[RESOLVED] Delete Mixdj toolbar - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 32

Thread: [RESOLVED] Delete Mixdj toolbar

  1. February 16th, 2013, 03:59 PM #16
    newstar
    newstar is offline Virtual PC Surgeon!
    Join Date
    Aug 2002
    Posts
    1,097
    Farbar Service Scanner Version: 15-02-2013
    Ran by Bobby (administrator) on 16-02-2013 at 14:57:25
    Running from "C:\Documents and Settings\Bobby\Desktop"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll
    [2011-04-03 10:14] - [2008-04-14 07:00] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe
    [2008-04-14 07:00] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


    Extra List:
    =======
    aswFW(11) aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
    0x0B00000005000000010000000200000003000000040000000B000000080000000A000000090000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****
    Reply With Quote Reply With Quote
  2. February 16th, 2013, 06:39 PM #17
    newstar
    newstar is offline Virtual PC Surgeon!
    Join Date
    Aug 2002
    Posts
    1,097
    Broni, following is the log file vreated with the ESET scan:

    D:\Documents and Settings\rpopper\Application Data\Sun\Java\Deployment\cache\6.0\1\60a9d341-7f2c21c7 probably a variant of Win32/TrojanDownloader.Agent.IGYRDAO trojan
    D:\Documents and Settings\rpopper\Application Data\Sun\Java\Deployment\cache\6.0\16\19c3e690-62897b93 a variant of Java/Exploit.Agent.W trojan
    Reply With Quote Reply With Quote
  3. February 16th, 2013, 06:57 PM #18
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.

    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.



    Your computer is clean

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL


    • Under the Custom Scans/Fixes box at the bottom, paste in the following:



    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.



    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:


    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.



    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/

    14. Please, let me know, how your computer is doing.
    My Home Page
    Reply With Quote Reply With Quote
  4. February 17th, 2013, 12:08 PM #19
    newstar
    newstar is offline Virtual PC Surgeon!
    Join Date
    Aug 2002
    Posts
    1,097
    Broni, computer seems to be fine, but I received a message stating that my version of Java is insecure. BTW...when I did a serch on "Java" I received a listing in excess of 150 related files. Does it make any sense to completely remove Java with the Revo uninstaller and then attempt a new installation. (My browser is Firefox 18.0.2). Please advise. Thank you.
    Reply With Quote Reply With Quote
  5. February 17th, 2013, 01:06 PM #20
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Did you run all steps from my previous reply?
    Second steps has instructions for updating Java and deleting old versions.
    My Home Page
    Reply With Quote Reply With Quote
  6. February 17th, 2013, 07:50 PM #21
    newstar
    newstar is offline Virtual PC Surgeon!
    Join Date
    Aug 2002
    Posts
    1,097
    I updated Adobe Flash Player and was certain to UN-check Yes, install McAfee Security Scan Plus. At the next instruction I received the following message: [We are unable to verify if Java is currently installed and enabled in your browser.] I then did a search for "Java" files and came up with more than 150 files containing the key word "Java". I did d/l and run JavaRa and OTL. I did install WOT. I have not (again) run Malwarebytes or TFC; and did not yet do a de-frag. The issue at the moment is that I'm unable to install a current version of Java due to the error message.
    Reply With Quote Reply With Quote
  7. February 17th, 2013, 07:55 PM #22
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Run JavaRa first.

    Then go here: http://www.java.com/en/download/manual.jsp and download manual installer.
    My Home Page
    Reply With Quote Reply With Quote
  8. February 17th, 2013, 08:30 PM #23
    newstar
    newstar is offline Virtual PC Surgeon!
    Join Date
    Aug 2002
    Posts
    1,097
    Ok, Installed Java. Sould I now do the clean up with OTL
    Reply With Quote Reply With Quote
  9. February 17th, 2013, 09:33 PM #24
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Go ahead.
    My Home Page
    Reply With Quote Reply With Quote
  10. February 17th, 2013, 10:08 PM #25
    newstar
    newstar is offline Virtual PC Surgeon!
    Join Date
    Aug 2002
    Posts
    1,097
    OTL logfile created on: 2/17/2013 8:55:10 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bobby\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.12 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 72.67% Memory free
    4.96 Gb Paging File | 4.30 Gb Available in Paging File | 86.73% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 78.00 Gb Total Space | 51.14 Gb Free Space | 65.56% Space Free | Partition Type: NTFS
    Drive D: | 78.13 Gb Total Space | 32.59 Gb Free Space | 41.72% Space Free | Partition Type: NTFS
    Drive E: | 49.26 Gb Total Space | 40.75 Gb Free Space | 82.73% Space Free | Partition Type: NTFS
    Drive F: | 48.83 Gb Total Space | 34.92 Gb Free Space | 71.50% Space Free | Partition Type: NTFS
    Drive G: | 59.47 Gb Total Space | 21.98 Gb Free Space | 36.95% Space Free | Partition Type: NTFS
    Drive K: | 59.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive M: | 62.54 Gb Total Space | 23.48 Gb Free Space | 37.54% Space Free | Partition Type: NTFS

    Computer Name: RPOPPER | User Name: Bobby | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/17 19:25:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bobby\Desktop\OTL.exe
    PRC - [2013/02/01 13:22:34 | 000,917,400 | ---- | M] (Mozilla Corporation) -- F:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- F:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- F:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/10/30 18:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- F:\Program Files\AVAST Software\Avast\afwServ.exe
    PRC - [2012/10/11 21:56:08 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- F:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- F:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- F:\Program Files\CDBurnerXP\NMSAccessU.exe
    PRC - [2009/03/27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
    PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- F:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
    PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/06/13 06:44:18 | 000,155,648 | ---- | M] (Allume Systems, Inc.) -- F:\Program Files\Allume\StuffIt\MXTask.exe
    PRC - [2002/03/19 10:51:28 | 000,548,864 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/02/17 17:41:53 | 002,060,288 | ---- | M] () -- F:\Program Files\AVAST Software\Avast\defs\13021702\algo.dll
    MOD - [2013/02/16 13:57:27 | 002,060,288 | ---- | M] () -- F:\Program Files\AVAST Software\Avast\defs\13021602\algo.dll
    MOD - [2013/02/08 09:26:33 | 001,027,072 | ---- | M] () -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
    MOD - [2013/02/01 13:22:37 | 003,023,256 | ---- | M] () -- F:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/02/28 17:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
    MOD - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- F:\Program Files\CDBurnerXP\NMSAccessU.exe
    MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2002/05/03 16:40:32 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


    ========== Services (SafeList) ==========

    SRV - [2013/02/01 13:22:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- F:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/10/30 18:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- F:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
    SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- F:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
    SRV - [2009/03/27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2005/06/13 06:44:18 | 000,155,648 | ---- | M] (Allume Systems, Inc.) [Auto | Running] -- F:\Program Files\Allume\StuffIt\MXTask.exe -- (StuffIt Task Manager)
    SRV - [2005/04/04 17:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- F:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
    SRV - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2002/03/19 10:51:28 | 000,548,864 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)


    ========== Driver Services (SafeList) ==========

    DRV - [2012/12/25 18:12:06 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
    DRV - [2012/12/23 15:32:54 | 000,003,445 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\U3SHLPDR.SYS -- (U3SHLPDR)
    DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/10/30 18:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
    DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/10/30 18:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
    DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/10/30 18:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
    DRV - [2012/06/03 09:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2011/11/28 12:26:19 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
    DRV - [2011/07/29 13:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
    DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/08/13 14:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
    DRV - [2006/05/03 11:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2005/09/23 17:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2005/04/29 10:38:52 | 000,393,984 | ---- | M] (Allume Systems) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\zmxpzip.sys -- (zmxpzip)
    DRV - [2004/05/05 20:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
    DRV - [2001/04/09 08:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\penclass.sys -- (PenClass)
    DRV - [2000/07/24 00:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar)
    DRV - [1999/12/17 00:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\..\SearchScopes\{FD7644DE-3BDB-4746-8773-976E63A590B2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/"
    FF - prefs.js..extensions.enabledAddons: readability%40readability.com:2.4
    FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
    FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39
    FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: F:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/15 11:55:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2013/02/09 15:36:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins

    [2011/04/03 10:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Extensions
    [2013/02/17 18:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\extensions
    [2013/02/17 18:40:43 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/11/26 13:19:04 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2)
    [2012/03/06 21:01:59 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(3)
    [2013/02/14 16:30:02 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\extensions\support@lastpass.com
    [2012/10/03 07:30:33 | 000,260,810 | ---- | M] () (No name found) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\extensions\readability@readability.com.xpi
    [2013/02/14 12:34:35 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Bobby\Application Data\Mozilla\Firefox\Profiles\2t35kvq8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/02/17 19:20:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/07/04 23:41:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2013/02/17 19:20:53 | 000,000,000 | ---D | M] (Java Console) -- F:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

    O1 HOSTS File: ([2013/02/13 17:17:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 7.0] F:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Version Cue CS2] F:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] F:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
    O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003..\Run: [iCloudServices] F:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003..\Run: [MobileDocuments] F:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1220945662-1801674531-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Convert link target to Adobe PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to existing PDF - F:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetect...etection32.cab (Device Detection)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Cu...ataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_39)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EA746ED-B0C5-4BE8-8F4A-08E8453844AD}: DhcpNameServer = 192.168.1.1 68.237.161.12
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/04/03 10:17:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/04/17 14:30:58 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/05/20 10:01:34 | 000,000,098 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/17 19:26:05 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bobby\Desktop\TFC.exe
    [2013/02/17 19:25:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bobby\Desktop\OTL.exe
    [2013/02/17 18:45:01 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bobby\Desktop\mbam-setup-1.70.0.1100.exe
    [2013/02/13 19:52:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
    [2013/02/13 19:52:05 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/02/13 17:31:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/02/13 16:37:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2013/02/13 16:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2013/02/09 15:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2013/01/30 09:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bobby\Application Data\dvdcss
    [2013/01/22 12:56:30 | 000,000,000 | ---D | C] -- C:\Programme

    ========== Files - Modified Within 30 Days ==========

    [2013/02/17 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2013/02/17 19:26:05 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bobby\Desktop\TFC.exe
    [2013/02/17 19:25:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bobby\Desktop\OTL.exe
    [2013/02/17 18:45:03 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bobby\Desktop\mbam-setup-1.70.0.1100.exe
    [2013/02/17 16:48:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2013/02/17 10:10:04 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2013/02/17 10:08:11 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Bobby\Desktop\SafeZone Browser.lnk
    [2013/02/17 10:08:09 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    [2013/02/17 10:07:33 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/02/17 10:07:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/02/17 10:07:01 | 000,017,607 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
    [2013/02/17 10:06:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/17 10:06:17 | 3346,386,944 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/16 20:34:41 | 000,000,144 | ---- | M] () -- C:\WINDOWS\MXDebug2.ini
    [2013/02/16 20:23:52 | 003,251,712 | ---- | M] () -- C:\Documents and Settings\Bobby\Desktop\Graffitis_geniales-Verdaderas_obras__.pps
    [2013/02/16 19:35:51 | 000,228,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/16 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2013/02/15 23:27:43 | 003,699,896 | ---- | M] () -- C:\Documents and Settings\Bobby\Desktop\IMG_2679.psd
    [2013/02/15 14:13:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bobby\My Documents\PDVD_MediaDisc.PlayList
    [2013/02/14 16:29:30 | 000,000,398 | ---- | M] () -- C:\WINDOWS\Brownie.ini
    [2013/02/13 17:17:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/02/13 16:37:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2013/02/13 03:09:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/13 03:07:01 | 000,761,226 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/02/13 03:07:01 | 000,155,976 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/09 15:42:02 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\Bobby\Desktop\EASUS.lnk
    [2013/02/09 15:15:32 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2013/02/09 13:42:52 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
    [2013/02/07 21:09:07 | 000,038,718 | ---- | M] () -- C:\Documents and Settings\Bobby\My Documents\NYS Voucher3.pdf
    [2013/02/06 10:09:37 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2013/01/30 23:28:55 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\Bobby\Desktop\AoA DVD Copy.lnk
    [2013/01/22 12:55:55 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iltwain.ini
    [2013/01/22 12:20:57 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\expressripShakeIcon.job

    ========== Files Created - No Company Name ==========

    [2013/02/16 20:23:51 | 003,251,712 | ---- | C] () -- C:\Documents and Settings\Bobby\Desktop\Graffitis_geniales-Verdaderas_obras__.pps
    [2013/02/15 19:36:56 | 003,699,896 | ---- | C] () -- C:\Documents and Settings\Bobby\Desktop\IMG_2679.psd
    [2013/02/13 16:37:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2013/02/13 16:37:24 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2013/02/09 15:42:02 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\Bobby\Desktop\EASUS.lnk
    [2013/02/08 21:05:12 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
    [2013/02/07 21:09:07 | 000,038,718 | ---- | C] () -- C:\Documents and Settings\Bobby\My Documents\NYS Voucher3.pdf
    [2013/01/30 23:28:55 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\Bobby\Desktop\AoA DVD Copy.lnk
    [2013/01/22 12:55:53 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
    [2013/01/22 12:20:56 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\expressripShakeIcon.job
    [2012/12/23 15:32:54 | 000,003,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\U3SHLPDR.SYS
    [2012/12/03 16:46:38 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2012/11/07 09:36:25 | 000,013,010 | ---- | C] () -- C:\Documents and Settings\Bobby\Application Data\Comma Separated Values (Windows).CAL
    [2012/10/11 19:43:14 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
    [2012/10/11 19:43:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
    [2012/10/11 19:40:58 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2012/10/11 19:39:49 | 000,000,398 | ---- | C] () -- C:\WINDOWS\Brownie.ini
    [2012/04/25 16:47:20 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Bobby\.recently-used.xbel
    [2012/02/28 15:26:47 | 000,024,280 | ---- | C] () -- C:\Documents and Settings\Bobby\Application Data\Comma Separated Values (Windows).ADR
    [2012/02/23 13:29:07 | 000,190,666 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-1801674531-842925246-500-0.dat
    [2012/02/19 11:01:33 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2012/02/15 20:41:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/02/11 22:28:04 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Bobby\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/07 12:27:41 | 000,043,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
    [2012/02/04 10:15:09 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
    [2012/02/04 10:15:08 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
    [2012/02/04 10:15:08 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
    [2012/02/04 10:15:08 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
    [2012/02/04 10:15:08 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
    [2012/02/01 13:21:47 | 000,263,476 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-1801674531-842925246-1004-0.dat
    [2012/01/12 20:45:12 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
    [2012/01/12 14:26:17 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2012/01/05 23:18:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2011/12/26 23:45:01 | 002,788,798 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-1801674531-842925246-1003-0.dat
    [2011/12/26 23:45:00 | 000,193,102 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/11/30 12:08:26 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2011/11/30 11:47:19 | 000,042,976 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/11/02 13:44:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\driver.dat
    [2011/11/02 13:44:10 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\magicpvt.dat
    [2011/08/09 15:18:30 | 000,000,106 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
    [2011/07/14 17:00:58 | 000,022,892 | ---- | C] () -- C:\WINDOWS\HL-3040CN.INI
    [2011/07/14 16:57:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
    [2011/07/14 16:57:43 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
    [2011/07/14 16:57:43 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADC08A.DAT
    [2011/06/24 17:23:45 | 000,000,552 | ---- | C] () -- C:\Documents and Settings\Bobby\signature.htlm
    [2011/06/11 17:45:14 | 000,038,457 | ---- | C] () -- C:\Documents and Settings\Bobby\Application Data\Microsoft Excel.ADR
    [2011/05/19 09:17:34 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2011/04/05 21:56:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info9.ini
    [2011/04/05 21:56:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info7.ini
    [2011/04/05 21:56:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info4.ini
    [2011/04/05 21:56:28 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info10.ini
    [2011/04/03 14:07:01 | 000,017,607 | ---- | C] () -- C:\WINDOWS\System32\wacom.dat
    [2011/04/03 14:06:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
    [2011/04/03 14:06:52 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
    [2011/04/03 14:05:34 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
    [2011/04/03 14:05:33 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
    [2011/04/03 13:58:05 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
    [2011/04/03 13:58:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
    [2011/04/03 13:53:41 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\hpbprnfx.exe
    [2011/04/03 13:52:56 | 000,013,451 | ---- | C] () -- C:\WINDOWS\hpbins01.dat
    [2011/04/03 13:52:56 | 000,001,380 | ---- | C] () -- C:\WINDOWS\hpbmdl01.dat
    [2011/04/03 13:52:49 | 000,000,750 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
    [2011/04/03 13:52:40 | 000,000,412 | R--- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dat
    [2011/04/03 13:52:39 | 000,221,184 | R--- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
    [2011/04/03 13:48:28 | 000,012,885 | ---- | C] () -- C:\WINDOWS\hplj3380.ini
    [2011/04/03 13:37:48 | 000,000,144 | ---- | C] () -- C:\WINDOWS\MXDebug2.ini
    [2011/04/03 13:21:22 | 000,004,456 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/04/03 12:49:04 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\sfman.dat
    [2011/04/03 12:49:03 | 000,000,231 | ---- | C] () -- C:\WINDOWS\ac3api.ini
    [2011/04/03 11:54:01 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
    [2011/04/03 11:34:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2011/04/03 11:24:21 | 000,000,230 | ---- | C] () -- C:\Program Files\P DVD.lnk
    [2011/04/03 10:56:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/04/03 10:19:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/04/03 10:13:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/04/03 06:05:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/04/03 06:03:22 | 000,228,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== ZeroAccess Check ==========

    [2011/04/11 17:15:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2011/11/01 15:35:20 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/10/01 15:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2012/08/11 10:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alien Skin
    [2012/06/29 17:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Allume Systems
    [2012/01/11 18:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/04/05 21:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bobby
    [2011/11/30 12:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
    [2012/06/29 16:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClickFreeTformer
    [2012/02/08 14:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
    [2012/02/05 17:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitachi GST
    [2012/02/15 18:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGTEK
    [2011/11/30 15:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2012/01/11 18:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartPCScan
    [2012/02/12 12:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
    [2011/04/03 13:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/04/03 13:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Allume Systems
    [2011/06/13 14:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\AMICAS
    [2012/04/22 15:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Audacity
    [2011/11/30 12:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Canneverbe Limited
    [2011/04/17 10:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Free Audio Converter
    [2011/11/30 11:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\FreeBurner
    [2012/02/08 14:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Garmin
    [2012/02/05 17:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\HitachiGST
    [2013/01/19 13:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\ImgBurn
    [2012/07/21 10:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\LastPass
    [2011/11/30 15:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\NCH Swift Sound
    [2011/05/25 21:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Opera
    [2012/08/02 19:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Oracle
    [2013/02/04 21:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\PrimoPDF
    [2011/10/04 23:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Remote Utilities Files
    [2012/05/20 10:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\RipIt4Me
    [2011/04/19 21:59:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\SyncCell
    [2011/07/01 15:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\Temp
    [2012/12/25 18:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\TrueCrypt
    [2012/07/13 19:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\TweakNow SecureDelete
    [2012/02/12 12:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\WindSolutions
    [2012/12/20 09:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\XnConvert
    [2012/12/20 09:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bobby\Application Data\XnView
    [2011/04/03 13:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Allume Systems
    [2011/07/08 10:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Temp
    [2012/01/31 16:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Honey\Application Data\Allume Systems
    [2012/02/01 11:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Honey\Application Data\Garmin

    ========== Purity Check ==========



    < End of report >
    Reply With Quote Reply With Quote
  11. February 17th, 2013, 10:09 PM #26
    newstar
    newstar is offline Virtual PC Surgeon!
    Join Date
    Aug 2002
    Posts
    1,097
    OTL Extras logfile created on: 2/17/2013 8:55:10 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bobby\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.12 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 72.67% Memory free
    4.96 Gb Paging File | 4.30 Gb Available in Paging File | 86.73% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 78.00 Gb Total Space | 51.14 Gb Free Space | 65.56% Space Free | Partition Type: NTFS
    Drive D: | 78.13 Gb Total Space | 32.59 Gb Free Space | 41.72% Space Free | Partition Type: NTFS
    Drive E: | 49.26 Gb Total Space | 40.75 Gb Free Space | 82.73% Space Free | Partition Type: NTFS
    Drive F: | 48.83 Gb Total Space | 34.92 Gb Free Space | 71.50% Space Free | Partition Type: NTFS
    Drive G: | 59.47 Gb Total Space | 21.98 Gb Free Space | 36.95% Space Free | Partition Type: NTFS
    Drive K: | 59.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive M: | 62.54 Gb Total Space | 23.48 Gb Free Space | 37.54% Space Free | Partition Type: NTFS

    Computer Name: RPOPPER | User Name: Bobby | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1220945662-1801674531-842925246-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Print_Directory_Listintg] -- printdir.bat "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
    "5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "F:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = F:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
    "C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*isabled:javaw -- ()
    "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "E:\Program Files\FTP Commander\Ftpcomm.exe" = E:\Program Files\FTP Commander\Ftpcomm.exe:*:Enabled:Ftpcomm -- (Internetsoft)
    "C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe" = C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
    "C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\hp\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
    "{0564C76B-8E1F-4157-8654-B0F9F308BEE9}" = HP Deskjet 3050 J610 series Basic Device Software
    "{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
    "{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4}" = Matrix-ks
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java(TM) 6 Update 39
    "{2A006433-AA67-4049-A33A-83039BF50887}" = Brother HL-3040CN
    "{34E90074-C80C-4182-A995-65E88B5B56E0}" = HP Deskjet 3050 J610 series Product Improvement Study
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F50DB8D-3DA5-43CE-ADBB-4B5B862048A4}" = Logitech Harmony Remote
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
    "{601245BF-D558-4262-8D73-AA650B3219ED}" = PHP 5.3.10
    "{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{789C9644-9F82-44D3-B4CA-AC31F46F5882}" = Python 3.2.3
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{7E6F59BA-4D1C-4246-B048-AF0DCA54A117}" = StuffIt Deluxe
    "{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
    "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}" = Orca
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A7BF5269-3E74-11D5-B00F-00104B398D77}" = QuarkXPress 5.0
    "{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
    "{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
    "{B52161A2-B3BB-429A-9A57-A74CAB6185C7}" = Microlife BPA 3.2 English
    "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
    "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
    "{DD23CAA4-8872-4B95-B263-EA46FD82CF19}" = LaserAIO
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
    "{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
    "{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
    "{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
    "{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
    "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "All ATI Software" = ATI - Software Uninstall Utility
    "AoA DVD Copy_is1" = AoA DVD Copy
    "ATI Display Driver" = ATI Display Driver
    "avast" = avast! Internet Security
    "Design_7.0.20516.0" = Microsoft Expression Design 4
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
    "ExpressRip" = Express Rip
    "Gateway_Advanced_Setup_is1" = Gateway Advanced Setup 1.11
    "hp LaserJet-all-in-one" = hp LaserJet-all-in-one
    "HP Photo Creations" = HP Photo Creations
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ImgBurn" = ImgBurn
    "InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
    "InstallShield_{7E6F59BA-4D1C-4246-B048-AF0DCA54A117}" = StuffIt Deluxe
    "InstallShield_{B52161A2-B3BB-429A-9A57-A74CAB6185C7}" = Microlife BPA 3.2 English
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NirSoft BlueScreenView" = NirSoft BlueScreenView
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "OpenSSL-0.9.8h-1_is1" = GnuWin32: OpenSSL-0.9.8h-1
    "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
    "PS2" = PS2
    "Replay Music3.98" = Replay Music
    "Sound Blaster Live!" = Sound Blaster Live!
    "SyncCell" = SyncCell 3.1
    "TrueCrypt" = TrueCrypt
    "TweakNow SecureDelete_is1" = TweakNow SecureDelete
    "Unlocker" = Unlocker 1.9.1
    "Wacom Tablet Driver" = Wacom Tablet Driver
    "Web_4.0.1303.0" = Microsoft Expression Web 4
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XnConvert_is1" = XnConvert 1.51

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1220945662-1801674531-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "CopyTrans Suite" = CopyTrans Suite Remove Only
    "LastPass" = LastPass (uninstall only)

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/9/2013 10:06:16 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7891

    Error - 1/9/2013 10:18:49 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/9/2013 10:18:49 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 761016

    Error - 1/9/2013 10:18:49 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 761016

    Error - 1/9/2013 10:18:51 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/9/2013 10:18:51 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 762969

    Error - 1/9/2013 10:18:51 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 762969

    Error - 1/9/2013 10:18:53 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/9/2013 10:18:53 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 764954

    Error - 1/9/2013 10:18:53 AM | Computer Name = RPOPPER | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 764954

    [ System Events ]
    Error - 2/16/2013 7:18:52 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
    Description = Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error
    message: The referenced assembly is not installed on your system. .

    Error - 2/16/2013 7:18:52 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FPERSON.DLL.
    Reference
    error message: The operation completed successfully. .

    Error - 2/16/2013 7:18:53 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842784
    Description = Dependent Assembly Microsoft.VC80.MFC could not be found and Last
    Error was The referenced assembly is not installed on your system.

    Error - 2/16/2013 7:18:53 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
    Description = Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error
    message: The referenced assembly is not installed on your system. .

    Error - 2/16/2013 7:18:53 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\MOFL.DLL.
    Reference
    error message: The operation completed successfully. .

    Error - 2/16/2013 7:18:53 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842784
    Description = Dependent Assembly Microsoft.VC80.MFC could not be found and Last
    Error was The referenced assembly is not installed on your system.

    Error - 2/16/2013 7:18:53 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
    Description = Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error
    message: The referenced assembly is not installed on your system. .

    Error - 2/16/2013 7:18:53 PM | Computer Name = RPOPPER | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL.
    Reference
    error message: The operation completed successfully. .

    Error - 2/16/2013 8:17:06 PM | Computer Name = RPOPPER | Source = Service Control Manager | ID = 7034
    Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 2/17/2013 5:01:22 PM | Computer Name = RPOPPER | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the stisvc service.


    < End of report >
    Reply With Quote Reply With Quote
  12. February 17th, 2013, 10:10 PM #27
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    That's incorrect.
    You clicked on "Scan" button instead of "Fix" button.
    My Home Page
    Reply With Quote Reply With Quote
  13. February 17th, 2013, 10:22 PM #28
    newstar
    newstar is offline Virtual PC Surgeon!
    Join Date
    Aug 2002
    Posts
    1,097
    Sorry for the error. Below is the correct log. I will proceed to OTL - CLEANUP

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Bobby
    ->Temp folder emptied: 160953714 bytes
    ->Temporary Internet Files folder emptied: 11062079 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 6910384 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: M Honey
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6053 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 20156664 bytes

    Total Files Cleaned = 190.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Bobby
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: Guest

    User: LocalService

    User: M Honey
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Bobby
    ->Java cache emptied: 0 bytes

    User: Default User

    User: Guest

    User: LocalService

    User: M Honey
    ->Java cache emptied: 0 bytes

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 02172013_211427

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    Reply With Quote Reply With Quote
  14. February 17th, 2013, 10:27 PM #29
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    My Home Page
    Reply With Quote Reply With Quote
  15. February 17th, 2013, 10:29 PM #30
    newstar
    newstar is offline Virtual PC Surgeon!
    Join Date
    Aug 2002
    Posts
    1,097
    Thank you, once again. You're terrific. Does Virtual DR accept (small) donations? I would like to contribute.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules