Page 1 of 4 1234 LastLast
Results 1 to 10 of 34

Thread: Infection???? Help needed

  1. #1
    Guest
    Join Date
    May 2011
    Posts
    57

    Default Infection???? Help needed

    after a fixed infection of xp security, the windows security alert red shiel is always in the system tray even if automatic updates is on an the firewall is on. th computer is slow and if you don't touch him every minute or so he goes in black screen and nothing works after that. to be able to use him you have to force hi to shutdown and restart...
    can't run spybot because after a little whie the computer goes in black screen.
    is the computer infected? if yes can we fix it?
    here the DDS log

    oups I forgot the log and the attachment...

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Owner at 22:37:12.96 on Mon 05/09/2011
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_25
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.542 [GMT -4:00]
    .
    AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\3d9ghmci.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    FF - Ext: AutoPager: - %profile%\extensions\autopager@mozilla.org
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: Java Quick Starter: - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-1-24 31816]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-9-22 54760]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-9-2 103744]
    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-1-24 144704]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-1-24 54608]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
    R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2011-4-2 72936]
    R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2011-4-2 33960]
    R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2011-4-2 171400]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-9-22 30576]
    .
    =============== Created Last 30 ================
    .
    2011-05-10 01:05:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-10 01:05:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2011-04-20 08:32:53 -------- d-----w- C:\divx
    2011-04-16 06:16:54 -------- d-----w- c:\docume~1\owner\applic~1\AnvSoft
    2011-04-16 05:42:19 -------- d-----w- c:\docume~1\owner\applic~1\Youtube Downloader HD
    .
    ==================== Find3M ====================
    .
    2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-14 06:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    .
    ============= FINISH: 22:38:18.65 ===============
    Last edited by tashi; 2011-05-10 at 06:36. Reason: Merged two posts

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    HI


    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    malwarebyte is already on the computer. I tried to update but I have an error message: PROGRAM_ERROR_UPDATING (12029,0,WinHttpSendRequest)
    I am performing a quick scan, even if I can't update...

  4. #4
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    malwarebyte log (remember, I can't update...)
    and in attachment a picture discribing the red shield (windows security alert) in the sytem tray

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6507

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    5/10/2011 9:09:43 PM
    mbam-log-2011-05-10 (21-09-43).txt

    Scan type: Quick scan
    Objects scanned: 161182
    Time elapsed: 12 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  5. #5
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    Here is a log of malware byte in march (when I suspected the computer to be infected) the bad files are still in the quarantine of malware byte

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6273

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    3/9/2011 7:03:32 PM
    mbam-log-2011-03-09 (19-03-32).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 246594
    Time elapsed: 2 hour(s), 13 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 5
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Owner\Local Settings\Application Data\xab.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\Owner\local settings\Temp\0.15814519441371833.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\documents and settings\Owner\local settings\Temp\0.7980388780355354.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

  6. #6
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    I finaly succed in updating malwarebyt after disabling the antivirus (McAfee)
    here is the log after the update

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6551

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    5/10/2011 9:45:09 PM
    mbam-log-2011-05-10 (21-45-09).txt

    Scan type: Quick scan
    Objects scanned: 161877
    Time elapsed: 7 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  7. #7
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Run this scanner and lets take a look

    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    OTL.txt log

    OTL logfile created on: 5/11/2011 5:00:04 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 686.00 Mb Available Physical Memory | 67.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 25.37 Gb Free Space | 34.05% Space Free | Partition Type: NTFS

    Computer Name: CANADA-2A41275B | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
    PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (HidServ) -- File not found
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
    SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
    SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
    SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


    ========== Driver Services (SafeList) ==========

    DRV - (MSHUSBVideo) -- C:\WINDOWS\system32\drivers\nx6000.sys (Microsoft Corporation)
    DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
    DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
    DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
    DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
    DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
    DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
    DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
    DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
    DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
    DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
    DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSFHWATI) -- C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
    DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

    IE - HKU\S-1-5-21-1844237615-436374069-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1844237615-436374069-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.4
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/28 22:35:21 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/28 22:35:21 | 000,000,000 | ---D | M]

    [2010/09/03 00:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2011/05/10 16:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3d9ghmci.default\extensions
    [2010/10/29 21:52:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3d9ghmci.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/05/09 15:54:35 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3d9ghmci.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/02/04 22:21:29 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3d9ghmci.default\extensions\autopager@mozilla.org
    [2011/05/10 16:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/05/04 15:24:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    [2010/09/07 17:20:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
    O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1844237615-436374069-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn...Detection2.cab (GMNRev Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/09/02 14:42:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{a623dc24-ba05-11df-9e5c-0014a5b00b85}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a623dc24-ba05-11df-9e5c-0014a5b00b85}\Shell\AutoRun\command - "" = IZUVAS\\\\izcipica.exe
    O33 - MountPoints2\{a623dc24-ba05-11df-9e5c-0014a5b00b85}\Shell\explore\command - "" = IZUVAS\\\\\izcipica.exe
    O33 - MountPoints2\{a623dc24-ba05-11df-9e5c-0014a5b00b85}\Shell\open\command - "" = IZUVAS\\\\\izcipica.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-1844237615-436374069-1801674531-1003..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-1844237615-436374069-1801674531-1003\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/11 04:57:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2011/05/09 21:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
    [2011/05/09 21:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/05/09 21:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2011/05/09 20:54:03 | 000,712,192 | ---- | C] (Claude Dekokčre) -- C:\Documents and Settings\Owner\Desktop\captimag_captimag_3.7.3_francais_anglais_124710.exe
    [2011/05/08 18:04:26 | 020,526,976 | ---- | C] (InstallShield Software Corporation) -- C:\Documents and Settings\Owner\Desktop\Install PagePlus SE.exe
    [2011/05/08 17:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\petit chauffeur
    [2011/05/04 15:24:19 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/05/04 15:24:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/05/04 15:24:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/05/04 15:17:06 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
    [2011/04/20 22:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\i can hear the sea
    [2011/04/20 18:33:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\AVIAddXSubs
    [2011/04/20 04:32:53 | 000,000,000 | ---D | C] -- C:\divx
    [2011/04/20 02:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GHIBLI MOVIES
    [2011/04/18 18:36:14 | 000,201,728 | ---- | C] (Freebyte.com) -- C:\Documents and Settings\Owner\Desktop\hjsplit.exe
    [2011/04/18 18:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\'sub converter
    [2011/04/16 02:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Any Video Converter
    [2011/04/16 02:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AnvSoft
    [2011/04/16 01:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Youtube Downloader HD
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/05/11 04:57:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2011/05/11 04:49:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/05/11 04:49:47 | 1071,894,528 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/10 15:24:53 | 001,655,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/05/09 22:41:23 | 000,008,570 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
    [2011/05/09 22:35:20 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2011/05/09 22:03:10 | 000,009,997 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1.jpg
    [2011/05/09 21:05:46 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
    [2011/05/09 20:52:35 | 000,712,192 | ---- | M] (Claude Dekokčre) -- C:\Documents and Settings\Owner\Desktop\captimag_captimag_3.7.3_francais_anglais_124710.exe
    [2011/05/05 16:35:57 | 000,023,227 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Resume- King_Kathleen.odt
    [2011/05/05 16:21:07 | 000,093,265 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kathleen King Resume_Summer Animator.pdf
    [2011/05/05 16:18:47 | 000,032,122 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kathleen King Cover Letter_Summer Animator.pdf
    [2011/05/05 16:12:51 | 000,093,213 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kathleen King_Resume_Summer Animator.pdf
    [2011/05/05 02:43:08 | 000,014,916 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\maison transistionnelle cover letter.pdf
    [2011/05/05 02:40:03 | 000,078,082 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Resume- King_Kathleen.pdf
    [2011/05/05 01:42:25 | 000,013,996 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\maison transistionnelle cover letter.pdf
    [2011/05/04 18:21:57 | 000,444,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/05/04 18:21:57 | 000,072,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/05/03 23:08:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
    [2011/04/27 23:36:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/04/21 03:03:16 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/21 02:33:56 | 602,230,978 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\I Can Hear The Sea.divx
    [2011/04/20 14:58:25 | 000,026,369 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CDK FINAL REFLECTION PAPER.odt
    [2011/04/20 14:57:05 | 000,024,412 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CDK quotes.odt
    [2011/04/19 03:56:07 | 000,103,028 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ocean.srt
    [2011/04/18 03:23:57 | 000,022,312 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RESUME for life stories 2.odt
    [2011/04/17 15:21:07 | 000,069,017 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RESUME for life stories 2.pdf
    [2011/04/15 21:24:48 | 000,119,162 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Kathleen King_9203788_LEGAL SYSTEMS FINAL EXAM.pdf
    [2011/04/15 21:24:03 | 000,025,998 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Kathleen King_9203788_LEGAL SYSTEMS FINAL EXAM.odt
    [2011/04/15 00:41:52 | 000,132,981 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Kathleen King_Imperialism Final Paper_9203788.pdf
    [2011/04/15 00:41:12 | 000,038,892 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kathleen King_ imperialism Today FINAL PAPER.odt
    [2011/04/14 23:30:38 | 000,036,065 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\franceafrique quotes.odt
    [2011/04/14 11:53:15 | 000,028,492 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\after 1990.odt
    [2011/04/14 05:08:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2011/04/14 05:08:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2011/04/14 05:08:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2011/04/14 05:07:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
    [2011/04/14 03:09:27 | 001,378,557 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\french africa.pdf
    [2011/04/14 02:57:53 | 000,032,940 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\referenceformat.pdf
    [2011/04/14 02:40:22 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2011/04/13 01:21:13 | 000,021,581 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RESUME for Life Stories Montreal.odt
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/05/09 22:41:23 | 000,008,570 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
    [2011/05/09 22:35:19 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
    [2011/05/09 22:03:10 | 000,009,997 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1.jpg
    [2011/05/09 21:05:46 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
    [2011/05/05 16:12:51 | 000,093,213 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kathleen King_Resume_Summer Animator.pdf
    [2011/05/05 16:07:26 | 000,093,265 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kathleen King Resume_Summer Animator.pdf
    [2011/05/05 15:49:00 | 000,032,122 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kathleen King Cover Letter_Summer Animator.pdf
    [2011/05/05 02:43:08 | 000,014,916 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\maison transistionnelle cover letter.pdf
    [2011/05/05 02:42:41 | 000,023,227 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Resume- King_Kathleen.odt
    [2011/05/05 02:40:02 | 000,078,082 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Resume- King_Kathleen.pdf
    [2011/05/05 01:42:23 | 000,013,996 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\maison transistionnelle cover letter.pdf
    [2011/04/21 02:29:59 | 602,230,978 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\I Can Hear The Sea.divx
    [2011/04/20 18:30:44 | 000,103,028 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ocean.srt
    [2011/04/20 01:42:42 | 000,026,369 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CDK FINAL REFLECTION PAPER.odt
    [2011/04/19 03:52:49 | 000,024,412 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\CDK quotes.odt
    [2011/04/17 15:21:07 | 000,069,017 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RESUME for life stories 2.pdf
    [2011/04/16 18:53:45 | 000,022,312 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RESUME for life stories 2.odt
    [2011/04/15 21:24:47 | 000,119,162 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Kathleen King_9203788_LEGAL SYSTEMS FINAL EXAM.pdf
    [2011/04/15 00:41:50 | 000,132,981 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Kathleen King_Imperialism Final Paper_9203788.pdf
    [2011/04/14 10:13:17 | 000,028,492 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\after 1990.odt
    [2011/04/14 03:09:27 | 001,378,557 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\french africa.pdf
    [2011/04/14 02:57:53 | 000,032,940 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\referenceformat.pdf
    [2011/04/13 23:56:04 | 000,038,892 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kathleen King_ imperialism Today FINAL PAPER.odt
    [2011/04/13 01:21:12 | 000,021,581 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RESUME for Life Stories Montreal.odt
    [2011/04/12 16:36:16 | 000,036,065 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\franceafrique quotes.odt
    [2011/04/02 13:16:48 | 000,010,338 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jcl665ep0rnlp562hps
    [2011/03/09 13:50:30 | 000,010,810 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\178748ryx4
    [2011/03/09 13:50:30 | 000,010,810 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\178748ryx4
    [2010/10/06 12:19:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/09/22 14:34:51 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
    [2010/09/22 13:41:21 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
    [2010/09/22 13:34:20 | 000,118,641 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
    [2010/09/06 18:30:48 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/05 17:20:43 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
    [2010/09/03 00:11:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/09/02 21:02:14 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
    [2010/09/02 14:50:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/09/02 14:38:34 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/09/02 10:32:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2010/09/02 10:27:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/09/02 10:21:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2010/09/02 10:13:45 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
    [2010/09/02 10:13:45 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
    [2010/09/02 10:13:44 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
    [2010/09/02 10:13:44 | 000,112,794 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2010/09/02 10:12:34 | 001,655,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2008/04/14 08:00:00 | 000,444,928 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2008/04/14 08:00:00 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\inetpp.dll
    [2008/04/14 08:00:00 | 000,072,654 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2008/04/14 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2006/03/09 13:28:40 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
    [2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2011/04/16 02:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AnvSoft
    [2011/04/29 20:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Audacity
    [2010/09/22 14:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
    [2010/09/11 22:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
    [2011/04/05 14:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VSRevoGroup
    [2011/05/04 15:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Youtube Downloader HD

    ========== Purity Check ==========



    < End of report >

  9. #9
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    Extras.txt

    OTL Extras logfile created on: 5/11/2011 5:00:04 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,022.00 Mb Total Physical Memory | 686.00 Mb Available Physical Memory | 67.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 25.37 Gb Free Space | 34.05% Space Free | Partition Type: NTFS

    Computer Name: CANADA-2A41275B | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1844237615-436374069-1801674531-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe
    "C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe
    "C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 25
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
    "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
    "{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
    "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
    "{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EA26E0C2-B84E-4E6F-966D-E696F14FD4C7}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}" = HP Photosmart and Deskjet 7.0.A
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
    "{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = TIPCI
    "{AE84E7FF-4DEC-48EC-BBA9-9A808E48DF8E}_is1" = Free MP3 Recorder 1.0
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
    "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
    "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
    "{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
    "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
    "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
    "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
    "Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
    "Audacity_is1" = Audacity 1.2.6
    "CNXT_AUDIO" = Conexant AC-Link Audio
    "CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
    "DivX Setup.divx.com" = DivX Setup
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "HP Document Viewer" = HP Document Viewer 7.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Revo Uninstaller" = Revo Uninstaller 1.83
    "VLC media player" = VLC media player 1.1.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/11/2011 1:27:52 AM | Computer Name = CANADA-2A41275B | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 5/11/2011 1:27:52 AM | Computer Name = CANADA-2A41275B | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 5/11/2011 3:03:53 AM | Computer Name = CANADA-2A41275B | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 5/11/2011 3:03:53 AM | Computer Name = CANADA-2A41275B | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 5/11/2011 3:18:52 AM | Computer Name = CANADA-2A41275B | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 5/11/2011 3:18:52 AM | Computer Name = CANADA-2A41275B | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 5/11/2011 4:50:01 AM | Computer Name = CANADA-2A41275B | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 5/11/2011 4:50:01 AM | Computer Name = CANADA-2A41275B | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 5/11/2011 4:50:01 AM | Computer Name = CANADA-2A41275B | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 5/11/2011 4:50:01 AM | Computer Name = CANADA-2A41275B | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    [ OSession Events ]
    Error - 3/12/2011 11:17:17 PM | Computer Name = CANADA-2A41275B | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 5/7/2011 3:25:51 AM | Computer Name = CANADA-2A41275B | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 5/7/2011 4:07:11 PM | Computer Name = CANADA-2A41275B | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 5/7/2011 4:08:05 PM | Computer Name = CANADA-2A41275B | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
    Service service to connect.

    Error - 5/7/2011 4:08:05 PM | Computer Name = CANADA-2A41275B | Source = Service Control Manager | ID = 7000
    Description = The IMAPI CD-Burning COM Service service failed to start due to the
    following error: %%1053

    Error - 5/7/2011 4:08:58 PM | Computer Name = CANADA-2A41275B | Source = Service Control Manager | ID = 7023
    Description = The Security Center service terminated with the following error: %%16389

    Error - 5/7/2011 7:41:07 PM | Computer Name = CANADA-2A41275B | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 5/7/2011 7:42:00 PM | Computer Name = CANADA-2A41275B | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
    Service service to connect.

    Error - 5/7/2011 7:42:00 PM | Computer Name = CANADA-2A41275B | Source = Service Control Manager | ID = 7000
    Description = The IMAPI CD-Burning COM Service service failed to start due to the
    following error: %%1053

    Error - 5/8/2011 5:34:32 PM | Computer Name = CANADA-2A41275B | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.

    Error - 5/8/2011 6:10:35 PM | Computer Name = CANADA-2A41275B | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\D, has a bad block.


    < End of report >

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Looks like your Flash drive may have some bad stuff on it

    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :processes
      killallprocesses
      
      :OTL
      O33 - MountPoints2\{a623dc24-ba05-11df-9e5c-0014a5b00b85}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{a623dc24-ba05-11df-9e5c-0014a5b00b85}\Shell\AutoRun\command - "" = IZUVAS\\\\izcipica.exe
      O33 - MountPoints2\{a623dc24-ba05-11df-9e5c-0014a5b00b85}\Shell\explore\command - "" = IZUVAS\\\\\izcipica.exe
      O33 - MountPoints2\{a623dc24-ba05-11df-9e5c-0014a5b00b85}\Shell\open\command - "" = IZUVAS\\\\\izcipica.exe
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /release /c
      ipconfig /renew /c
      ipconfig /flushdns /c
      
      
      
      
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces.
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )



    Then let me know how things are running now ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •