IE not working/Networking disabled

**loopdiloop** · 2011-11-23, 15:27

hi ken
there do not seem to be any unwanted pop ups or browser redirects...

so i ran the esat scan but somewhere around 60% complete the scan stopped (i may have hit a key accidentally), so i saved the log as the following file "threats" below, but i did notice that it had identified 2 baddies.

so i asked my wife to follow your instructions when i went to work but she informed me that it stopped at 91%. So when i got home i ran it again, but this time it appears to have found only one baddie and unfortunately decided to clean it (i didn't see an option not to do this).

Below are the results of the two logs:

"threats"

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Program Files\Yontoo Layers\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting (after the next restart) - quarantined

second scan "cleaned files"

C:\System Volume Information\_restore{E05B5124-1BB6-4283-8120-E9F83827104B}\RP298\A0053346.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

please let me know if i should do anything else, thanks Ken

Looopy

**ken545** · 2011-11-23, 18:05

Great, one of those bad files was in your System Restore program, there could be more we cant see so lets create a new Restore Point and then flush out all the older Restore Points

System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.

Then remove all previous Restore Points

Click Start > Run > copy and paste the following into the run box:

cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

If everything is ok let me know ???

**loopdiloop** · 2011-11-24, 04:37

ken

if i reset the system restore point, will it impact what i did regarding networking with Paws???

chris

**ken545** · 2011-11-24, 11:01

Hello Chris,

No it will not, System Restore just makes backups of your system at various times, it doesn't change any configurations, if you where to use System Restore to restore your system for one problem or another right now and restored it prior to working with Paws, you would most be restoring it when you had no internet and the computer was infected, so its best to remove all those old restore points, by creating a new one that is current, lets say a month from now you lost your internet and used System Restore to restore your system to the restore point you just created, you most likely would have your internet back along with a clean system, let me know if you understand what I am saying, I tend to get long winded at times

**loopdiloop** · 2011-11-24, 17:07

Thanks Ken

I get it now re: system restore. I guess i thought we were going back to an old point versus creating a new one.

So performed those tasks and everything went smoothly.

Anything else at this point?

Happy Thanksgiving today!

loopy

**ken545** · 2011-11-24, 17:24

Happy Thanksgiving to you and your family as well.

Unless you feel you still have problems it looks like your good to go

Run one last scan and post the log and let me take one final look

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**loopdiloop** · 2011-11-24, 21:47

hi ken

attached are the results of the two logs:

OTL logfile created on: 11/24/2011 12:35:40 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Erin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.36 Mb Total Physical Memory | 365.90 Mb Available Physical Memory | 49.76% Memory free
1.01 Gb Paging File | 0.67 Gb Available in Paging File | 66.14% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 9.64 Gb Free Space | 25.87% Space Free | Partition Type: NTFS

Computer Name: YOUR-Q6JOWRUUYS | User Name: Erin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Erin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe ( )

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()

========== Win32 Services (SafeList) ==========

SRV - (NWDLS) -- File not found
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (NETGEAR_WPN511_SERVICE) -- C:\WINDOWS\system32\drivers\wpn511.sys (Atheros Communications, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (AWINDIS5) -- C:\WINDOWS\system32\AWINDIS5.SYS (AMBIT Microsystems Corporation.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1513105341-27737385-3618171261-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1513105341-27737385-3618171261-1005\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1513105341-27737385-3618171261-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1513105341-27737385-3618171261-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/22 09:19:53 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/11/17 21:26:41 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1513105341-27737385-3618171261-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1513105341-27737385-3618171261-1005\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1513105341-27737385-3618171261-1005\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [AS00_WPN511] C:\Program Files\NETGEAR\WPN511\Utility\WPN511.exe ( )
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1513105341-27737385-3618171261-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1513105341-27737385-3618171261-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1513105341-27737385-3618171261-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1513105341-27737385-3618171261-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe ()
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67582A72-0B90-4741-B5CC-507C055E0852}: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Erin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Erin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/09/30 16:39:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2271299e-c35a-11df-9f94-00223f355719}\Shell - "" = AutoRun
O33 - MountPoints2\{2271299e-c35a-11df-9f94-00223f355719}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2271299e-c35a-11df-9f94-00223f355719}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL FileConverter.exe
O33 - MountPoints2\{2271299e-c35a-11df-9f94-00223f355719}\Shell\setup\command - "" = E:\FileConverter.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/24 12:33:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Erin\Desktop\OTL.exe
[2011/11/22 07:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/21 17:41:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2011/11/17 21:26:26 | 001,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Erin\Desktop\winsockxpfix.exe
[2011/11/16 21:21:07 | 000,000,000 | ---D | C] -- C:\HostsXpert
[2011/11/15 20:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/15 20:26:51 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/15 20:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/15 20:19:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Erin\Desktop\TFC.exe
[2011/11/15 20:19:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Erin\Desktop\aswMBR.exe
[2011/11/15 20:19:02 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Erin\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/15 20:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/11/12 15:42:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Erin\My Documents\My Videos
[2011/11/12 15:42:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/11/12 15:42:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Erin\Start Menu\Programs\Administrative Tools
[2011/11/12 15:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/12 15:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/11/12 15:30:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Erin\Recent
[2011/11/12 15:17:23 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Erin\Desktop\dds.scr
[2011/11/12 15:17:18 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Erin\Desktop\erunt-setup.exe
[2010/05/21 16:58:35 | 000,221,184 | ---- | C] ( ) -- C:\WINDOWS\InstallDialog.exe
[2010/05/21 16:58:34 | 000,221,184 | ---- | C] ( ) -- C:\WINDOWS\UninstallDialog.exe

========== Files - Modified Within 30 Days ==========

[2011/11/24 12:33:51 | 110,621,363 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/24 12:32:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erin\Desktop\OTL.exe
[2011/11/24 12:26:23 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\PC Optimizer Pro startups.job
[2011/11/24 12:26:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/24 12:26:14 | 771,149,824 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/24 08:08:57 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/22 17:42:27 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/11/22 09:19:55 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/21 18:08:31 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/21 17:37:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/17 21:26:41 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/17 21:23:38 | 001,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Erin\Desktop\winsockxpfix.exe
[2011/11/16 21:26:24 | 000,000,698 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2011/11/16 21:16:00 | 000,003,908 | ---- | M] () -- C:\Documents and Settings\Erin\Desktop\all
[2011/11/16 07:21:48 | 000,357,766 | ---- | M] () -- C:\Documents and Settings\Erin\Desktop\HostsXpert.zip
[2011/11/15 20:26:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/15 07:16:32 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Erin\Desktop\aswMBR.exe
[2011/11/15 07:15:34 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Erin\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/15 07:12:28 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erin\Desktop\TFC.exe
[2011/11/12 15:46:53 | 000,003,809 | ---- | M] () -- C:\Documents and Settings\Erin\Desktop\attach.zip
[2011/11/12 15:41:07 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Erin\Desktop\ERUNT.lnk
[2011/11/12 08:36:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Erin\Desktop\dds.scr
[2011/11/12 08:34:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Erin\Desktop\erunt-setup.exe
[2011/11/07 13:03:01 | 000,315,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 13:03:01 | 000,041,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/11/21 18:08:27 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/20 15:12:00 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/11/16 21:15:59 | 000,003,908 | ---- | C] () -- C:\Documents and Settings\Erin\Desktop\all
[2011/11/16 21:14:28 | 000,357,766 | ---- | C] () -- C:\Documents and Settings\Erin\Desktop\HostsXpert.zip
[2011/11/15 20:26:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/12 15:46:53 | 000,003,809 | ---- | C] () -- C:\Documents and Settings\Erin\Desktop\attach.zip
[2011/11/12 15:41:07 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Erin\Desktop\ERUNT.lnk
[2011/01/24 22:32:58 | 000,024,448 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/17 17:50:28 | 000,112,885 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010/06/17 17:50:28 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/05/21 16:59:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\kill.dll
[2009/06/21 16:35:45 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2009/06/07 15:05:41 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Erin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/04 19:36:38 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2009/05/31 16:40:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/05/31 14:31:20 | 000,155,745 | ---- | C] () -- C:\WINDOWS\System32\installservice.exe
[2009/05/17 10:34:29 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/05/17 10:34:19 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/03/16 13:56:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Hybrid Chords
[2009/03/16 13:56:14 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Erin\Application Data\HomePageService
[2009/03/16 13:56:14 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/03/08 18:45:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/01 18:03:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/30 17:35:39 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/30 17:05:42 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/09/30 17:05:03 | 000,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2003/09/30 17:04:56 | 000,010,047 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2003/09/30 16:55:00 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/09/30 16:41:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/09/30 16:35:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/09/30 16:25:12 | 000,001,022 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/09/30 16:25:12 | 000,000,454 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/09/30 16:24:35 | 000,315,076 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/09/30 16:24:35 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/09/30 16:24:35 | 000,041,238 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/09/30 16:24:35 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/09/30 16:24:33 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/09/30 16:24:32 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/09/30 16:24:29 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/09/30 16:24:22 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/09/30 16:24:22 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/09/30 16:24:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/09/30 16:23:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/09/30 09:30:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/30 09:29:16 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/11/20 15:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/23 13:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/04/17 21:25:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/03/16 13:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/03/21 19:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/11/24 12:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/03/16 13:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/03/16 13:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pick Bass
[2011/07/05 20:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/09/23 12:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/03/16 13:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/01/02 21:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/15 20:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2003/09/30 17:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2011/09/23 13:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\AVG Secure Search
[2011/09/23 13:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\AVG2012
[2011/03/29 19:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/22 12:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\com.Shutterfly.ExpressUploader
[2010/02/21 20:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\Elluminate
[2011/11/15 16:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\Image Zone Express
[2011/10/01 22:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\Inbox Toolbar
[2003/09/30 17:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\InterTrust
[2010/12/27 20:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\Nikon
[2009/09/25 21:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Erin\Application Data\Viewpoint
[2011/11/24 12:26:23 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\PC Optimizer Pro startups.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 2628 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc

< End of report >

OTL Extras logfile created on: 11/24/2011 12:35:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Erin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.36 Mb Total Physical Memory | 365.90 Mb Available Physical Memory | 49.76% Memory free
1.01 Gb Paging File | 0.67 Gb Available in Paging File | 66.14% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 9.64 Gb Free Space | 25.87% Space Free | Partition Type: NTFS

Computer Name: YOUR-Q6JOWRUUYS | User Name: Erin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01F9D88C-3C86-4E82-840A-101A3221F67A}" = Microsoft Money 2003
"{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0D03E0AF-A6D1-407A-AAF5-5B429D271EC5}" = LeapFrog MyOwnLeaptop Plugin
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41F4B3D2-3CC8-41B5-99B8-3A9C1BCDEA0A}" = AVG 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67A15C5A-67C9-4F7A-B151-0CCE6C008487}" = NETGEAR RangeMax(TM) Wireless PC Card WPN511
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BB77DC4C-B818-4FD4-8D1D-5D3B617B78B4}" = LeapFrog My Pals Plugin
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8D0829C-9C6F-11D3-8080-00C04FA329AA}" = Microsoft Works 6.0
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_2030161F" = SoftK56 Data Fax Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell File Manager" = Dell File Manager
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ICQ" = ICQ
"ie8" = Windows Internet Explorer 8
"LeaptopPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"RealPlayer 6.0" = RealPlayer Basic
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UPCShell" = LeapFrog Connect
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/2/2011 3:04:50 AM | Computer Name = YOUR-Q6JOWRUUYS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/2/2011 3:05:04 AM | Computer Name = YOUR-Q6JOWRUUYS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/2/2011 6:51:19 PM | Computer Name = YOUR-Q6JOWRUUYS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/2/2011 6:51:21 PM | Computer Name = YOUR-Q6JOWRUUYS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/11/2011 12:32:14 PM | Computer Name = YOUR-Q6JOWRUUYS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/11/2011 1:02:36 PM | Computer Name = YOUR-Q6JOWRUUYS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/11/2011 1:23:09 PM | Computer Name = YOUR-Q6JOWRUUYS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/11/2011 1:39:39 PM | Computer Name = YOUR-Q6JOWRUUYS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/15/2011 8:17:31 PM | Computer Name = YOUR-Q6JOWRUUYS | Source = Application Hang | ID = 1002
Description = Hanging application HP_IZE.exe, version 1.5.1.29, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2011 7:09:50 PM | Computer Name = YOUR-Q6JOWRUUYS | Source = MsiInstaller | ID = 11704
Description = Product: Adobe Reader 9.3.3 -- Error 1704.An installation for AVG
2012 is currently suspended. You must undo the changes made by that installation
to continue. Do you want to undo those changes?

[ System Events ]
Error - 11/22/2011 10:44:27 AM | Computer Name = YOUR-Q6JOWRUUYS | Source = Service Control Manager | ID = 7000
Description = The Netgear Wireless Domain Login Service service failed to start
due to the following error: %%2

Error - 11/22/2011 10:45:49 AM | Computer Name = YOUR-Q6JOWRUUYS | Source = Service Control Manager | ID = 7022
Description = The IPv6 Helper Service service hung on starting.

Error - 11/22/2011 9:39:08 PM | Computer Name = YOUR-Q6JOWRUUYS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 11/22/2011 9:39:41 PM | Computer Name = YOUR-Q6JOWRUUYS | Source = Service Control Manager | ID = 7000
Description = The Netgear Wireless Domain Login Service service failed to start
due to the following error: %%2

Error - 11/22/2011 9:41:15 PM | Computer Name = YOUR-Q6JOWRUUYS | Source = Service Control Manager | ID = 7022
Description = The IPv6 Helper Service service hung on starting.

Error - 11/23/2011 10:06:13 AM | Computer Name = YOUR-Q6JOWRUUYS | Source = Service Control Manager | ID = 7000
Description = The Netgear Wireless Domain Login Service service failed to start
due to the following error: %%2

Error - 11/23/2011 12:49:14 PM | Computer Name = YOUR-Q6JOWRUUYS | Source = Service Control Manager | ID = 7000
Description = The Netgear Wireless Domain Login Service service failed to start
due to the following error: %%2

Error - 11/24/2011 2:10:07 AM | Computer Name = YOUR-Q6JOWRUUYS | Source = Service Control Manager | ID = 7000
Description = The Netgear Wireless Domain Login Service service failed to start
due to the following error: %%2

Error - 11/24/2011 11:40:22 AM | Computer Name = YOUR-Q6JOWRUUYS | Source = Service Control Manager | ID = 7000
Description = The Netgear Wireless Domain Login Service service failed to start
due to the following error: %%2

Error - 11/24/2011 4:26:52 PM | Computer Name = YOUR-Q6JOWRUUYS | Source = Service Control Manager | ID = 7000
Description = The Netgear Wireless Domain Login Service service failed to start
due to the following error: %%2

< End of report >

**ken545** · 2011-11-24, 23:54

Hi,

This is most likely how you messed up your internet connection, read this please
http://softwareindustryreport.com/re...mizer-pro.html

PC Optimizer Pro <--We do not recommend registry cleaners, there really not needed and removing the wrong entry or entries can make your system unbootable, I would uninstall this program via Add Remove Programs in the Control Panel.

It looks like you had Norton installed at one time, lets remove the entry for it along with a infected hosts file entry.

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL
O3 - HKU\S-1-5-21-1513105341-27737385-3618171261-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
[2011/11/16 21:26:24 | 000,000,698 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak


:Services

:Reg

:Files
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.

**loopdiloop** · 2011-11-25, 05:19

Hi Ken

I read that link about PC Optimizer but i couldn't remember that program at all and i certainly know i never paid for a registry cleaner (I know CCleaner is on the machine but it was free). So i went into control panel and sure enough i don't see the program in there.

when we got this laptop from our friend i do recall it had norton but i think i had deleted it since it was out of date, but that was at least 4 years ago. I dont recall seeing the PC Optimizer program at all and don't see it in the add/remove programs files.

so i followed your instructions and below is the result of the log that was posted:

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1513105341-27737385-3618171261-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
C:\WINDOWS\system32\drivers\etc\hosts.bak moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Erin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Erin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Erin
->Temp folder emptied: 38618581 bytes
->Temporary Internet Files folder emptied: 1828945 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1979 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6372922 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 15620552 bytes

Total Files Cleaned = 60.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 11242011_200621

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

**ken545** · 2011-11-25, 09:36

Thats ok about the registry cleaner, it was most likely just a left over entry that I saw.

Looks like your good to go, any issues ?

Thread: IE not working/Networking disabled

Thread Tools

Display

Posting Permissions