safe mode) but thought I should tell you how I got to the command prompt.
Once there, I ran System File Checker and used the Windows XP Professional cd. Unfortunately, it just kept telling me that I had the wrong disk. It needs XP Professional SP 2 and SP 3 disks. Once finished with the file checker I rebooted in Normal Mode, but continue to have the same problem.
fmy321
Hi fmy321,
Let's see if we can get to System Restore and roll back to a date prior to the problem.
Once again access the Command Prompt.
In the Command Prompt window type %systemroot%\system32\restore\rstrui.exe and press Enter.
Follow the instructions to perform the System Restore
Post back the results.
Hi OCD,
Looks good! I restored to an early October date. Computer restarted, my desktop is populated with icons and it looks like I can access all of them.
What's next? And thanks taking time on the weekend to help me.
fmy321
Hi fmy321,
Looks good! I restored to an early October date. Computer restarted, my desktop is populated with icons and it looks like I can access all of them.That's great to hear. :bigthumb:
What's next? And thanks taking time on the weekend to help me.You're quite welcome! Since we never got to review any scans, let's do those now and see what is present on your system.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) aswMBR
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Make sure all other windows are closed and to let it run uninterrupted.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.
=========================
In your next post please provide the following:
checkup.txt
aswMBR.txt
attach MBR.zip
OTL.txt
Extras.txt
Hi OCD,
Here we go:
Checkup.txt
Results of screen317's Security Check version 0.99.74
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
McAfee VirusScan Enterprise
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
CCleaner
Java 7 Update 25
Java(TM) 6 Update 4
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader XI (KB403742..)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
McAfee VirusScan Enterprise engineserver.exe
McAfee VirusScan Enterprise vstskmgr.exe
McAfee VirusScan Enterprise mcshield.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````
aswMBR.txt
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-21 08:52:21
-----------------------------
08:52:21.189 OS Version: Windows 5.1.2600 Service Pack 3
08:52:21.189 Number of processors: 2 586 0x409
08:52:21.189 ComputerName: FMYOFFICE UserName:
08:52:21.861 Initialize success
08:53:09.086 AVAST engine defs: 13102000
08:54:33.412 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
08:54:33.412 Disk 0 Vendor: ST380819AS 8.04 Size: 76293MB BusType: 3
08:54:33.490 Disk 0 MBR read successfully
08:54:33.506 Disk 0 MBR scan
08:54:33.615 Disk 0 unknown MBR code
08:54:33.615 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
08:54:33.662 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 52438 MB offset 80325
08:54:33.709 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19045 MB offset 107490915
08:54:33.740 Disk 0 Partition 4 00 DB CP/M / CTOS MSDOS5.0 4753 MB offset 146496735
08:54:33.756 Disk 0 scanning sectors +156232125
08:54:33.881 Disk 0 scanning C:\WINDOWS\system32\drivers
08:55:00.797 Service scanning
08:55:28.292 Modules scanning
08:55:33.697 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
08:55:34.353 Disk 0 trace - called modules:
08:55:34.353 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
08:55:34.368 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d4dab8]
08:55:34.368 3 CLASSPNP.SYS[f757efd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86d7fb00]
08:55:35.025 AVAST engine scan C:\WINDOWS
08:55:42.804 AVAST engine scan C:\WINDOWS\system32
09:00:06.422 AVAST engine scan C:\WINDOWS\system32\drivers
09:00:38.072 AVAST engine scan C:\Documents and Settings\Fred Youngs
09:03:16.914 File: C:\Documents and Settings\Fred Youngs\Local Settings\Temp\WinProcess.exe **INFECTED** Win32:Rootkit-gen [Rtk]
09:09:13.359 AVAST engine scan C:\Documents and Settings\All Users
09:09:34.840 File: C:\Documents and Settings\All Users\Application Data\do374clb.plz **INFECTED** Win32:Rootkit-gen [Rtk]
09:12:52.073 Scan finished successfully
09:13:03.571 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Fred Youngs\Desktop\MBR.dat"
09:13:03.586 The log file has been saved successfully to "C:\Documents and Settings\Fred Youngs\Desktop\aswMBR.txt"
otl.txt
OTL logfile created on: 10/21/2013 9:18:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Fred Youngs\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 447.02 Mb Available Physical Memory | 44.08% Memory free
2.38 Gb Paging File | 1.86 Gb Available in Paging File | 78.16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 18.43 Gb Free Space | 35.99% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 3.16 Gb Free Space | 16.96% Space Free | Partition Type: NTFS
Computer Name: FMYOFFICE | User Name: Fred Youngs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Fred Youngs\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MOD - C:\Program Files\McAfee\Common Framework\cryptocme2.dll ()
========== Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (BW2NDIS5) -- System32\Drivers\BW2NDIS5.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (aswMBR) -- C:\DOCUME~1\FREDYO~1\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (Inspect) -- C:\WINDOWS\system32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {CB59DDF8-2D50-4521-80A8-0398C2640266}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{CB59DDF8-2D50-4521-80A8-0398C2640266}: "URL" = http://www.infospace.com/vzn.dsl.tbar.sbie7/redirs_all.htm?pgtarg=wbsdogpile&qcat=web&qkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Fred Youngs\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Fred Youngs\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Fred Youngs\Application Data\Move Networks [2009/09/12 17:08:18 | 000,000,000 | ---D | M]
[2007/07/12 17:26:18 | 000,001,057 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\verizonsearch.xml
O1 HOSTS File: ([2013/08/05 13:46:16 | 000,451,185 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 15514 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1340643758454 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://140.232.203.251/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.uml.edu/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4235F7CF-120C-4E89-BF12-C7724C4C832F}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/10/21 08:33:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fred Youngs\Desktop\OTL.exe
[2013/10/21 08:32:56 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Fred Youngs\Desktop\aswMBR.exe
[2013/10/20 11:54:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fred Youngs\Recent
[2013/10/14 17:04:38 | 000,180,224 | ---- | C] (Borland Software Corporation) -- C:\Documents and Settings\All Users\Application Data\do374clb.plz
[2008/02/12 17:21:22 | 015,079,680 | ---- | C] (COMODO) -- C:\Program Files\CFP_Setup_3.0.16.295_XP_Vista_x32.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/10/21 09:14:04 | 000,000,588 | ---- | M] () -- C:\Documents and Settings\Fred Youngs\Desktop\MBR.zip
[2013/10/21 09:13:03 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Fred Youngs\Desktop\MBR.dat
[2013/10/21 08:54:04 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/21 08:53:48 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/10/21 08:53:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/10/21 08:51:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/21 08:50:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/21 08:50:25 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/21 08:33:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred Youngs\Desktop\OTL.exe
[2013/10/21 08:32:57 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Fred Youngs\Desktop\aswMBR.exe
[2013/10/21 08:32:23 | 000,891,167 | ---- | M] () -- C:\Documents and Settings\Fred Youngs\Desktop\SecurityCheck.exe
[2013/10/20 11:40:41 | 095,025,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\blc473od.pff
[2013/10/20 11:40:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\blc473od.ctrl
[2013/10/14 17:04:38 | 000,180,224 | ---- | M] (Borland Software Corporation) -- C:\Documents and Settings\All Users\Application Data\do374clb.plz
[2013/09/30 12:33:11 | 000,000,749 | ---- | M] () -- C:\WINDOWS\ss_slide.ini
[2013/09/21 14:48:33 | 000,340,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/10/21 09:14:04 | 000,000,588 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Desktop\MBR.zip
[2013/10/21 09:13:03 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Desktop\MBR.dat
[2013/10/21 08:32:21 | 000,891,167 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Desktop\SecurityCheck.exe
[2013/10/19 11:17:18 | 1063,407,616 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/14 17:04:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\blc473od.ctrl
[2013/10/14 17:04:43 | 095,025,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\blc473od.pff
[2012/03/15 12:28:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/05/29 12:50:42 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Eudora.lnk
[2006/09/27 15:14:36 | 001,035,090 | ---- | C] () -- C:\Program Files\wrar361.exe
[2006/09/17 12:42:21 | 012,698,583 | ---- | C] () -- C:\Program Files\VSE80iLEN.zip
[2006/07/01 19:19:00 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\dvd.bmk
[2006/05/24 19:08:43 | 000,116,224 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/09 17:59:48 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\fusioncache.dat
========== ZeroAccess Check ==========
[2005/08/16 04:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/09/25 01:37:10 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/08/30 14:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/08/24 15:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/12/14 18:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2006/05/04 15:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/07/23 16:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/07 15:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/29 18:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/05/21 19:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred Youngs\Application Data\Earthlink
[2010/01/04 18:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred Youngs\Application Data\GARMIN
[2010/08/24 15:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred Youngs\Application Data\Juniper Networks
[2007/09/30 19:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred Youngs\Application Data\Leadertech
[2009/04/07 21:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred Youngs\Application Data\OfficeUpdate12
[2009/05/29 12:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred Youngs\Application Data\Qualcomm
[2009/06/30 22:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred Youngs\Application Data\Viewpoint
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.EX_ >
[2004/08/10 05:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:\i386\EXPLORER.EX_
< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: EXPLORER.EXE-02121B1A.PF >
[2013/10/19 11:18:28 | 000,085,618 | ---- | M] () MD5=8A24565842DAD53B73458980B292B0E8 -- C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf
< MD5 for: EXPLORER.SC_ >
[2004/08/10 05:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\i386\EXPLORER.SC_
< MD5 for: EXPLORER.SCF >
[2004/08/10 05:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf
< MD5 for: IEXPLORE.CHM >
[2009/02/21 01:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2004/08/10 05:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\i386\iexplore.chm
[2004/08/10 05:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie8\iexplore.chm
< MD5 for: IEXPLORE.CHW >
[2009/05/13 18:13:57 | 000,153,185 | ---- | M] () MD5=729BF63FD961A5CFCDD8FE8526B1E836 -- C:\WINDOWS\Help\iexplore.chw
< MD5 for: IEXPLORE.EX_ >
[2004/08/10 05:00:00 | 000,037,895 | ---- | M] () MD5=F83009589844F0C30801CC2221F06AB9 -- C:\i386\IEXPLORE.EX_
< MD5 for: IEXPLORE.EXE >
[2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ie8\iexplore.exe
[2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2004/08/10 05:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
< MD5 for: IEXPLORE.EXE-2D97EBE6.PF >
[2013/10/21 09:17:08 | 000,070,874 | ---- | M] () MD5=37BC0D112ECD615AB14225CD91FD354E -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf
< MD5 for: IEXPLORE.HLP >
[2004/08/10 05:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\i386\iexplore.hlp
[2004/08/10 05:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp
< MD5 for: SERVICES >
[2004/08/10 05:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\i386\services
[2004/08/10 05:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/10 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe
[2004/08/10 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
< MD5 for: SERVICES.LNK >
[2005/08/16 04:43:10 | 000,001,506 | ---- | M] () MD5=32C3F4CF3D6D83ED91BCDB7555C6D4A1 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
< MD5 for: SERVICES.MSC >
[2004/08/10 05:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\i386\services.msc
[2004/08/10 05:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Documents and Settings\Fred Youngs\My Documents\Spybot - Search & Destroy\Includes\Services.sbs
[2013/07/16 13:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
< MD5 for: WINLOGON.EXE >
[2004/08/10 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/10 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< %SYSTEMDRIVE%\*.* >
[2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/05/09 17:59:29 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/05/04 15:39:36 | 000,006,423 | R--- | M] () -- C:\dell.sdr
[2013/10/21 08:50:25 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2006/05/10 19:43:07 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/05/04 15:59:33 | 000,000,828 | -H-- | M] () -- C:\IPH.PH
[2004/08/10 05:00:00 | 000,388,608 | ---- | M] (Microsoft Corporation) -- C:\kmd.exe
[2012/05/21 16:40:02 | 000,000,108 | ---- | M] () -- C:\mbam-error.txt
[2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/11 16:42:48 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/10/21 08:50:24 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2011/11/30 14:04:55 | 000,002,255 | ---- | M] () -- C:\rkill.log
[2006/05/04 15:59:41 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2011/11/29 19:30:07 | 000,061,006 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_29.11.2011_18.29.14_log.txt
[2011/11/29 19:57:33 | 000,060,480 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_29.11.2011_18.57.09_log.txt
[2011/11/29 22:31:09 | 000,119,130 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_29.11.2011_21.28.06_log.txt
[2011/11/30 14:06:27 | 000,060,402 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_30.11.2011_13.06.08_log.txt
[2011/11/30 14:29:01 | 000,060,480 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_30.11.2011_13.28.44_log.txt
< %systemroot%\Fonts\*.com >
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2005/08/16 04:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2006/05/11 18:29:35 | 000,282,624 | ---- | M] (Comis software) -- C:\WINDOWS\Slideshow.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008/02/12 17:21:23 | 015,079,680 | ---- | M] (COMODO) -- C:\Program Files\CFP_Setup_3.0.16.295_XP_Vista_x32.exe
[2006/09/15 12:49:40 | 012,698,583 | ---- | M] () -- C:\Program Files\VSE80iLEN.zip
[2006/09/27 15:14:52 | 001,035,090 | ---- | M] () -- C:\Program Files\wrar361.exe
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is FC23-7B14
< %systemroot%\System32\config\*.sav >
[2005/08/16 04:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/08/16 04:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/08/16 04:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/11/11 16:54:42 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/11/11 17:25:41 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2013/10/21 08:32:57 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Fred Youngs\Desktop\aswMBR.exe
[2008/02/10 22:13:00 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Fred Youngs\Desktop\ATF-Cleaner.exe
[2013/10/21 08:33:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred Youngs\Desktop\OTL.exe
[2013/10/21 08:32:23 | 000,891,167 | ---- | M] () -- C:\Documents and Settings\Fred Youngs\Desktop\SecurityCheck.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Base Services ==========
SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 08:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST380819AS
Partitions: 4
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 51.00GB
Starting Offset: 41126400
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 19.00GB
Starting Offset: 55035348480
Hidden sectors: 0
DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 5.00GB
Starting Offset: 75006328320
Hidden sectors: 0
< >
[2005/08/16 04:18:26 | 000,000,065 | R--- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2005/08/16 04:49:41 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2011/07/22 14:26:17 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2012/12/19 11:28:58 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
< End of report >
Here is extras.txt
OTL Extras logfile created on: 10/21/2013 9:18:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Fred Youngs\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 447.02 Mb Available Physical Memory | 44.08% Memory free
2.38 Gb Paging File | 1.86 Gb Available in Paging File | 78.16% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 18.43 Gb Free Space | 35.99% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 3.16 Gb Free Space | 16.96% Space Free | Partition Type: NTFS
Computer Name: FMYOFFICE | User Name: Fred Youngs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}" = McAfee Agent
"{77F9D52A-C8D7-4FE8-8510-19FC6CF75BC3}" = Access Drivers
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8A47D90B-1D41-4DF6-92A9-9C8E39A11561}" =
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9B486871-27EB-49A5-8832-77176E63333C}" = iTunes
"{9CEA8C2F-3104-4652-9ADA-CA0F62C99D50}" = Eudora
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Verizon Online Help and Support" = Verizon Online Help and Support
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Media Player" = Move Media Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/18/2013 3:08:17 PM | Computer Name = FMYOFFICE | Source = JavaQuickStarterService | ID = 1
Description =
[ System Events ]
Error - 10/19/2013 11:19:31 AM | Computer Name = FMYOFFICE | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.
Error - 10/19/2013 11:20:01 AM | Computer Name = FMYOFFICE | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.
Error - 10/20/2013 11:41:30 AM | Computer Name = FMYOFFICE | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.
Error - 10/20/2013 11:42:00 AM | Computer Name = FMYOFFICE | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.
Error - 10/20/2013 11:42:30 AM | Computer Name = FMYOFFICE | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.
Error - 10/20/2013 11:43:00 AM | Computer Name = FMYOFFICE | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.
Error - 10/20/2013 11:43:30 AM | Computer Name = FMYOFFICE | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.
Error - 10/20/2013 11:44:00 AM | Computer Name = FMYOFFICE | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.
Error - 10/20/2013 11:44:30 AM | Computer Name = FMYOFFICE | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.
Error - 10/20/2013 11:45:00 AM | Computer Name = FMYOFFICE | Source = DCOM | ID = 10010
Description = The server {C49E32C6-BC8B-11D2-85D4-00105A1F8304} did not register
with DCOM within the required timeout.
< End of report >
Hi fmy321,
IMPORTANT NOTE: Unfortunately, one or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
If you would like to try and clean the computer we can go that route also, if so please continue.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ComboFix
Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from the following location:
Link (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
=========================
In your next post please provide the following:
Combofix.txt
Hi OCD,
Since I use the infected computer for online banking I guess it would be best to reformat and reinstall. I have most of my important files backed up on a flash drive.
Will I be able to reinstall the OS from one of the cds I have?
fmy321
Hi fmy321,
You will need to unplug all USB / External drives prior to beginning the clean re-install process.
I have divided the process into 4 parts for simplicity. Each section has multiple steps, don't be alarmed by the length of the tutorial. I have included images of the steps for guidance.
If possible follow along with the re-install on a another computer so you can reference the steps. Please read through the tutorial completely BEFORE beginning.
If you have any questions prior to starting feel free to ask.
========================= Part 1 =========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew1_zps7d1741ec.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew1_zps7d1741ec.jpg.html)
The most important thing to realize before performing a clean installation of Windows XP is that all of the information on the drive that Windows XP is currently on (probably your C: drive) will be destroyed during this process. That means that if there's anything you want to keep you should back it up to a CD or another drive prior to beginning this process.
Some things to consider backing up hat usually reside on the same drive as Windows XP (which we'll assume is "C:") include a number of folders located under C:\Documents and Settings\{YOUR NAME} such as Desktop, Favorites and My Documents. Also check these folders under other user's accounts if more than one person logs onto your PC.
You should also locate the Windows XP product key, a 25-digit alphanumeric code unique to your copy of Windows XP. If you can't locate it, there is a fairly easy way to find the Windows XP product key code from your existing installation, but this must be done before you reinstall.
When you're absolutely sure sure that everything from your computer that you want to keep is backed up, proceed to the next step. Keep in mind that once you delete all of the information from this drive (as we'll do in a future step), the action is not reversible!
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew2_zpsd2a2ec42.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew2_zpsd2a2ec42.jpg.html)
To begin the Windows XP clean install process, you will need to boot from the Microsoft XP Professional, Version 2002 CD.
Watch for a Press any key to boot from CD... message similar to the one shown in the screenshot above.
Press a key to force the computer to boot from the Windows CD. If you do not press a key, your PC will attempt to boot to the operating system that's currently installed on your hard drive. If this happens, simply reboot and try to boot to the Windows XP CD again.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew3_zpsaafcaadb.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew3_zpsaafcaadb.jpg.html)
The Windows Setup screen will appear and a number of files and drivers necessary for the setup process will load.
Toward the beginning of this process, a message will appear that says Press F6 if you need to install a third party SCSI or RAID driver.... As long as you are performing this clean install from a Windows XP SP2 CD, this step is probably not necessary. On the other hand, if you're reinstalling from an older version of the Windows XP installation CD and you have an SATA hard drive, you will need to press F6 here to load any necessary drivers. The instructions that came with your hard drive or computer should include this information.
For most users though, this step can be ignored.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew4_zps1f3cdd57.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew4_zps1f3cdd57.jpg.html)
After the necessary files and drivers are loaded, the Windows XP Professional Setup screen will appear.
Since this will be a clean installation of Windows XP, press Enter to setup Windows XP now.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew5_zps2151759b.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew5_zps2151759b.jpg.html)
The next screen that appears is the Windows XP Licensing Agreement screen. Read through the agreement and press F8 to confirm that you agree with the terms.
Tip: Press the Page Down key to advance through the licensing agreement faster. This is not to suggest that you should skip reading the agreement though! You should always read a software's "small print" especially when it comes to operating systems like Windows XP.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew6_zpsfdb1a044.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew6_zpsfdb1a044.jpg.html)
On the next screen, Windows XP Setup needs to know which Windows installation you want to repair or if you'd rather install a fresh copy of Windows XP.
An installation of Windows on your PC should already be highlighted, assuming Windows exists on there at all (it doesn't need to). If you have multiple Windows installations then you'll see them all listed.
Even though you may be repairing an issue with your computer, do not choose to repair the selected Windows XP installation. In this tutorial, we are installing a clean copy of Windows XP on the computer.
Press the Esc key to continue.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew7_zps2eef5147.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew7_zps2eef5147.jpg.html)
In this step, you will delete the main partition on your computer - the space on the hard drive that your current Windows XP installation has been using.
Using the arrow keys on your keyboard, highlight the line for the C: drive. It probably says Partition1 or System though yours may be different. Press D to delete this partition.
Warning: This will remove all of the information on the drive that Windows XP is currently on (your C: drive). Everything on that drive will be destroyed during this process.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew8_zpsd07b78ee.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew8_zpsd07b78ee.jpg.html)
In this step, Windows XP Setup warns that the partition you are trying to delete is a system partition that may contain Windows XP. Of course we know this because that is exactly what we're trying to do.
Confirm your knowledge that this is a system partition by pressing Enter to continue.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew9_zpsaa08afa0.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew9_zpsaa08afa0.jpg.html)
WARNING: This is your last chance to back out of the reinstallation process by pressing the Esc key. If you back out now and restart your PC, your previous Windows XP installation will boot normally with no loss of data, assuming it was working before you started this process!
If you're sure you're ready to proceed, confirm that you wish to delete this partition by pressing the L key.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew10_zps70a7514e.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew10_zps70a7514e.jpg.html)
Now that the previous partition is removed, all of the space on the hard drive is unpartitioned. In this step, you will create a new partition for Windows XP to use.
Using the arrow keys on your keyboard, highlight the line that says Unpartitioned space. Press C to create a partition on this unpartitioned space.
Warning Note: You may have other partitions on this drive and on other drives that may be installed in your PC. If so, you may have a number of entries here. Be careful not to remove partitions that you may be using as this will remove all data from those partitions permanently.
========================= Part 2 =========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew11_zpse5adb627.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew11_zpse5adb627.jpg.html)
Here you need to choose a size for the new partition. This will become the size of the C drive, the main drive on your PC that Windows XP will install to. This is also the drive that all of your software and data will probably reside on unless you have additional partitions set aside for those purposes.
Unless you are planning on creating additional partitions from within Windows XP after the clean installation process (for any number of reasons), it's usually wise to create a partition at the maximum size possible.
For most users, the default number provided will be the maximum space available and the best choice. Press Enter to confirm the partition size.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew12_zpsa9da3d00.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew12_zpsa9da3d00.jpg.html)
Highlight the line with the newly created partition and press Enter to set up Windows XP on the selected partition.
Note: Even if you created a partition at the maximum size available, there will always be a relatively small amount of space left over that will not be included in the partitioned space. This will be labeled as Unpartitioned space in the list of partitions, as shown in the screen shot above.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew13_zps862a7b82.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew13_zps862a7b82.jpg.html)
For Windows XP to install on a partition on a hard drive, it has to be formatted to use a particular file system - either the FAT file system format or the NTFS file system format. NTFS is more stable and secure than FAT and is always the recommended choice for a new Windows XP installation.
Using the arrow keys on your keyboard, highlight the line that says Format the partition using the NTFS file system and press Enter.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew14_zps8c48e1c4.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew14_zps8c48e1c4.jpg.html)
Depending on the size of the partition that you are formatting and the speed of your computer, formatting the partition could take anywhere from a few minutes to several minutes or hours.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew15_zps59a790b9.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew15_zps59a790b9.jpg.html)
Windows XP Setup will now copy the necessary installation files from the Windows XP installation CD to the newly formatted partition - the C drive. This step usually only takes a few minutes and no user intervention is necessary.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew16_zps980be200.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew16_zps980be200.jpg.html)
Windows XP will now begin installing. No user intervention is necessary.
Note: The Setup will complete in approximately: time estimation on the left is based on the number of tasks that the Windows XP setup process has left to complete, not on a true estimation of the time it will take to complete them. Usually the time here is an exaggeration. Windows XP will probably be setup sooner than this.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew17_zpsd2956ca7.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew17_zpsd2956ca7.jpg.html)
During installation, the Regional and Language Options window will appear.
The first section allows you to change the default Windows XP language and the default location. If the options listed match your preferences, no changes are necessary. If you wish to make changes, click on the Customize... button and follow the directions given to install new languages or change locations.
The second section allows you to change the default Windows XP input language and device. If the options listed match your preferences, no changes are necessary. If you wish to make changes, click on the Details... button and follow the directions given to install new input languages or change input methods.
After you've made any changes, or if you've determined no changes are necessary, click Next >.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew18_zps50eab0c5.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew18_zps50eab0c5.jpg.html)
In the Name: text box, enter your full name. In the Organization text box, enter your organization or business name. Click Next > when complete.
In the next window (not shown), enter the Windows XP product key. This key should have come with your Windows XP purchase.
Note: If you're installing Windows XP from a Windows XP Service Pack 3 (SP3) CD, you will not be prompted to enter a product key at this time.
Click Next > when complete.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew19_zpsce862b01.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew19_zpsce862b01.jpg.html)
The Computer Name and Administrator Password window will appear next.
In the Computer name: text box, Windows XP Setup has suggested a unique computer name for you. If your computer will be on a network, this is how it will be identified to other computers. Feel free to change the computer name to anything you wish.
In the Administrator password: text box, enter a password for the local administrator account. This field can be left blank but it's not recommended to do so for security purposes. Confirm this password in the Confirm password: text box.
Click Next > when complete.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew20_zpsb6c06622.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew20_zpsb6c06622.jpg.html)
In the Date and Time Settings window, set the correct date, time and time zone settings.
Click Next > when complete.
========================= Part 3 =========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew21_zpse3f6e026.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew21_zpse3f6e026.jpg.html)
The Networking Settings window will appear next with two options for you to choose from - Typical settings or Custom settings.
If you're installing Windows XP in on a single computer or a computer on a home network, chances are the correct option to choose is Typical settings.
If you're installing Windows XP in a corporate environment, you may need to choose the Custom settings option but check with your system administrator first. Even in this case, the Typical settings option is probably the right one.
If you're not sure, choose Typical settings.
Click Next >.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew22_zps30ef280a.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew22_zps30ef280a.jpg.html)
The Workgroup or Computer Domain window will appear next with two options for you to choose from - No, this computer is not on a network, or is on a network without a domain... or Yes, make this computer a member of the following domain:.
If you're installing Windows XP on a single computer or a computer on a home network, chances are the correct option to choose is No, this computer is not on a network, or is on a network without a domain.... If you're on a network, enter the workgroup name of that network here. Otherwise, feel free to leave the default workgroup name and continue.
If you're installing Windows XP in a corporate environment, you may need to choose the Yes, make this computer a member of the following domain: option and enter a domain name but check with your system administrator first.
If you're not sure, choose No, this computer is not on a network, or is on a network without a domain....
Click Next >.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew23_zps4f05f853.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew23_zps4f05f853.jpg.html)
The Windows XP installation will now finalize. No user intervention is necessary.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew24_zps5c9ac496.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew24_zps5c9ac496.jpg.html)
Your PC will automatically restart and proceed to load Windows XP for the first time.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew25_zpsbce3e97e.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew25_zpsbce3e97e.jpg.html)
After the Windows XP start up splash screen appeared in the last step, a window titled Display Settings will appear.
Click OK to allow Windows XP to automatically adjust the screen resolution.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew26_zps9cc26a33.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew26_zps9cc26a33.jpg.html)
The next window is titled Monitor Settings and is asking for confirmation that you can read the text on the screen. This will tell Windows XP that the automatic resolution changes it made in the previous step were successful.
If you can clearly read the text in the window, click OK.
If you can not read the text on the screen, the screen is garbled or not clear, click Cancel if you are able. If you can't see the Cancel button don't worry. The screen will automatically revert to the previous setting in 20 seconds.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew27_zps6b354f47.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew27_zps6b354f47.jpg.html)
The Welcome to Microsoft Windows screen appears next, informing you that the next few minutes will be spent setting up your computer.
Click Next ->.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew28_zpsbb08214f.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew28_zpsbb08214f.jpg.html)
The Checking your Internet connectivity screen appears next, informing you that Windows is checking to see if your computer is connected to the Internet.
If you'd like to skip this step, click Skip ->.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew29_zps92a2643c.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew29_zps92a2643c.jpg.html)
In this step, Windows XP wants to know whether your computer connects to the Internet through a network or if it connects to the Internet directly.
If you have a broadband connection, like DSL or a cable or fiber connection, and are using a router (or if you're on another type of home or business network) then choose Yes, this computer will connect through a local area network or home network.
If your computer connects directly to the Internet via a modem (dial-up or broadband), choose No, this computer will connect directly to the Internet.
Windows XP will see most modern Internet connection setups, even those involving only a single PC, as on a network so the first option is probably the most likely choice for most users. If you're really not sure though, choose No, this computer will connect directly to the Internet or click Skip ->.
After making a choice, click Next ->.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew30_zps51a1ecba.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew30_zps51a1ecba.jpg.html)
Registration with Microsoft is optional, but if you'd like to do that now, choose Yes, I'd like to register with Microsoft now, click Next -> and follow the instructions to register.
Otherwise, choose No, not at this time and click Next ->.
========================= Part 4 =========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew31_zpscc1a04c2.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew31_zpscc1a04c2.jpg.html)
In this step, setup wants to know the names of the users who will use Windows XP so it can setup individual accounts for each user. You must enter at least one name but can enter up to 5 here. More users can be entered from within Windows XP after installation is complete.
After entering the account name(s), click Next -> to continue.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew32_zpsf989b6d4.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew32_zpsf989b6d4.jpg.html)
We're almost there! All of the necessary files are installed and all of the necessary settings are configured.
Click Finish -> to proceed to Windows XP.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew33_zps167c5e48.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew33_zps167c5e48.jpg.html)
Windows XP is now loading for the first time. This may take a minute or two depending on your computer's speed.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/xpnew34_zpsfbbb1ef4.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/xpnew34_zpsfbbb1ef4.jpg.html)
This completes the final step of the Windows XP clean installation! Congratulations!
The first step after a clean install of Windows XP is to proceed to Windows Update to install all of the latest updates and fixes from Microsoft. This is a very important step to ensure that your new Windows XP installation is secure and up to date.
=========================
After you have gotten all the Windows Updates you will need to install an Anti-Virus & Firewall.
Report back when you have completed the above steps.
Hi OCD,
I have a question or two before I start.
You said that I need to have the XP product key. However, my Dell computer did not come with disks. My system has an on board “Dell PC Restore” option. This is what the manual says about it:
Using Dell™ PC Restore by Symantec
NOTE: Dell PC Restore is not available in all countries.
Use Dell PC Restore by Symantec only as the last method to restore your operating system. PC
Restore restores your hard drive to the operating state it was in when you purchased the computer.
Any programs or files added since you received your computer—including data files—are
permanently deleted from the hard drive. Data files include documents, spreadsheets, e-mail
messages, digital photos, music files, and so on. If possible, back up all data before using PC
Restore.
NOTICE: Using PC Restore permanently deletes all data on the hard drive and removes any applications
or drivers installed after you received your computer. If possible, back up the data before using PC
Restore.
If this isn’t good enough, the two cds I have (obtained from friends) are:
1. “Microsoft Windows XP Professional, Version 2002”, my friend just had the disk without the sleeve. I have no product key.
2. “Dell Reinstallation CD, Microsoft Windows XP Professional Service Pack 2”…this disk came in a sleeve with a key on it. Key is only 20 characters long. Don’t know if this is the XP product key?
Which do you think is my best option?
fmy321
Hi fmy321,
Which do you think is my best option? My system has an on board “Dell PC Restore” option This would be the preferred method.
If there are no other questions, feel free to start the Restore process when you are ready. Post back when you have completed it.
You will still need to get the latest Windows updates as well as an Anti-Virus and Firewall before you go about re-installing any other software.
=========================
Good Luck! :bigthumb:
Hi OCD,
I performed the pc restore. It seemed to go fine except. The first thing I did after going through the XP start up process was to do a Windows Update. I tried several times, and rebooted and tried again. I keep getting an error from the windows update site (0x80190194). Do I need to download SP3 manually?
fmy321
Hi fmy321,
Do I need to download SP3 manually? Yes, you probably need to do that before it will allow you to install the remainder of the updates required.
Go here to download Windows XP SP3 - http://www.microsoft.com/download/en/details.aspx?&id=25129
=========================
Hi OCD,
I now have all the Windows updates installed. I also have installed Comodo Firewall and Malwarebytes and updated both programs.
Is there something else I should do? Should we check again to make sure the infections are gone?
fmy321
Hi fmy321,
Which Anti-Virus did you install?
=========================
Since it is a clean install there shouldn't be any malware present. But if you'd like to check to be sure go ahead and run OTL.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
=========================
In your next post please provide the following:
OTL.txt
Extras.txt
Hi OCD,
Sorry, I forgot to mention I installed McAfee anti-virus.
Here is the otl.txt log.
OTL logfile created on: 10/25/2013 8:19:19 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Fred Youngs\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 456.96 Mb Available Physical Memory | 45.06% Memory free
2.38 Gb Paging File | 1.82 Gb Available in Paging File | 76.26% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 37.70 Gb Free Space | 73.62% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 3.16 Gb Free Space | 16.96% Space Free | Partition Type: NTFS
Computer Name: FMYOFFICE | User Name: Fred Youngs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Fred Youngs\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Comodo\COMODO Internet Security\cis.exe (COMODO)
PRC - C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe (COMODO)
PRC - C:\Program Files\Comodo\GeekBuddy\unit_manager.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files\Comodo\GeekBuddy\unit.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe (COMODO)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Comodo\GeekBuddy\QtGui4.dll ()
MOD - C:\Program Files\Comodo\GeekBuddy\QtCore4.dll ()
MOD - C:\Program Files\Comodo\GeekBuddy\QtScript4.dll ()
MOD - C:\Program Files\Comodo\GeekBuddy\QtNetwork4.dll ()
MOD - C:\Program Files\Comodo\Dragon\dragon_updater.exe ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MOD - C:\Program Files\McAfee\Common Framework\cryptocme2.dll ()
========== Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (cmdAgent) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (CLPSLauncher) -- C:\Program Files\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions, Inc.)
SRV - (GeekBuddyRSP) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (DragonUpdater) -- C:\Program Files\Comodo\Dragon\dragon_updater.exe ()
SRV - (cmdvirth) -- C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe (COMODO)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (bvrp_pci) -- File not found
DRV - (HMD) -- C:\WINDOWS\system32\drivers\hmd.sys ()
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (Inspect) -- C:\WINDOWS\system32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmderd) -- C:\WINDOWS\system32\drivers\cmderd.sys (COMODO)
DRV - (CFRMD) -- C:\WINDOWS\system32\drivers\CFRMD.sys (Windows (R) Win 7 DDK provider)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/10/25 08:12:30 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
O1 HOSTS File: ([2004/08/10 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe (COMODO)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk = C:\Program Files\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E48B5C5D-B57B-4B8F-ABFC-7E92C03D5533}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E48B5C5D-B57B-4B8F-ABFC-7E92C03D5533}: NameServer = 156.154.70.22,156.154.71.22
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/25 08:18:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fred Youngs\Desktop\OTL.exe
[2013/10/25 08:15:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/10/25 08:09:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/10/25 07:56:00 | 000,066,600 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2013/10/25 07:55:59 | 000,343,920 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2013/10/25 07:55:59 | 000,091,832 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2013/10/25 07:55:59 | 000,075,704 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2013/10/25 07:55:59 | 000,064,208 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2013/10/25 07:55:59 | 000,043,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2013/10/25 07:55:58 | 000,070,728 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2013/10/25 07:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2013/10/25 07:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2013/10/25 07:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2013/10/24 15:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COMODO
[2013/10/24 15:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
[2013/10/24 15:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Malwarebytes
[2013/10/24 15:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/24 15:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/10/24 15:04:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/10/24 15:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/24 15:02:36 | 000,000,000 | -H-D | C] -- C:\VTRoot
[2013/10/24 14:57:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2013/10/24 14:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
[2013/10/24 14:56:05 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2013/10/24 14:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2013/10/24 14:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[2013/10/24 14:54:42 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013/10/24 14:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\COMODO
[2013/10/24 14:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2013/10/24 14:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2013/10/24 14:51:01 | 199,389,360 | ---- | C] (COMODO) -- C:\Documents and Settings\Fred Youngs\Desktop\cfw_installer.exe
[2013/10/24 12:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2013/10/24 12:34:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/10/24 12:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/10/24 12:10:39 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2013/10/24 12:10:26 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2013/10/24 12:10:25 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2013/10/24 12:09:46 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2013/10/24 12:09:28 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2013/10/24 12:09:02 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2013/10/24 12:08:46 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2013/10/24 12:08:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2013/10/24 12:08:36 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2013/10/24 12:08:10 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2013/10/24 12:08:10 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2013/10/24 12:08:05 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2013/10/24 12:07:16 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2013/10/24 12:07:16 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2013/10/24 12:07:16 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2013/10/24 12:07:04 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/10/24 12:07:04 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/10/24 12:06:59 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2013/10/24 12:06:59 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2013/10/24 12:06:59 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2013/10/24 12:06:59 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2013/10/24 12:05:43 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/10/24 12:05:27 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2013/10/24 12:05:19 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2013/10/24 12:05:13 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2013/10/24 12:04:28 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2013/10/24 12:04:18 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2013/10/24 12:03:33 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2013/10/24 12:02:19 | 002,149,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2013/10/24 12:02:18 | 002,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2013/10/24 12:02:18 | 002,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2013/10/24 12:02:18 | 002,028,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2013/10/24 12:01:53 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2013/10/24 11:59:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2013/10/24 11:47:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2013/10/24 09:13:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/10/24 09:13:36 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/10/24 09:13:35 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/10/24 09:13:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/10/24 09:13:34 | 002,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/10/24 09:13:31 | 011,113,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/10/24 09:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2013/10/24 09:00:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fred Youngs\IECompatCache
[2013/10/24 08:59:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fred Youngs\PrivacIE
[2013/10/24 08:58:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fred Youngs\IETldCache
[2013/10/24 08:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/10/24 08:56:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/10/24 08:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\My Documents\My Downloads
[2013/10/24 08:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2013/10/24 08:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2013/10/24 08:49:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/10/24 08:42:15 | 001,371,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2013/10/24 08:42:15 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2013/10/24 08:42:14 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2013/10/24 08:42:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2013/10/24 08:42:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2013/10/24 08:42:07 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2013/10/24 08:42:05 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2013/10/24 08:42:05 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2013/10/24 08:42:05 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2013/10/24 08:42:05 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2013/10/24 08:42:05 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2013/10/24 08:42:05 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2013/10/24 08:42:05 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2013/10/24 08:42:05 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2013/10/24 08:42:05 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2013/10/24 08:42:05 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2013/10/24 08:42:05 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2013/10/24 08:42:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2013/10/24 08:42:04 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2013/10/24 08:42:04 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2013/10/24 08:42:04 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2013/10/24 08:42:04 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2013/10/24 08:42:04 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2013/10/24 08:42:04 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2013/10/24 08:42:04 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2013/10/24 08:42:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2013/10/24 08:42:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2013/10/24 08:42:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2013/10/24 08:42:03 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2013/10/24 08:42:02 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2013/10/24 08:42:02 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2013/10/24 08:42:02 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2013/10/24 08:42:02 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2013/10/24 08:42:02 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2013/10/24 08:42:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2013/10/24 08:42:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2013/10/24 08:42:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2013/10/24 08:42:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2013/10/24 08:42:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2013/10/24 08:42:01 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2013/10/24 08:42:01 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2013/10/24 08:42:01 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2013/10/24 08:42:01 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2013/10/24 08:42:01 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2013/10/24 08:42:01 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2013/10/24 08:42:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2013/10/24 08:42:01 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2013/10/24 08:42:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2013/10/24 08:42:01 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2013/10/24 08:42:01 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2013/10/24 08:42:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2013/10/24 08:42:01 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2013/10/24 08:42:00 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2013/10/24 08:42:00 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2013/10/24 08:42:00 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2013/10/24 08:42:00 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2013/10/24 08:42:00 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2013/10/24 08:42:00 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2013/10/24 08:42:00 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2013/10/24 08:42:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2013/10/24 08:42:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2013/10/24 08:41:58 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2013/10/24 08:41:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2013/10/24 08:41:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2013/10/24 08:41:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2013/10/24 08:41:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2013/10/24 08:41:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2013/10/24 08:39:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2013/10/24 08:38:15 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2013/10/24 08:38:15 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2013/10/24 08:38:15 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2013/10/24 08:38:15 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2013/10/24 08:38:15 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2013/10/24 08:38:15 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2013/10/24 08:38:15 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2013/10/24 08:38:15 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2013/10/24 08:38:15 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2013/10/24 08:38:15 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2013/10/24 08:38:15 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2013/10/24 08:38:15 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2013/10/24 08:38:15 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2013/10/24 08:38:15 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2013/10/24 08:38:15 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2013/10/24 08:38:15 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2013/10/24 08:38:15 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2013/10/24 08:38:15 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2013/10/24 08:38:15 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2013/10/24 08:38:15 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2013/10/24 08:38:15 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2013/10/24 08:38:15 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2013/10/24 08:38:15 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2013/10/24 08:38:15 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2013/10/24 08:38:15 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2013/10/24 08:38:15 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2013/10/24 08:38:15 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2013/10/24 08:38:15 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2013/10/24 08:38:15 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2013/10/24 08:38:15 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2013/10/24 08:38:15 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2013/10/24 08:38:15 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2013/10/24 08:38:15 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2013/10/24 08:38:15 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2013/10/24 08:38:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2013/10/24 08:38:14 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2013/10/24 08:38:14 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2013/10/24 08:38:14 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2013/10/24 08:38:14 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2013/10/24 08:38:13 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2013/10/24 08:38:13 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2013/10/24 08:38:13 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2013/10/24 08:38:13 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2013/10/24 08:38:13 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2013/10/24 08:38:13 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2013/10/24 08:38:13 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2013/10/24 08:38:13 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2013/10/24 08:38:13 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2013/10/24 08:38:13 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2013/10/24 08:38:13 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2013/10/24 08:38:13 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2013/10/24 08:38:13 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2013/10/24 08:38:13 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2013/10/24 08:38:13 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2013/10/24 08:38:13 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2013/10/24 08:38:13 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2013/10/24 08:38:13 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2013/10/24 08:38:13 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2013/10/24 08:37:21 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2013/10/24 08:35:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013/10/24 08:32:40 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Fred Youngs\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2013/10/23 16:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Macromedia
[2013/10/23 16:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2013/10/23 16:12:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fred Youngs\UserData
[2013/10/23 16:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\McAfee.com Personal Firewall
[2013/10/23 16:10:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft
[2013/10/23 16:10:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fred Youngs\SendTo
[2013/10/23 16:10:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fred Youngs\Recent
[2013/10/23 16:10:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Fred Youngs\Application Data
[2013/10/23 16:10:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred Youngs\My Documents\My Pictures
[2013/10/23 16:10:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred Youngs\My Documents\My Music
[2013/10/23 16:10:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred Youngs\My Documents
[2013/10/23 16:10:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred Youngs\Favorites
[2013/10/23 16:10:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Fred Youngs\Cookies
[2013/10/23 16:10:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fred Youngs\PrintHood
[2013/10/23 16:10:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fred Youngs\NetHood
[2013/10/23 16:10:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings
[2013/10/23 16:10:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Gtek
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\Wildtangent
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Symantec
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Sun
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\Musicmatch
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\Microsoft
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Identities
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Desktop
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Application Data\Corel
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\My Documents\CCWin
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\BVRP Software
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\ApplicationHistory
[2013/10/23 16:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2013/10/23 16:10:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Startup
[2013/10/23 16:10:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred Youngs\Start Menu
[2013/10/23 16:10:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Accessories
[2013/10/23 16:10:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Fred Youngs\Templates
[2013/10/23 16:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Dell Accessories
[2013/10/23 16:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Dell
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/10/25 08:18:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred Youngs\Desktop\OTL.exe
[2013/10/25 08:17:58 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2013/10/25 08:09:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/25 08:09:56 | 1063,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/24 15:15:48 | 000,093,350 | ---- | M] () -- C:\WINDOWS\System32\drivers\fvstore.dat
[2013/10/24 15:13:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/24 15:09:39 | 000,001,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GeekBuddy.lnk
[2013/10/24 15:09:39 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013/10/24 15:08:15 | 000,001,394 | ---- | M] () -- C:\Documents and Settings\Fred Youngs\Desktop\Media Center.lnk
[2013/10/24 15:05:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/24 14:57:21 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2013/10/24 14:57:21 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virtual Comodo Dragon.lnk
[2013/10/24 14:57:21 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shared Space.lnk
[2013/10/24 14:56:25 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\WINDOWS\System32\certsentry.dll
[2013/10/24 14:56:06 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2013/10/24 14:54:49 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2013/10/24 13:05:09 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/24 12:50:39 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/24 12:50:39 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/24 12:46:28 | 000,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/24 11:04:07 | 000,275,181 | ---- | M] () -- C:\Documents and Settings\Fred Youngs\Desktop\WindowsUpdateDiagnostic.diagcab
[2013/10/24 09:13:26 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2013/10/24 08:58:38 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/10/24 08:51:06 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2013/10/24 08:38:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/10/24 08:32:05 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2013/10/23 16:56:10 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Fred Youngs\Desktop\WindowsXP-KB936929-SP3-x86-ENU.exe
[2013/10/23 16:27:49 | 000,034,400 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2013/10/23 16:10:39 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Fred Youngs\Desktop\Windows Media Player.lnk
[2013/10/23 16:10:38 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2013/10/23 16:10:19 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2013/10/23 16:10:15 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2013/10/23 16:02:25 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2013/10/23 10:42:18 | 199,389,360 | ---- | M] (COMODO) -- C:\Documents and Settings\Fred Youngs\Desktop\cfw_installer.exe
[2013/10/04 04:15:06 | 000,014,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\hmd.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/10/25 07:52:12 | 102,199,296 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Desktop\McAfee87i.exe
[2013/10/24 15:05:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/24 15:02:37 | 000,093,350 | ---- | C] () -- C:\WINDOWS\System32\drivers\fvstore.dat
[2013/10/24 14:58:44 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2013/10/24 14:57:21 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2013/10/24 14:57:21 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virtual Comodo Dragon.lnk
[2013/10/24 14:57:21 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shared Space.lnk
[2013/10/24 14:55:02 | 000,001,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GeekBuddy.lnk
[2013/10/24 14:55:02 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013/10/24 14:54:49 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comodo Dragon.lnk
[2013/10/24 13:04:24 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013/10/24 12:01:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/10/24 12:01:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2013/10/24 11:04:02 | 000,275,181 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Desktop\WindowsUpdateDiagnostic.diagcab
[2013/10/24 08:55:33 | 000,002,353 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2013/10/24 08:38:15 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2013/10/24 08:38:14 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2013/10/24 08:38:13 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2013/10/24 08:32:05 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2013/10/23 16:10:39 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Desktop\Windows Media Player.lnk
[2013/10/23 16:10:34 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2013/10/23 16:10:34 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk
[2013/10/23 16:10:34 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2013/10/23 16:10:34 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2013/10/23 16:10:34 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/10/23 16:10:34 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2013/10/23 16:10:34 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2013/10/23 16:10:34 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/10/23 16:10:33 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Remote Assistance.lnk
[2013/10/23 16:10:33 | 000,001,394 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Desktop\Media Center.lnk
[2013/10/23 16:10:33 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Internet Explorer.lnk
[2013/10/23 16:10:33 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Windows Media Player.lnk
[2013/10/23 16:10:33 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Start Menu\Programs\Outlook Express.lnk
[2013/10/23 16:10:33 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Fred Youngs\Local Settings\Application Data\fusioncache.dat
[2013/10/23 16:02:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2013/10/04 04:15:06 | 000,014,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\hmd.sys
========== ZeroAccess Check ==========
[2005/08/16 04:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2013/10/24 14:57:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2006/05/04 15:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
========== Purity Check ==========
< End of report >
Here is the extras log
OTL Extras logfile created on: 10/25/2013 8:19:19 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Fred Youngs\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1014.07 Mb Total Physical Memory | 456.96 Mb Available Physical Memory | 45.06% Memory free
2.38 Gb Paging File | 1.82 Gb Available in Paging File | 76.26% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.21 Gb Total Space | 37.70 Gb Free Space | 73.62% Space Free | Partition Type: NTFS
Drive D: | 18.60 Gb Total Space | 3.16 Gb Free Space | 16.96% Space Free | Partition Type: NTFS
Computer Name: FMYOFFICE | User Name: Fred Youngs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\Temp\CMC_DRAGON\restart_helper.exe" = C:\WINDOWS\Temp\CMC_DRAGON\restart_helper.exe:*:Enabled:restart_helper.exe -- (Comodo Security Solutions, Inc.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40F962CF-3C1E-44EB-A319-5590BEEB90CF}" = COMODO Firewall
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}" = GeekBuddy
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Comodo Dragon" = Comodo Dragon
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/23/2013 4:37:03 PM | Computer Name = FMYOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/23/2013 4:37:04 PM | Computer Name = FMYOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/23/2013 4:37:05 PM | Computer Name = FMYOFFICE | Source = Application Hang | ID = 1001
Description = Fault bucket 126637809.
Error - 10/23/2013 4:44:13 PM | Computer Name = FMYOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/23/2013 4:49:20 PM | Computer Name = FMYOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/23/2013 4:49:52 PM | Computer Name = FMYOFFICE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2802, fault address 0x000719e8.
Error - 10/23/2013 4:50:08 PM | Computer Name = FMYOFFICE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2802, fault address 0x000719e8.
Error - 10/23/2013 4:52:21 PM | Computer Name = FMYOFFICE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/23/2013 4:54:53 PM | Computer Name = FMYOFFICE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2802, fault address 0x000719e8.
< End of report >
Let me know what comes next. Thanks,
fmy321
Hi fmy321 ,
The logs look good. How does the computer seem to be running?
Hi OCD,
Start up was quite fast right after the re-install. Start up is slower now that I have loaded Comodo and McAfee, but not really any different than before the infection. I also haven't loaded Microsoft Office yet, but I don't expect to have any problems with it.
Is there anything else I should check?
fmy321
Hi fmy321,
1014.07 Mb Total Physical Memory | 456.96 Mb Available Physical Memory | 45.06% Memory freeThis line from your log suggests you are running with a limited amount of resources by today's standards. This might be causing a bit of the slowness you are experiencing.
Adding the remainder of your software shouldn't pose any problems.
Is there anything else I should check?I can't think of anything. Do you have any other questions? If not, I will leave the thread open for a few more days should the need arise, after which I will close it. Otherwise you are good to go.
Hi OCD,
The system is getting pretty old. However, it looks like I can add another Gb of memory, so maybe that is what I should do until I decide to upgrade the whole thing.
Thanks so much for all the help you provided. I really appreciate all the time you took to solve my problem.
Thanks again,
fmy321
Hi fmy321,
You're very welcome. Glad I was able to help. :bigthumb: Have a great day.
Since this issue appears to be resolved ... this Topic will be closed.