1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Tr/trash.gen Trojan

Discussion in 'Malware Removal Help' started by SpiffyC, Jul 17, 2012.

  1. SpiffyC

    SpiffyC Member

    Joined:
    Aug 17, 2009
    Messages:
    64
    Location:
    Canada
    Operating System:
    Windows 8
    Computer Brand or Motherboard:
    ASUS P8Z77-V LGA 1155
    CPU:
    Intel i7 3770K @Stock
    Memory:
    8Gb Mushkin RAM
    Hard Drive:
    WD 1TB HDD for data, and one Corsair Force 120gb for OS, games, and progs
    Graphics Card:
    GIGABYTE Windforce OC Nvidia GTX 670
    Power Supply:
    CORSAIR Professional Series HX750 750W
    Hi guys,

    It seems my grandmother "Mara" is having a deep malware issue, and it's beyond what I can do, so I need some help. She seems to have had this virus for quite a long time (Nov 2011), and it hasn't shown up till now. It's been creating .exe's with the name A00***** (* for the numbers). They were on the C: and now they seem to have spread to her external drive. I found out that she has had it for a while by looking in here Avira desktop quarantine. Her computer has slowed down to a crawl, and has never been like that before.

    We deleted the files that Avira found, and it has sped up the computer somewhat. But something tells me that the issue is still very much present.

    I've never seen malware like this before, and I don't even know if reformatting with fix the issues.

    Thanks,
    Morgan
     
  2. BeeCeeBee

    BeeCeeBee ADMINISTRATOR IN MEMORY

    Joined:
    Apr 20, 2009
    Messages:
    7,201
    Location:
    New Jersey "Stronger than the Storm"
    Operating System:
    Windows 7
    Time to move this one to the Malware removal forum.

    Have a look here while we are waiting for the guys to arrive. http://computerhelpforums.net/topic/13814-preparation-for-malware-removal-help/
    Please give our regards to Mara!!!!!
     
  3. SpiffyC

    SpiffyC Member

    Joined:
    Aug 17, 2009
    Messages:
    64
    Location:
    Canada
    Operating System:
    Windows 8
    Computer Brand or Motherboard:
    ASUS P8Z77-V LGA 1155
    CPU:
    Intel i7 3770K @Stock
    Memory:
    8Gb Mushkin RAM
    Hard Drive:
    WD 1TB HDD for data, and one Corsair Force 120gb for OS, games, and progs
    Graphics Card:
    GIGABYTE Windforce OC Nvidia GTX 670
    Power Supply:
    CORSAIR Professional Series HX750 750W
    Thanks BeeCeeBee,

    I will surely send Mara your regards.

    I apologize for starting this topic in the wrong section, should have looked before starting it. :)
     
  4. etavares

    etavares Malware Removal Specialist - Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hi cocoabalt,

    My name is etavares and I'll be helping you with this issue. Please follow the instructions in the link that BeeCeeBee provided and I'll look over your logs. To answer your previous question, a reformat would fix the issue if you prefer to go that route. If not, we can run some scans and regain control over the machine ourselves.

    Thanks!
    -etavares
     
  5. BeeCeeBee

    BeeCeeBee ADMINISTRATOR IN MEMORY

    Joined:
    Apr 20, 2009
    Messages:
    7,201
    Location:
    New Jersey "Stronger than the Storm"
    Operating System:
    Windows 7
    I am very disappointed that you have not so much as replied to etavares. Even if you formatted and reinstalled he should have been advised. If there is no further activity I will close this thread. Frankly, considering who you are and who's computer is having the problem I expected far more from you.
     
  6. Mara

    Mara Registered Members

    Joined:
    Jun 20, 2009
    Messages:
    2,261
    Location:
    British Columbia, Canada
    Operating System:
    Windows XP Home
    Oh my gosh, I'm absolutely mortified, truly I am!!

    And I can't begin to say how sorry I am that this post has sat here and no one has been thanked - I'm just so so so so so sorry, etavares!


    I followed the back-ups, etc in the malware section (thanks, Starbuck) ... and ran MalwareBytes twice, Avira once, then Kaspersky once and finally Avira once again ... and the poor computer is running once again finally.

    That said, while giving serious thought to doing a clean refomat, discovered to my horror the Windows XP disks are gone. Literally missing from my computer treasure box, so alas, that option will simply never exist in the future - eep.

    Etavares, I wonder if I might ask you a couple things (and I truly understand if you decline - yup, I'm motified!) ....
    1. Is there a way to somehow create a completely new Windows XP disk, just like the factory one I had? This computer is legal and I don't plan on using the Windows XP software anywhere but on this specific computer so hopefully if there is a way to do it, it would also be legal?

    and...

    2. Am still having massive woes with Adobe. Originally (before the computer woe), I had Adobe Flash Player, Adobe Active X and Adobe Shockwave Player.
    And even before the computer throw that massive hissy, kept getting the below messages

    [​IMG]

    [​IMG]

    Have used Revo uninstaller and removed and reinstalled both Adobe Flash and Adobe Shockwave (and even Java, just in case but couldn't find another Adobe Active X to download).... and the Adobe updater still doesn't seem to like my computer.

    Thanks so much and again, I'll truly understand if you'd prefer to 'pass', etavares.
     
  7. Mara

    Mara Registered Members

    Joined:
    Jun 20, 2009
    Messages:
    2,261
    Location:
    British Columbia, Canada
    Operating System:
    Windows XP Home
    Barry, I am so sincerely sorry! My grandson was truly trying to help me and, while it's no excuse, he was picked up by his dad and obviously forgot to continue on - oh dear.
     
  8. DSTM (Dougie)

    DSTM (Dougie) Registered Members

    Joined:
    May 3, 2009
    Messages:
    8,270
    Location:
    SYDNEY AUSTRALIA
    Operating System:
    Windows 7
    If I may add. Mara was unaware of this thread running till I Emailed her with a live link.
     
  9. etavares

    etavares Malware Removal Specialist - Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hi Mara,

    No worries, of course I'll help you. :)

    1. I'm glad it's running better after running those scans. Did they find anything?
    2. Unfortunately, we can't create a Windows XP disk. The only way is to order one. However, we might be able to create recovery disks depending on your make and model of computer. Some computers even have an option to restore it to factory state. You'd lose all your data, but end up with a working computer. What kind of computer is it?
    3. These types of Adobe issues happen often; but an uninstall/reinstall usually works. It sounds like the Adobe Update is still installed. Did you uninstall all Adobe products with Revo? If you didn't, please do that and let me know if the error disappears. Then we can reinstall Flash, Reader, etc. If it doesn't work, we will run a scan for me to look at.

    -etavares
     
  10. Mara

    Mara Registered Members

    Joined:
    Jun 20, 2009
    Messages:
    2,261
    Location:
    British Columbia, Canada
    Operating System:
    Windows XP Home
    Thank you,etavares!

    I thought for sure my 'Snag Screen' would capture images when anti-bug programs showed results, but nothing could be activated, even that, unfortunately.

    Just went to Avira now and found a section showing 'detection list' ... it wouldn't let me highlight and copy entire list here so just 'captured' a couple shots of some that were showing -perhaps they will help?

    [​IMG]

    [​IMG].

    It's just good to have whatever was causing the woe finally gone from computer, though.

    I've uninstalled and reinstalled and uninstalled and reinstalled the Adobe stuff ... and finally that 'Adobe Flash Up-date Service' woe window has quit coming up... but still can't watch videos at Youtube. The voices are out of sync ... the actions are so choppy ... and video keeps stopping for a few moments at a time.

    Would love to figure out how to fix the program on my computer that is affecting Youtube viewing ... and also how to back up my entire Windows XP system software (I really do have the Windows registration number, etc - gentle smile).

    Thanks again so very much!
     
  11. etavares

    etavares Malware Removal Specialist - Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hello, Mara.

    That looks like the list of what Avira will detect. Let's run two scans and take a look. Have you tried another browser for Youtube besides the one you are using? That will narrow down the causes.





    Step 1

    We need to create an OTL report,
    • Please download OTL from this link.
    • (If that link doesn't work, try this alternate link
    • Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Select "Use Safelist" under "Extra Registry"
    • Under the Custom Scan box paste this in:

      netsvcs
      msconfig
      %SYSTEMDRIVE%\*.*
      %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.sys /90
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\*.exe /lockedfiles
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\*
      %USERPROFILE%\..|smtmp;true;true;true /FP
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      CREATERESTOREPOINT


    • Click the Quick Scan button.
    • The scan should take a few minutes.
    • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.



    Step 2

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • It gives you the option to add the latest Avast definitions and recommends you do so. Ignore it and click No as it may crash your system or hang up and we don't need that info.
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

    Note: aswMBR will save MBR.dat to your desktop. Do NOT delete it until I tell you your computer is clean. It is a backup of your MBR that we may need later.

    etavares
     
  12. Mara

    Mara Registered Members

    Joined:
    Jun 20, 2009
    Messages:
    2,261
    Location:
    British Columbia, Canada
    Operating System:
    Windows XP Home
    Am running the 'Old Timer' scan now ... just left setting of 30 days under "file age" so it's taking awhile .. but shall be back as soon as both scans are completed to post them - thanks again!
     
  13. Mara

    Mara Registered Members

    Joined:
    Jun 20, 2009
    Messages:
    2,261
    Location:
    British Columbia, Canada
    Operating System:
    Windows XP Home
    Here's the first two scans from Old Timer:

    OTL logfile created on: 7/21/2012 5:44:53 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Glen\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.22 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 76.02% Memory free
    6.27 Gb Paging File | 5.53 Gb Available in Paging File | 88.08% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 458.75 Gb Total Space | 358.49 Gb Free Space | 78.15% Space Free | Partition Type: NTFS
    Drive D: | 225.88 Gb Total Space | 122.50 Gb Free Space | 54.23% Space Free | Partition Type: NTFS

    Computer Name: GLEN-F50AB654EA | User Name: Glen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/21 17:42:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glen\Desktop\OTL.exe
    PRC - [2012/07/18 22:21:32 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2012/07/13 16:19:16 | 000,646,800 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
    PRC - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    PRC - [2012/06/27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
    PRC - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2012/05/09 21:26:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2012/05/09 21:26:15 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2012/05/09 21:26:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2012/05/09 21:26:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programs - SECURITY\MALWARE BYTES\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programs - SECURITY\MALWARE BYTES\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/08/09 16:56:40 | 000,417,112 | ---- | M] (IObit) -- C:\Programs - SECURITY\IObit\Advanced SystemCare 4\ASCTray.exe
    PRC - [2011/08/09 16:40:34 | 000,763,224 | ---- | M] (IObit) -- C:\Programs - SECURITY\IObit\Advanced SystemCare 4\PMonitor.exe
    PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Programs - SECURITY\IObit\Advanced SystemCare 4\ASCService.exe
    PRC - [2011/05/15 12:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Programs - SECURITY\WinPatrol - doggie\WinPatrol.exe
    PRC - [2009/06/26 18:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
    PRC - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- C:\Programs - SECURITY\Everything\Everything.exe
    PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programs - MEDIA\CD BURNER XP - recommended by Kim Komando\CDBurnerXP\NMSAccessU.exe
    PRC - [2008/09/16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Programs - PHOTO\Photoshop ELEMENTS\PhotoshopElementsFileAgent.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/12/13 18:03:50 | 000,739,328 | ---- | M] () -- C:\Programs - SECURITY\SNAG SCREEN\SnagScreen.exe
    PRC - [2004/10/15 19:40:56 | 002,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Programs - SECURITY\Sygate - FIREWALL\Smc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/18 22:21:31 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2012/05/09 21:26:16 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2011/11/05 19:28:07 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2011/11/03 08:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2011/08/09 16:43:20 | 000,130,904 | ---- | M] () -- C:\Programs - SECURITY\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
    MOD - [2011/04/14 18:01:33 | 000,548,854 | ---- | M] () -- C:\Programs - SECURITY\WinPatrol - doggie\sqlite3.dll
    MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2010/02/16 13:57:38 | 000,301,568 | ---- | M] () -- C:\Program Files\NCH FileBulldog Toolbar\tbhelper.dll
    MOD - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- C:\Programs - SECURITY\Everything\Everything.exe
    MOD - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programs - MEDIA\CD BURNER XP - recommended by Kim Komando\CDBurnerXP\NMSAccessU.exe
    MOD - [2008/09/02 13:29:52 | 000,098,304 | ---- | M] () -- C:\Programs - PHOTO\Photo!Edit May 2011\Photo! Editor\IvBar\ivbshlext.dll
    MOD - [2008/04/13 17:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
    MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2006/12/13 18:03:50 | 000,739,328 | ---- | M] () -- C:\Programs - SECURITY\SNAG SCREEN\SnagScreen.exe
    MOD - [2004/10/15 18:32:20 | 001,385,712 | ---- | M] () -- C:\Programs - SECURITY\Sygate - FIREWALL\tse.dll
    MOD - [2004/10/15 18:32:18 | 000,832,744 | ---- | M] () -- C:\Programs - SECURITY\Sygate - FIREWALL\SyLink.dll
    MOD - [2004/10/15 18:32:12 | 000,890,088 | ---- | M] () -- C:\Programs - SECURITY\Sygate - FIREWALL\SpNet.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- C:\Programs -- (SmcService)
    SRV - File not found [Auto | Stopped] -- C:\Programs -- (SkypeUpdate)
    SRV - File not found [Auto | Running] -- C:\Programs -- (NMSAccessU)
    SRV - File not found [Auto | Running] -- C:\Programs -- (MBAMService)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
    SRV - File not found [Auto | Running] -- C:\Programs -- (AdvancedSystemCareService)
    SRV - File not found [Auto | Running] -- C:\Programs -- (AdobeActiveFileMonitor7.0)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
    SRV - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2012/06/27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2012/05/09 21:26:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2012/05/09 21:26:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/11/09 13:21:36 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programs -- (WISOVD)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys -- (UrlFilter)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys -- (RegFilter)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys -- (FileMonitor)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2012/05/09 21:26:16 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2012/05/09 21:26:16 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/10/11 15:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV - [2010/08/04 06:16:54 | 002,127,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/11/29 23:31:42 | 000,050,176 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
    DRV - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2009/06/29 04:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2009/06/26 18:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
    DRV - [2004/10/15 18:32:44 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg6n.sys -- (wg6n)
    DRV - [2004/10/15 18:32:42 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg5n.sys -- (wg5n)
    DRV - [2004/10/15 18:32:40 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg4n.sys -- (wg4n)
    DRV - [2004/10/15 18:32:38 | 000,014,568 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wg3n.sys -- (wg3n)
    DRV - [2004/10/15 18:18:46 | 000,021,075 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
    DRV - [2004/10/15 18:17:02 | 000,060,496 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Teefer.sys -- (Teefer)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com chfilebulldog/{01F88567-4CC7-4456-A0A4-89606D287C1B}
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-343818398-2111687655-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com chfilebulldog/{01F88567-4CC7-4456-A0A4-89606D287C1B}
    IE - HKU\S-1-5-21-343818398-2111687655-682003330-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-343818398-2111687655-682003330-1003\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\NCH FileBulldog Toolbar\tbhelper.dll ()
    IE - HKU\S-1-5-21-343818398-2111687655-682003330-1003\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
    IE - HKU\S-1-5-21-343818398-2111687655-682003330-1003\..\SearchScopes,DefaultScope = {F673FC1B-4FF6-4424-8B1F-96CFCD3AB53A}
    IE - HKU\S-1-5-21-343818398-2111687655-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-343818398-2111687655-682003330-1003\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser chfilebulldog/{01F88567-4CC7-4456-A0A4-89606D287C1B}?q={searchTerms}
    IE - HKU\S-1-5-21-343818398-2111687655-682003330-1003\..\SearchScopes\{F673FC1B-4FF6-4424-8B1F-96CFCD3AB53A}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKU\S-1-5-21-343818398-2111687655-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://home.mytelus.com/telusen/portal/index.aspx"
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/20 06:15:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 22:21:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/20 11:05:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2011/10/20 20:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glen\Application Data\Mozilla\Extensions
    [2012/07/19 12:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glen\Application Data\Mozilla\Firefox\Profiles\fo0zfocb.default\extensions
    [2011/12/12 15:35:11 | 000,000,000 | ---D | M] (NCH FileBulldog Toolbar) -- C:\Documents and Settings\Glen\Application Data\Mozilla\Firefox\Profiles\fo0zfocb.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
    [2012/07/14 11:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/04/20 09:06:55 | 000,085,537 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\GLEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FO0ZFOCB.DEFAULT\EXTENSIONS\AFTERTHEDEADLINE@AFTERTHEDEADLINE.COM.XPI
    [2011/12/22 13:31:31 | 000,599,045 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\GLEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FO0ZFOCB.DEFAULT\EXTENSIONS\FIREFOXADDON@SIMILARWEB.COM.XPI
    [2012/07/18 12:39:23 | 000,040,533 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\GLEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FO0ZFOCB.DEFAULT\EXTENSIONS\FLATBM@XULDEV.ORG.XPI
    [2012/02/07 18:21:25 | 000,113,603 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\GLEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FO0ZFOCB.DEFAULT\EXTENSIONS\NOSQUINT@URANDOM.CA.XPI
    [2012/07/20 06:15:55 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
    [2011/10/29 15:26:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/07/18 22:21:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/05/02 13:22:24 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/02/19 23:37:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/05/02 13:22:24 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/05/02 13:22:24 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/07/14 11:29:22 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
    [2012/05/02 13:22:27 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/05/02 13:22:24 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2006/03/15 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\NCH FileBulldog Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (NCH FileBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\NCH FileBulldog Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
    O3 - HKU\S-1-5-21-343818398-2111687655-682003330-1003\..\Toolbar\WebBrowser: (NCH FileBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\NCH FileBulldog Toolbar\tbcore3.dll ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programs - SECURITY\MALWARE BYTES\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SmcService] C:\Programs - SECURITY\Sygate - FIREWALL\Smc.exe (Sygate Technologies, Inc.)
    O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [WinPatrol] C:\Programs - SECURITY\WinPatrol - doggie\winpatrol.exe (BillP Studios)
    O4 - HKU\S-1-5-21-343818398-2111687655-682003330-1003..\Run: [Advanced SystemCare 4] C:\Programs - SECURITY\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-343818398-2111687655-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342391681625 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEE6FF7B-9D9D-4B11-B6A4-E8A5AD181751}: DhcpNameServer = 192.168.1.254 75.153.176.9
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Glen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Glen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/10/20 20:14:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - StartUpFolder: C:^Documents and Settings^Glen^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe - (Sony Corporation)
    MsConfig - StartUpFolder: C:^Documents and Settings^Glen^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
    MsConfig - StartUpReg: Advanced SystemCare 4 - hkey= - key= - File not found
    MsConfig - StartUpReg: Everything - hkey= - key= - C:\Programs - SECURITY\Everything\Everything.exe ()
    MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    MsConfig - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/21 17:42:00 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Glen\Desktop\OTL.exe
    [2012/07/21 00:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Local Settings\Application Data\WMTools Downloaded Files
    [2012/07/21 00:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
    [2012/07/20 10:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Local Settings\Application Data\Sun
    [2012/07/19 23:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Local Settings\Application Data\Temp
    [2012/07/19 17:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/07/19 17:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
    [2012/07/19 17:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Application Data\Oracle
    [2012/07/19 12:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2012/07/18 22:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\My Documents\z computer woes, mid July
    [2012/07/18 20:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
    [2012/07/18 20:14:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonMP Uninstaller Information
    [2012/07/18 20:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MP150
    [2012/07/18 20:14:07 | 000,000,000 | -H-D | C] -- C:\CanonMP
    [2012/07/18 19:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Start Menu\Programs\Revo Uninstaller
    [2012/07/18 12:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 4
    [2012/07/17 12:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\My Documents\z legal templates READY
    [2012/07/16 18:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
    [2012/07/16 18:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    [2012/07/14 15:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Application Data\Windows Search
    [2012/07/14 11:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Application Data\Search Settings
    [2012/07/14 11:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
    [2012/07/14 11:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
    [2012/07/14 11:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
    [2012/07/01 12:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IdealSoftware
    [2012/07/01 12:03:40 | 000,000,000 | ---D | C] -- C:\IDEALDVDCOPY_TEMP
    [2012/07/01 12:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ideal DVD Copy
    [2012/07/01 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Local Settings\Application Data\IdealSoftware
    [2012/06/27 11:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\My Documents\zz BURN TO CD for my SYLVIA
    [2012/06/26 15:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\My Documents\PASSWORDS
    [2012/06/24 16:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glen\Application Data\Sound Editor Pro
    [2012/06/24 16:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sound Editor Pro
    [2012/06/24 16:34:42 | 002,084,864 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDesign2.dll
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/21 17:42:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glen\Desktop\OTL.exe
    [2012/07/21 11:02:04 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
    [2012/07/21 11:02:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
    [2012/07/21 11:02:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/07/21 00:31:56 | 000,002,385 | ---- | M] () -- C:\Documents and Settings\Glen\Desktop\Microsoft Office PowerPoint Viewer 2007.lnk
    [2012/07/21 00:17:22 | 001,941,254 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\My computer information PIRIFORM.BMP
    [2012/07/21 00:15:26 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
    [2012/07/19 08:00:14 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/07/18 20:18:58 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MP Navigator 2.0.lnk
    [2012/07/18 20:15:49 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint.lnk
    [2012/07/18 20:10:00 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Malware Fighter.lnk
    [2012/07/18 19:43:00 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Glen\Desktop\Revo Uninstaller.lnk
    [2012/07/18 12:32:22 | 000,000,922 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
    [2012/07/18 12:32:22 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
    [2012/07/18 12:22:36 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Glen\Desktop\Shortcut to moviemk.exe.lnk
    [2012/07/16 19:49:55 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\PixillionDowngrade.job
    [2012/07/16 18:23:46 | 000,002,437 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2012/07/15 15:26:34 | 000,242,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/07/14 11:26:19 | 000,502,962 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/07/14 11:26:19 | 000,087,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/07/14 04:45:28 | 000,025,019 | ---- | M] () -- C:\Documents and Settings\Glen\My Documents\strange laws.odt
    [2012/07/14 00:23:59 | 000,010,550 | ---- | M] () -- C:\WINDOWS\is-EK1Q8.msg
    [2012/07/14 00:23:59 | 000,000,539 | ---- | M] () -- C:\WINDOWS\is-EK1Q8.lst
    [2012/07/12 22:00:23 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\prismDowngrade.job
    [2012/07/07 14:42:02 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
    [2012/07/06 11:47:01 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
    [2012/07/01 12:03:37 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Glen\Desktop\Ideal DVD Copy.lnk
    [2012/06/26 21:59:01 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
    [2012/06/24 16:34:43 | 000,002,083 | ---- | M] () -- C:\Documents and Settings\Glen\Desktop\Sound Editor Pro.lnk
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/21 00:17:22 | 001,941,254 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\My computer information PIRIFORM.BMP
    [2012/07/21 00:15:26 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
    [2012/07/19 12:32:51 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2012/07/18 20:15:49 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint.lnk
    [2012/07/18 20:15:16 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MP Navigator 2.0.lnk
    [2012/07/18 12:32:39 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
    [2012/07/18 12:32:22 | 000,000,922 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Care.lnk
    [2012/07/18 12:32:22 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 4.lnk
    [2012/07/18 12:22:36 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Glen\Desktop\Shortcut to moviemk.exe.lnk
    [2012/07/14 04:44:45 | 000,025,019 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\strange laws.odt
    [2012/07/14 00:23:59 | 000,010,550 | ---- | C] () -- C:\WINDOWS\is-EK1Q8.msg
    [2012/07/14 00:23:59 | 000,000,539 | ---- | C] () -- C:\WINDOWS\is-EK1Q8.lst
    [2012/07/07 14:42:02 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
    [2012/07/06 10:41:28 | 000,034,207 | ---- | C] () -- C:\Documents and Settings\Glen\My Documents\ANIMATED blow bubbles.gif
    [2012/07/02 17:38:09 | 000,002,385 | ---- | C] () -- C:\Documents and Settings\Glen\Desktop\Microsoft Office PowerPoint Viewer 2007.lnk
    [2012/07/01 12:03:37 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\Glen\Desktop\Ideal DVD Copy.lnk
    [2012/06/24 16:34:43 | 000,002,083 | ---- | C] () -- C:\Documents and Settings\Glen\Desktop\Sound Editor Pro.lnk
    [2012/06/12 13:33:13 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
    [2012/06/12 13:33:13 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
    [2012/06/12 13:31:10 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
    [2012/06/12 13:31:03 | 002,026,604 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
    [2012/06/12 13:31:03 | 000,442,964 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
    [2012/02/15 02:55:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/23 03:26:22 | 000,135,189 | ---- | C] () -- C:\Documents and Settings\Glen\Application Data\PhotoStage.dmp
    [2012/01/20 15:10:52 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\EMRegSys.dll
    [2012/01/09 13:00:48 | 004,346,880 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
    [2012/01/07 15:22:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
    [2012/01/07 15:21:50 | 006,366,094 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-53.dll
    [2012/01/07 15:21:50 | 001,007,151 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-53.dll
    [2012/01/07 15:21:50 | 000,354,979 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll
    [2012/01/07 15:21:50 | 000,203,306 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll
    [2012/01/07 15:21:50 | 000,138,727 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-2.dll
    [2012/01/06 03:19:39 | 000,163,029 | ---- | C] () -- C:\WINDOWS\DP Animation Maker Uninstaller.exe
    [2011/12/20 11:50:04 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2011/12/20 11:49:56 | 000,099,328 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2011/12/20 11:49:54 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
    [2011/12/20 11:49:54 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
    [2011/12/20 11:49:52 | 001,525,248 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
    [2011/12/20 11:49:52 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
    [2011/12/20 11:49:52 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
    [2011/12/20 11:49:50 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
    [2011/12/20 11:49:50 | 000,260,608 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2011/12/20 11:49:50 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2011/12/12 22:58:51 | 000,160,992 | ---- | C] () -- C:\WINDOWS\Sqirlz Water Reflections Uninstaller.exe
    [2011/12/07 12:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
    [2011/11/30 22:01:20 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
    [2011/11/30 16:51:44 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2011/11/23 03:50:10 | 000,276,255 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-343818398-2111687655-682003330-1003-0.dat
    [2011/11/23 03:50:06 | 000,171,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/11/21 16:54:54 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Glen\Local Settings\Application Data\fusioncache.dat
    [2011/11/20 00:41:53 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2011/10/30 17:33:57 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\Cool Motion.dll
    [2011/10/29 19:08:34 | 000,025,944 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
    [2011/10/29 19:08:33 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
    [2011/10/21 18:16:47 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
    [2011/10/21 18:02:03 | 000,204,800 | ---- | C] () -- C:\Documents and Settings\Glen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/20 20:21:24 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
    [2011/10/20 20:20:18 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
    [2011/10/20 20:16:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/10/20 20:09:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/10/20 13:01:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/10/20 13:00:24 | 000,242,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/09/08 07:00:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
    [2011/09/08 07:00:48 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
    [2011/09/08 07:00:42 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
    [2011/09/08 07:00:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
    [2011/09/08 07:00:34 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
    [2011/09/08 07:00:24 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
    [2011/09/08 07:00:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
    [2011/09/08 07:00:06 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
    [2011/09/08 06:59:54 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
    [2011/09/08 06:59:52 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
    [2011/05/30 06:42:50 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2011/05/23 00:46:30 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2011/03/03 04:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
    [2011/03/03 04:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
    [2011/03/03 04:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
    [2011/02/15 05:46:02 | 014,454,784 | ---- | C] () -- C:\WINDOWS\System32\common_res.dll
    [2010/08/18 12:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini

    ========== LOP Check ==========

    [2011/11/30 16:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
    [2011/12/09 23:24:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2011/12/14 13:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2012/07/01 12:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IdealSoftware
    [2011/11/30 03:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2012/07/18 12:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2012/04/27 22:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
    [2011/10/20 22:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Magix
    [2011/12/18 21:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
    [2012/02/05 00:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/10/21 11:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames
    [2011/12/10 04:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
    [2012/02/07 18:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zoner
    [2012/02/25 15:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\.minecraft
    [2011/12/18 21:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Anvsoft
    [2011/10/30 17:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\AquaSoft
    [2011/11/30 16:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Canneverbe Limited
    [2011/12/09 23:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Canon
    [2012/06/04 19:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Digiarty
    [2011/11/30 14:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\ElevatedDiagnostics
    [2012/04/27 22:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Engelmann Media
    [2011/12/18 21:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\ffDiaporama
    [2012/03/13 15:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Free Audio Editor
    [2012/04/27 15:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Genie9
    [2012/02/06 19:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\HandBrake
    [2011/11/30 21:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\ImgBurn
    [2012/07/18 12:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\IObit
    [2011/10/30 17:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\mediAvatar
    [2011/10/24 13:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\OpenOffice.org
    [2012/07/19 17:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Oracle
    [2012/02/03 02:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\PhotoScape
    [2012/07/14 11:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Search Settings
    [2011/10/29 01:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Software Informer
    [2012/06/24 16:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Sound Editor Pro
    [2011/12/02 21:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\TeamViewer
    [2011/10/20 22:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Thunderbird
    [2011/12/12 15:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Toolbar4
    [2011/10/20 21:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\TreeCardGames
    [2012/05/22 16:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Windows Desktop Search
    [2012/07/14 15:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\Windows Search
    [2012/03/22 15:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\WinISO Computing
    [2011/11/30 03:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\WinPatrol
    [2011/11/23 17:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glen\Application Data\YouTube Downloader
    [2012/04/27 15:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Genie9
    [2012/04/27 15:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Genie9
    [2012/07/21 11:02:04 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
    [2012/06/17 15:50:15 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\photostageShakeIcon.job
    [2012/07/16 19:49:55 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\PixillionDowngrade.job
    [2012/06/07 18:48:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\PixillionReminder.job
    [2012/07/12 22:00:23 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\prismDowngrade.job
    [2012/06/26 21:59:01 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
    [2012/07/21 11:02:04 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag_Startup.job
    [2012/07/06 11:47:01 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
    [2012/06/18 11:47:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2011/12/14 13:50:09 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
    [2011/10/20 20:14:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/11/23 17:33:52 | 000,000,209 | -HS- | M] () -- C:\boot.ini
    [2011/10/20 20:14:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2012/07/07 14:42:02 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
    [2011/12/25 22:42:46 | 000,460,824 | ---- | M] () -- C:\img2-001.raw
    [2011/10/20 20:14:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/10/20 20:14:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/03/15 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2011/10/20 21:08:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/07/21 11:01:52 | 3453,136,896 | -HS- | M] () -- C:\pagefile.sys
    [2011/10/21 20:39:23 | 000,082,818 | ---- | M] () -- C:\Possible desk top 01.cps
    [2011/10/21 20:38:40 | 001,985,458 | ---- | M] () -- C:\possible desk top 02.cps
    [2012/06/14 21:04:49 | 000,004,608 | -HS- | M] () -- C:\Thumbs.db

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2006/09/12 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\CNMPD7K.DLL
    [2006/09/12 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\CNMPP7K.DLL
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.sys /90 >
    [2012/06/13 06:19:59 | 001,866,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
    [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\*.dll /lockedfiles >
    [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\*.exe /lockedfiles >
    [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\System32\config\*.sav >
    [2011/10/20 12:59:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2011/10/20 12:59:50 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2011/10/20 12:59:50 | 000,909,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\* >

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/18 22:21:28 | 000,865,768 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/18 22:21:28 | 000,865,768 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/18 22:21:28 | 000,865,768 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/18 22:21:32 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/18 22:21:32 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/18 22:21:32 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/18 22:21:28 | 000,865,768 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/18 22:21:28 | 000,865,768 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/18 22:21:28 | 000,865,768 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/18 22:21:32 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/18 22:21:32 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/18 22:21:32 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 04:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8423A1CF

    < End of report >


    AND:
    OTL Extras logfile created on: 7/21/2012 5:44:54 PM - Run 1
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Glen\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.22 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 76.02% Memory free
    6.27 Gb Paging File | 5.53 Gb Available in Paging File | 88.08% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 458.75 Gb Total Space | 358.49 Gb Free Space | 78.15% Space Free | Partition Type: NTFS
    Drive D: | 225.88 Gb Total Space | 122.50 Gb Free Space | 54.23% Space Free | Partition Type: NTFS

    Computer Name: GLEN-F50AB654EA | User Name: Glen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-343818398-2111687655-682003330-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Programs - PHOTO\Photoshop ELEMENTS\AdobePhotoshopElementsMediaServer.exe" = C:\Programs - PHOTO\Photoshop ELEMENTS\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- (Adobe Systems Incorporated)
    "C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
    "C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{29205904-A7A8-4545-0001-697935602C90}" = SimplyGoodPictures
    "{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.1
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}" = Photo to Cartoon
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
    "{590E3295-A11B-4C9F-9F88-399397EE393D}" = YouTube Downloader Toolbar v6.0
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{E44C57E8-2E0B-418A-AAC1-043EF2065EB7}" = AcroPano Photo Stitcher, Panorama software
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
    "123 Free Solitaire_is1" = 123 Free Solitaire 2011 v8.0
    "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
    "Advanced SystemCare 4_is1" = Advanced SystemCare 4
    "Advanced SystemCare 5_is1" = Advanced SystemCare 5
    "Avira AntiVir Desktop" = Avira Free Antivirus
    "Caricature Maker 1.0_is1" = Caricature Maker 1.0
    "Corel Uninstaller" = Corel Uninstaller
    "CreaToon 3.0" = CreaToon 3.0
    "DP Animation Maker" = DP Animation Maker
    "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
    "Everything" = Everything 1.2.1.371
    "Free Audio Editor" = Free Audio Editor
    "Fx Frame Capture" = Fx Frame Capture
    "Game Booster_is1" = Game Booster
    "Gif2swf" = Gif2swf
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Ideal DVD Copy_is1" = Ideal DVD Copy V4.1.2
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "IObit Malware Fighter_is1" = IObit Malware Fighter
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Media Player - Codec Pack" = Media Player Codec Pack 4.1.4
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
    "Mozilla Thunderbird 10.0.2 (x86 en-GB)" = Mozilla Thunderbird 10.0.2 (x86 en-GB)
    "MP Navigator 2.0" = Canon MP Navigator 2.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NCH FileBulldog Toolbar" = NCH FileBulldog Toolbar
    "Photo Stamp Remover_is1" = Photo Stamp Remover 4.2
    "PhotoFiltre" = PhotoFiltre
    "PhotoScape" = PhotoScape
    "PhotoStage" = PhotoStage Slideshow Producer
    "PhotoToolkit_is1" = Photo! Editor 1.1
    "Pixillion" = Pixillion Image Converter
    "PowerpointImageExtractor_is1" = PowerpointImageExtractor
    "Prism" = Prism Video File Converter
    "Revo Uninstaller" = Revo Uninstaller 1.94
    "Sound Editor Pro_is1" = Sound Editor Pro v7.5.1
    "Speccy" = Speccy
    "Sqirlz Water Reflections" = Sqirlz Water Reflections
    "Switch" = Switch Sound File Converter
    "TeamViewer 7" = TeamViewer 7
    "ThunderSoft Flash Gallery Creator_is1" = ThunderSoft Flash Gallery Creator (1.0.2.2)
    "VideoPad" = VideoPad Video Editor
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1
    "WinISO" = WinISO
    "WinRAR archiver" = WinRAR 4.10 beta 3 (32-bit)
    "WinX DVD Ripper_is1" = WinX DVD Ripper 5.5.5
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "ZonerPhotoStudio14_EN_is1" = Zoner Photo Studio 14

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/17/2012 10:58:51 PM | Computer Name = GLEN-F50AB654EA | Source = Application Error | ID = 1001
    Description = Fault bucket -1248593725.

    Error - 7/18/2012 5:56:18 PM | Computer Name = GLEN-F50AB654EA | Source = Application Error | ID = 1000
    Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
    faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

    Error - 7/18/2012 5:56:24 PM | Computer Name = GLEN-F50AB654EA | Source = Application Error | ID = 1001
    Description = Fault bucket -1248593725.

    Error - 7/18/2012 9:56:18 PM | Computer Name = GLEN-F50AB654EA | Source = Application Error | ID = 1000
    Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
    faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

    Error - 7/18/2012 10:42:28 PM | Computer Name = GLEN-F50AB654EA | Source = Application Hang | ID = 1002
    Description = Hanging application photohse.exe, version 3.199.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 7/18/2012 10:43:12 PM | Computer Name = GLEN-F50AB654EA | Source = Application Hang | ID = 1002
    Description = Hanging application photohse.exe, version 3.199.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 7/18/2012 10:48:23 PM | Computer Name = GLEN-F50AB654EA | Source = Application Hang | ID = 1002
    Description = Hanging application msiexec.exe, version 3.1.4001.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 7/18/2012 11:54:38 PM | Computer Name = GLEN-F50AB654EA | Source = Application Hang | ID = 1002
    Description = Hanging application intro.exe, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 7/19/2012 12:57:39 PM | Computer Name = GLEN-F50AB654EA | Source = Application Error | ID = 1000
    Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
    faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.

    Error - 7/19/2012 12:58:36 PM | Computer Name = GLEN-F50AB654EA | Source = Application Error | ID = 1001
    Description = Fault bucket -1248593725.

    [ System Events ]
    Error - 7/20/2012 1:26:37 PM | Computer Name = GLEN-F50AB654EA | Source = Service Control Manager | ID = 7000
    Description = The Advanced SystemCare Service 5 service failed to start due to the
    following error: %%2

    Error - 7/20/2012 1:26:37 PM | Computer Name = GLEN-F50AB654EA | Source = Service Control Manager | ID = 7000
    Description = The IMF Service service failed to start due to the following error:
    %%2

    Error - 7/21/2012 11:49:10 AM | Computer Name = GLEN-F50AB654EA | Source = Service Control Manager | ID = 7000
    Description = The Advanced SystemCare Service 5 service failed to start due to the
    following error: %%2

    Error - 7/21/2012 11:49:10 AM | Computer Name = GLEN-F50AB654EA | Source = Service Control Manager | ID = 7000
    Description = The IMF Service service failed to start due to the following error:
    %%2

    Error - 7/21/2012 11:50:50 AM | Computer Name = GLEN-F50AB654EA | Source = DCOM | ID = 10010
    Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
    with DCOM within the required timeout.

    Error - 7/21/2012 1:25:14 PM | Computer Name = GLEN-F50AB654EA | Source = Service Control Manager | ID = 7000
    Description = The Advanced SystemCare Service 5 service failed to start due to the
    following error: %%2

    Error - 7/21/2012 1:25:14 PM | Computer Name = GLEN-F50AB654EA | Source = Service Control Manager | ID = 7000
    Description = The IMF Service service failed to start due to the following error:
    %%2

    Error - 7/21/2012 2:03:00 PM | Computer Name = GLEN-F50AB654EA | Source = Service Control Manager | ID = 7000
    Description = The Advanced SystemCare Service 5 service failed to start due to the
    following error: %%2

    Error - 7/21/2012 2:03:00 PM | Computer Name = GLEN-F50AB654EA | Source = Service Control Manager | ID = 7000
    Description = The IMF Service service failed to start due to the following error:
    %%2

    Error - 7/21/2012 2:04:15 PM | Computer Name = GLEN-F50AB654EA | Source = DCOM | ID = 10010
    Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
    with DCOM within the required timeout.


    < End of report >
     
  14. Mara

    Mara Registered Members

    Joined:
    Jun 20, 2009
    Messages:
    2,261
    Location:
    British Columbia, Canada
    Operating System:
    Windows XP Home
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-21 19:19:55
    -----------------------------
    19:19:55.559 OS Version: Windows 5.1.2600 Service Pack 3
    19:19:55.559 Number of processors: 2 586 0x404
    19:19:55.559 ComputerName: GLEN-F50AB654EA UserName: Glen
    19:20:00.934 Initialize success
    19:20:46.403 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
    19:20:46.403 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
    19:20:46.434 Disk 0 MBR read successfully
    19:20:46.434 Disk 0 MBR scan
    19:20:46.450 Disk 0 Windows XP default MBR code
    19:20:46.465 Disk 0 Partition 1 00 12 Compaq diag NTFS 7169 MB offset 63
    19:20:46.481 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 469760 MB offset 14683410
    19:20:46.497 Disk 0 scanning sectors +976752000
    19:20:46.606 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:20:55.231 Service scanning
    19:21:07.278 Modules scanning
    19:21:26.512 Disk 0 trace - called modules:
    19:21:26.653 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    19:21:26.668 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac01ab8]
    19:21:27.106 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8ac09f18]
    19:21:27.122 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8ac36940]
    19:21:27.137 Scan finished successfully
    19:21:51.965 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Glen\Desktop\MBR.dat"
    19:21:52.012 The log file has been saved successfully to "C:\Documents and Settings\Glen\Desktop\aswMBR SCAN RESULTS.txt"
     
  15. Mara

    Mara Registered Members

    Joined:
    Jun 20, 2009
    Messages:
    2,261
    Location:
    British Columbia, Canada
    Operating System:
    Windows XP Home
    Hope I did these correctly - and equally hope they show the poor computer really is 'clean' now.

    Thank you!
     
  16. Mara

    Mara Registered Members

    Joined:
    Jun 20, 2009
    Messages:
    2,261
    Location:
    British Columbia, Canada
    Operating System:
    Windows XP Home
    While rummaging around and checking 'drivers' to see if they needed updates, found the part of computer called 'Event Viewer' ... and wonder if these mean anything?

    Only 'captured' four but there are many 'red' ones (like the ones I captured) and also yellow ones ... but perhaps these are normal in one's computer?
    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]
     
  17. etavares

    etavares Malware Removal Specialist - Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Those last few screenshots helped a ton. One of the faulting applications is a converter of animated GIF images to flash video. That may explain the issues. Please go to add/remove programs and remove this program:
    [background=rgb(252, 252, 252)]Gif2swf[/background]

    Then, reboot and let me know how your computer is running.

    While you're at it, I strongly suggest you uninstall IOBit at the same time. They were caught stealing Malwarebytes' Anti-Malware's virus definition a few years ago and most security folks classify it as a rogue program as a result....e.g. not trustworthy. I can provide a link for you to read if you're unsure. Since you have Avira and MBAM installed and running anyway, having an extra one will only slow down your system, give you false positives and not provide any extra protection.

    -etavares
     
  18. Mara

    Mara Registered Members

    Joined:
    Jun 20, 2009
    Messages:
    2,261
    Location:
    British Columbia, Canada
    Operating System:
    Windows XP Home
    Used Revo Uninstall to get rid of Gif2swf and yahooo, my video on computer played 'in sync' rather than being all choppy - thank you, thank you!!

    I'd noticed that IOBit came in two parts ...one sort of a general 'tune-up' for computer( and nope, I never ever let it touch the registry - grin) and the other part, an antivirus. Only used the former part (or at least I thought I was) but was quite happy to delete the entire program from my computer - so poof, it's gone too.

    Your help has been lovely and I thank you ever so much, etavares!
     
  19. etavares

    etavares Malware Removal Specialist - Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    You had a few IOBit software...Advanced SystemCare 4, Advanced SystemCare 5, and lastly: IOBit Malware Fighter.
    Also, you have two versions of Java installed...the current version, and an old one. I recommend that you remove [background=rgb(252, 252, 252)] Java™ 6 Update 29.[/background]

    Finally, you have some "foistware" called SearchSettings. We would have to remove manually...see here for information:
    http://www.systemlookup.com/Startup/10841-SearchSettings_exe.html

    Please let me know if you want me to share a script to remove it.

    And, glad to hear the video is back to normal. :) You can reinstall any Adobe products you removed.

    -etavares
     
  20. Mara

    Mara Registered Members

    Joined:
    Jun 20, 2009
    Messages:
    2,261
    Location:
    British Columbia, Canada
    Operating System:
    Windows XP Home
    I just uninstalled the old Java ... and yes, I'd be so pleased to get rid of the 'search settings' thingie. Honest to goodness, I don't know how I get all this unwanted stuff - drat!

    Perhaps that (the 'search settings') and some of the other start-up programs are why the poor computer keeps reverted to a 'slug'. I do have 'Scotty' and although it has a 'start up section' where on is supposed to be able to stop certain programs from running all the time, every time I boot the computer, poof!, they start up once again.

    Thank you again for your help - I really do appreciate it!
     

Share This Page