Inactive Windows shuts down in 1 minute - Virus?

Sorry, I forgot to put . . . . I did the restart and it was just as originally, giving the "Windows needs to restart as the plug and play service has terminated"

It restarts and here is the infinate loop.

I'm not sure what this plug & play thing is or why it won't run but it wont.

thanks again, thus far . . . .
 
Tried safe Mode and was just as before . . . .

When loading, stalls on windows\system32\drivers\CLASSPNP.sys

then comes up with windows password screen, I input the password and it gived a black desktop, with the Safe Mode warnings in the 4 corners, then it stalls then brings up a blue windows screen, like it's going to load up the desktop but then it states "windows will now shutdown" . . . . and it does!
 
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)
Alternate download: http://ottools.noahdfear.net/OTLPEStd.exe

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


[*]Press Run Scan to start the scan.
[*]When finished, the file will be saved in drive C:\OTL.txt
[*]Copy this file to your USB drive if you do not have internet connection on this system
[*]Please post the contents of the OTL.txt file in your reply.
[/list]
 
Couldn't resist trying as the whole thing is driving me mad!

It booted up ok into the REATOGO-X-PE desktop and had web acces but none of the Techspot pages would load! (Other regular stuff on Google work oK)

I'm going to try via notepad etc, using copied instructions.
will report . . . .
 
After leaving it scanning all night, I discovered that it had been scanning the D: Drive (Wrong one!)

I'm now going ot try again but will have to try and re-assign drive letters because my affected Drive is on a partitioned HD.

also couldn't find the log file anywhere!

Will report later . . . .
 
Got it to run on the affected drive, which I'd re-assigned to C:\
Here's the LOG:

OTL logfile created on: 5/28/2013 1:48:16 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.72 Gb Total Space | 10.58 Gb Free Space | 7.74% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Z: | 96.16 Gb Total Space | 4.50 Gb Free Space | 4.68% Space Free | Partition Type: NTFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/15 12:47:23 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 07:00:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/09 23:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/09 14:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/13 09:48:46 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/09/15 04:27:06 | 000,068,096 | ---- | M] () [On_Demand] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2011/10/09 06:09:06 | 002,326,920 | ---- | M] (Acronis) [Auto] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/03/18 09:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/15 06:51:40 | 000,017,408 | ---- | M] () [Auto] -- C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe -- (iReboot)
SRV - [2009/09/12 11:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/02/09 07:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/22 07:23:28 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/04/22 07:23:28 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/04/22 07:23:28 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/09/17 09:15:10 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/09/17 09:15:10 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/08/02 10:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/19 12:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/01/02 15:03:51 | 000,262,144 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MarvinBus64.sys -- (MarvinBus)
DRV:64bit: - [2011/10/09 06:09:07 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/10/09 06:09:05 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2011/10/09 06:09:05 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/10/09 06:08:55 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/06/10 01:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/04 16:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/13 20:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 20:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 20:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2005/03/28 20:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006/11/01 19:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\SysWOW64\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\FRAZ_ON_C\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=DE81BCAEC53EDB5B
IE - HKU\FRAZ_ON_C\Software\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\FRAZ\Downloads\3 Mobile Drivers
IE - HKU\FRAZ_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKU\FRAZ_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\FRAZ_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\FRAZ_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 E5 85 F1 3A 99 CC 01 [binary data]
IE - HKU\FRAZ_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\FRAZ_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0





========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=DE81BCAEC53EDB5B"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/04/22 07:23:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/04/22 07:23:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/04/22 07:23:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/04/22 07:23:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/04/22 07:23:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 07:00:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/10 07:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FRAZ\AppData\Roaming\Mozilla\Extensions
[2013/04/22 09:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\extensions
[2013/04/22 09:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\extensions\ffxtlbr@babylon.com
[2013/04/22 09:33:33 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\extensions\ffxtlbr@delta.com
[2013/04/30 03:47:55 | 000,006,473 | ---- | M] () -- C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\searchplugins\babylon.xml
[2013/04/30 03:47:55 | 000,006,473 | ---- | M] () -- C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\searchplugins\BrowserProtect.xml
[2013/04/22 09:33:33 | 000,001,294 | ---- | M] () -- C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\searchplugins\delta.xml
[2013/03/08 07:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2013/03/08 07:00:38 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/22 09:33:26 | 000,006,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/10/24 13:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/05 09:09:52 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/10/09 08:06:13 | 000,000,857 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No CLSID value found.
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - File not found
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
O3:64bit: - HKU\FRAZ_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\FRAZ_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\FRAZ_ON_C\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
O4:64bit: - HKLM..\Run: [ACPW06EN] C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [ACPW05EN] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Sweetpacks Communicator] File not found
O4 - HKU\FRAZ_ON_C..\Run: [EPSON Stylus Photo R220 Series] File not found
O4 - HKU\FRAZ_ON_C..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\FRAZ_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\FRAZ_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentProgForNewUserInStartMenu = 1
O7 - HKU\FRAZ_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoResize = 1
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\UpdatusUser_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\W\Shell - "" = AutoRun
O33 - MountPoints2\W\Shell\AutoRun\command - "" = W:\autorun.exe
O33 - MountPoints2\Y\Shell - "" = AutoRun
O33 - MountPoints2\Y\Shell\AutoRun\command - "" = Y:\autorun.bat
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CONTINUED IN NEXT POST . . . .
 
LOG CONTINUED FROM LAST POST:

NetSvcs:64bit: AppMgmt - C:\Windows\System32\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.ACDV - ACDV.dll File not found
Drivers32:64bit: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\SysWow64\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/05/25 02:58:25 | 001,878,472 | ---- | C] (Farbar) -- C:\Users\FRAZ\Desktop\FRST64.exe
[2013/05/23 14:40:54 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/23 14:14:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/23 09:40:58 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\FRAZ\Desktop\tdsskiller.exe
[2013/05/23 09:24:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/23 09:24:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/23 09:20:42 | 000,321,416 | ---- | C] (ESET) -- C:\ESETSirefefCleaner.exe
[2013/05/17 14:11:02 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/05/16 09:21:34 | 000,000,000 | ---D | C] -- C:\Users\FRAZ\Desktop\family photos spain
[2013/05/12 19:03:57 | 000,000,000 | ---D | C] -- C:\Users\FRAZ\Desktop\Panasonic Camcorder photo test
[2013/05/12 18:54:54 | 000,000,000 | ---D | C] -- C:\Users\FRAZ\Desktop\FashionRingtones
[2013/05/12 11:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2013/05/12 11:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune
[2013/05/11 07:29:53 | 000,000,000 | ---D | C] -- C:\Users\FRAZ\Desktop\moby northern
[2013/05/11 04:54:19 | 000,000,000 | ---D | C] -- C:\Users\FRAZ\Documents\Adobe
[2013/05/11 04:36:10 | 000,000,000 | ---D | C] -- C:\Users\FRAZ\Desktop\Adobe
[2013/05/09 03:17:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/05/09 03:17:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/05/07 09:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD YouTube Downloader & Converter
[2013/05/07 09:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD YouTube Downloader & Converter
[2013/04/30 05:44:26 | 000,000,000 | ---D | C] -- C:\Users\FRAZ\AppData\Roaming\DVDVideoSoft
[2013/04/30 05:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/04/30 05:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

========== Files - Modified Within 30 Days ==========

[2013/05/27 16:10:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/23 09:40:58 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\FRAZ\Desktop\tdsskiller.exe
[2013/05/23 09:12:58 | 000,321,416 | ---- | M] (ESET) -- C:\ESETSirefefCleaner.exe
[2013/05/23 06:17:52 | 001,878,472 | ---- | M] (Farbar) -- C:\Users\FRAZ\Desktop\FRST64.exe
[2013/05/17 14:30:51 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys
[2013/05/17 14:27:44 | 001,162,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2013/05/17 14:25:37 | 001,065,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2013/05/17 04:57:50 | 000,015,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/17 04:57:49 | 000,015,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/17 04:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/16 18:46:34 | 000,102,507 | ---- | M] () -- C:\Users\FRAZ\Desktop\Orange Bill 3013 May.pdf
[2013/05/15 12:47:23 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 12:47:23 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/14 09:08:40 | 000,589,306 | ---- | M] () -- C:\Users\FRAZ\Desktop\Parking Confirmation.jpg
[2013/05/14 08:50:58 | 000,472,611 | ---- | M] () -- C:\Users\FRAZ\Desktop\Booking Confirmation.jpg
[2013/05/13 02:50:31 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/13 02:50:31 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/12 18:57:16 | 004,163,765 | ---- | M] () -- C:\Users\FRAZ\Desktop\2011-02-10 Kaya 05a.jpg
[2013/05/12 18:50:51 | 000,772,314 | ---- | M] () -- C:\Users\FRAZ\Desktop\2011-02-10 Kaya 05.jpg
[2013/05/12 14:09:01 | 003,077,984 | ---- | M] () -- C:\Users\FRAZ\Desktop\20130512_190901.jpg
[2013/05/12 14:08:52 | 003,057,419 | ---- | M] () -- C:\Users\FRAZ\Desktop\H fish.jpg
[2013/05/12 14:08:36 | 002,865,393 | ---- | M] () -- C:\Users\FRAZ\Desktop\20130512_190836.jpg
[2013/05/12 14:08:12 | 002,964,295 | ---- | M] () -- C:\Users\FRAZ\Desktop\20130512_190812.jpg
[2013/05/12 14:07:49 | 002,756,795 | ---- | M] () -- C:\Users\FRAZ\Desktop\20130512_190749.jpg
[2013/05/12 14:06:59 | 003,033,943 | ---- | M] () -- C:\Users\FRAZ\Desktop\20130512_190659.jpg
[2013/05/12 14:04:29 | 002,834,313 | ---- | M] () -- C:\Users\FRAZ\Desktop\H TV.jpg
[2013/05/12 13:56:47 | 003,486,106 | ---- | M] () -- C:\Users\FRAZ\Desktop\H Plane.jpg
[2013/05/12 11:04:36 | 000,000,952 | ---- | M] () -- C:\Users\FRAZ\Desktop\HD Tune.lnk
[2013/05/12 11:04:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2013/05/11 04:48:29 | 000,002,097 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.3 64-bit.lnk
[2013/05/11 04:48:29 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
[2013/05/10 18:17:18 | 003,021,693 | ---- | M] () -- C:\Users\FRAZ\Desktop\H Sleep.jpg
[2013/05/10 13:58:11 | 001,986,643 | ---- | M] () -- C:\Users\FRAZ\Desktop\20130510_185811_LLS.jpg
[2013/05/10 12:35:21 | 002,625,169 | ---- | M] () -- C:\Users\FRAZ\Desktop\20130510_173521.jpg
[2013/05/07 09:30:25 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
[2013/05/07 09:30:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD YouTube Downloader & Converter
[2013/05/03 18:58:28 | 009,093,237 | ---- | M] () -- C:\Users\FRAZ\Desktop\20130503_235820.mp4
[2013/05/03 18:05:02 | 245,591,627 | ---- | M] () -- C:\Users\FRAZ\Desktop\20130503_230306.mp4
[2013/05/03 18:02:54 | 071,031,828 | ---- | M] () -- C:\Users\FRAZ\Desktop\20130503_230220.mp4
[2013/04/30 05:44:33 | 000,001,265 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013/04/30 05:44:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/04/30 05:44:32 | 000,001,388 | ---- | M] () -- C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
[2013/04/30 05:22:21 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

========== Files Created - No Company Name ==========

[2013/05/16 18:46:34 | 000,102,507 | ---- | C] () -- C:\Users\FRAZ\Desktop\Orange Bill 3013 May.pdf
[2013/05/14 09:08:39 | 000,589,306 | ---- | C] () -- C:\Users\FRAZ\Desktop\Parking Confirmation.jpg
[2013/05/14 08:50:58 | 000,472,611 | ---- | C] () -- C:\Users\FRAZ\Desktop\Booking Confirmation.jpg
[2013/05/12 18:57:16 | 004,163,765 | ---- | C] () -- C:\Users\FRAZ\Desktop\2011-02-10 Kaya 05a.jpg
[2013/05/12 18:50:51 | 000,772,314 | ---- | C] () -- C:\Users\FRAZ\Desktop\2011-02-10 Kaya 05.jpg
[2013/05/12 14:15:53 | 002,625,169 | ---- | C] () -- C:\Users\FRAZ\Desktop\20130510_173521.jpg
[2013/05/12 14:10:18 | 003,077,984 | ---- | C] () -- C:\Users\FRAZ\Desktop\20130512_190901.jpg
[2013/05/12 14:10:18 | 003,057,419 | ---- | C] () -- C:\Users\FRAZ\Desktop\H fish.jpg
[2013/05/12 14:10:17 | 002,964,295 | ---- | C] () -- C:\Users\FRAZ\Desktop\20130512_190812.jpg
[2013/05/12 14:10:17 | 002,865,393 | ---- | C] () -- C:\Users\FRAZ\Desktop\20130512_190836.jpg
[2013/05/12 14:10:17 | 002,756,795 | ---- | C] () -- C:\Users\FRAZ\Desktop\20130512_190749.jpg
[2013/05/12 14:10:16 | 003,033,943 | ---- | C] () -- C:\Users\FRAZ\Desktop\20130512_190659.jpg
[2013/05/12 14:10:16 | 002,834,313 | ---- | C] () -- C:\Users\FRAZ\Desktop\H TV.jpg
[2013/05/12 14:01:34 | 003,486,106 | ---- | C] () -- C:\Users\FRAZ\Desktop\H Plane.jpg
[2013/05/12 13:56:00 | 003,021,693 | ---- | C] () -- C:\Users\FRAZ\Desktop\H Sleep.jpg
[2013/05/12 13:56:00 | 001,986,643 | ---- | C] () -- C:\Users\FRAZ\Desktop\20130510_185811_LLS.jpg
[2013/05/12 11:04:36 | 000,000,952 | ---- | C] () -- C:\Users\FRAZ\Desktop\HD Tune.lnk
[2013/05/11 07:29:36 | 009,093,237 | ---- | C] () -- C:\Users\FRAZ\Desktop\20130503_235820.mp4
[2013/05/11 07:29:18 | 245,591,627 | ---- | C] () -- C:\Users\FRAZ\Desktop\20130503_230306.mp4
[2013/05/11 07:29:11 | 071,031,828 | ---- | C] () -- C:\Users\FRAZ\Desktop\20130503_230220.mp4
[2013/05/11 04:48:29 | 000,002,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.3 64-bit.lnk
[2013/05/11 04:48:29 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.3 64-bit.lnk
[2013/05/07 09:30:25 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
[2013/04/30 05:44:33 | 000,001,265 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013/04/30 05:44:32 | 000,001,388 | ---- | C] () -- C:\Users\Public\Desktop\Free Video Flip and Rotate.lnk
[2013/04/22 10:27:40 | 000,114,176 | ---- | C] () -- C:\Users\FRAZ\AppData\Roaming\BabMaint.exe
[2013/02/05 05:10:58 | 000,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2013/01/19 07:18:55 | 000,007,605 | ---- | C] () -- C:\Users\FRAZ\AppData\Local\Resmon.ResmonCfg
[2012/12/16 09:23:09 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/12/16 09:23:09 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/12/16 09:23:09 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/12/16 09:23:09 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/12/16 09:23:09 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/12/16 09:23:09 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/12/16 09:23:09 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/12/16 09:23:09 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/12/16 09:23:09 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/12/16 09:23:09 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/12/16 09:23:09 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/12/16 09:23:09 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/12/16 09:23:09 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/12/16 09:23:09 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/12/16 09:23:09 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/12/16 09:23:09 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/11/19 06:51:31 | 000,081,920 | -H-- | C] () -- C:\Windows\SysWow64\v3shrtkgn.dll
[2012/09/27 08:00:11 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/09/27 08:00:11 | 000,421,888 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2012/09/27 08:00:11 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/09/27 08:00:11 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/09/27 08:00:10 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2011/10/09 10:46:39 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini
[2011/10/09 10:37:48 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\macd32.dll
[2011/10/09 10:37:48 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll
[2011/10/09 10:37:48 | 000,136,192 | ---- | C] () -- C:\Windows\SysWow64\mamc32.dll
[2011/10/09 10:37:48 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\masd32.dll
[2011/10/09 10:37:48 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll
[2011/10/09 07:03:02 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2011/10/09 07:02:47 | 000,200,704 | ---- | C] () -- C:\Program Files (x86)\BorisFXUI.fex
[2011/10/09 07:02:47 | 000,000,614 | ---- | C] () -- C:\Program Files (x86)\BorisGraffitiUI.xml
[2011/10/09 04:46:56 | 000,147,456 | ---- | C] () -- C:\Users\FRAZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:11:58 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\mscpxl32.dLL
[2009/07/13 20:11:54 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\mscpx32r.dLL
[2009/07/13 20:05:43 | 000,465,408 | ---- | C] () -- C:\Windows\SysWow64\psisdecd.dll
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:53:35 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\napdsnap.dll
[2009/07/13 19:44:08 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\mtxlegih.dll
[2009/07/13 19:44:08 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\mtxdm.dll
[2009/07/13 19:44:07 | 000,006,656 | ---- | C] () -- C:\Windows\SysWow64\mtxex.dll
[2009/07/13 19:43:46 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\comcat.dll
[2009/07/13 19:42:47 | 000,126,464 | ---- | C] () -- C:\Windows\SysWow64\advpack.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 19:41:26 | 000,288,256 | ---- | C] () -- C:\Windows\SysWow64\eudcedit.exe
[2009/07/13 19:38:09 | 000,260,608 | ---- | C] () -- C:\Windows\SysWow64\adsnt.dll
[2009/07/13 19:38:02 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\adsmsext.dll
[2009/07/13 19:36:56 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\IDStore.dll
[2009/07/13 19:34:12 | 000,186,880 | ---- | C] () -- C:\Windows\SysWow64\pku2u.dll
[2009/07/13 19:33:37 | 000,271,872 | ---- | C] () -- C:\Windows\SysWow64\CertEnrollUI.dll
[2009/07/13 19:29:35 | 000,229,888 | ---- | C] () -- C:\Windows\SysWow64\mycomput.dll
[2009/07/13 19:25:19 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\muifontsetup.dll
[2009/07/13 19:13:34 | 000,070,656 | ---- | C] () -- C:\Windows\SysWow64\MuiUnattend.exe
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:04:02 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\msxbde40.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/05/29 08:17:22 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SageEventHandler.exe
[2008/05/29 08:16:36 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\SGCtrlEx.dll
[2008/05/29 08:16:32 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\SageFolderBrowser.dll
[2008/05/29 08:16:30 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\SGTBAR32.DLL
[2008/05/29 08:16:28 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\SGSTAT32.DLL
[2008/05/29 08:16:26 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\SGLOGO32.DLL
[2008/05/29 08:16:24 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\SGJPEG32.dll
[2008/05/29 08:16:20 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\SGCDLG32.DLL
[2008/05/29 08:16:14 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\SGList32.dll
[2008/05/29 08:16:10 | 000,278,528 | ---- | C] () -- C:\Windows\SysWow64\SGTool32.dll
[2008/05/29 08:16:06 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\SGIntl32.dll
[2008/05/29 08:16:04 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SGHelp32.dll
[2008/05/29 08:16:04 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\SGDt32.dll
[2008/05/29 08:16:02 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\SGAPPBAR.DLL
[2008/05/29 08:16:00 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\SGSchemeXml.dll
[2008/05/29 08:16:00 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\SG3D32.DLL
[2008/05/29 08:15:52 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\SGSchemeXP.dll
[2008/05/29 08:15:50 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\SGSchemeDefault.dll
[2008/05/29 08:15:46 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\SGSchemeManager.dll
[2008/05/29 08:15:40 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\SGCom32.dll
[2008/05/29 08:15:08 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\SGSTDREG.dll
[2008/05/29 08:15:06 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\SGRegister.dll
[2008/05/29 08:15:04 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\SGWebBrowser.dll
[2006/11/01 11:41:24 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\SGLCH32.DLL
[2006/11/01 11:41:16 | 001,712,128 | ---- | C] () -- C:\Windows\SysWow64\SGRep32.dll
[2006/11/01 10:50:40 | 000,126,976 | ---- | C] () -- C:\Windows\SysWow64\PDFInstall.exe
[2003/12/01 08:31:51 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2003/12/01 08:31:51 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003/12/01 08:31:51 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2003/12/01 08:31:51 | 000,001,203 | ---- | C] () -- C:\Windows\SAGEINTL.INI
[2003/12/01 08:31:51 | 000,000,179 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2003/12/01 08:31:51 | 000,000,129 | ---- | C] () -- C:\Windows\ODBC.INI
[2003/12/01 08:31:51 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2002/04/16 06:27:54 | 000,000,005 | ---- | C] () -- C:\Windows\SysWow64\CdI5T.drv
[1998/03/25 20:12:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\SgHmZLib.dll

========== LOP Check ==========

[2011/10/09 04:44:48 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\ACD Systems
[2011/10/09 06:30:52 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\Acronis
[2011/10/09 04:36:56 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\AnvSoft
[2013/04/22 09:33:36 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\BabSolution
[2013/04/22 09:33:19 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\Babylon
[2011/10/09 07:03:20 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\DAEMON Tools Lite
[2013/01/15 19:01:24 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\Digiarty
[2013/04/30 05:44:37 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\DVDVideoSoft
[2012/09/15 04:36:59 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/12/16 10:28:50 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\Epson
[2012/12/14 17:31:29 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\GARMIN
[2011/10/08 19:18:40 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\Genie-Soft
[2013/02/07 02:34:45 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\GinyasBrowserCompanion
[2012/11/16 17:29:33 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\ImgBurn
[2012/12/17 18:27:26 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\ImTOO
[2011/10/08 19:22:39 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\JAM Software
[2013/04/12 05:49:27 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\Mp3tag
[2013/02/05 05:10:58 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\MyFamily.com
[2011/10/09 10:57:43 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\proDAD
[2012/01/02 14:24:14 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\Serif
[2013/05/27 14:24:51 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\uTorrent
[2012/10/08 16:32:14 | 000,000,000 | ---D | M] -- C:\ProgramData\ACD Systems
[2011/10/09 06:15:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Acronis
[2013/03/05 20:08:22 | 000,000,000 | ---D | M] -- C:\ProgramData\APN
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/04/22 09:33:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2011/10/09 04:23:29 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2012/12/16 09:23:01 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/10/09 11:32:31 | 000,000,000 | ---D | M] -- C:\ProgramData\GARMIN
[2011/10/08 19:19:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Genie-Soft
[2012/12/17 18:25:46 | 000,000,000 | ---D | M] -- C:\ProgramData\ImTOO
[2011/10/09 10:39:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle
[2011/10/09 10:40:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle Studio
[2011/10/09 11:08:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle Studio Plus
[2011/10/09 06:57:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle Studio Ultimate Collection
[2011/10/09 08:10:55 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/10/09 04:53:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Sage
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/10/09 11:08:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Studio 14
[2012/12/10 11:21:48 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM
[2012/11/19 13:53:22 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2013/05/07 09:30:29 | 000,000,000 | ---D | M] -- C:\ProgramData\YTD YouTube Downloader & Converter
[2013/02/05 07:25:07 | 000,000,000 | -H-D | M] -- C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
[2013/05/27 14:23:02 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/10/09 10:57:19 | 000,902,736 | ---- | M] () -- C:\adorage-protocol.txt
[2012/11/06 12:25:49 | 000,000,043 | ---- | M] () -- C:\END
[2013/05/23 09:12:58 | 000,321,416 | ---- | M] (ESET) -- C:\ESETSirefefCleaner.exe
[2013/01/27 11:37:53 | 000,018,208 | ---- | M] () -- C:\formatter.log
[2013/05/27 16:09:02 | 4292,927,487 | -HS- | M] () -- C:\pagefile.sys
[2003/12/01 08:31:51 | 000,000,485 | ---- | M] () -- C:\sghmmail.ECF
[2013/05/23 09:56:18 | 000,143,404 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_23.05.2013_14.55.07_log.txt
[2013/05/23 09:59:08 | 000,011,980 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_23.05.2013_14.58.43_log.txt
[2013/05/27 18:21:04 | 000,003,946 | ---- | M] () -- C:\Z - WINDOWS RECOVERY.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

Invalid Environment Variable: %APPDATA%\Adobe\Update\*.*

Invalid Environment Variable: %ALLUSERSPROFILE%\Favorites\*.*

Invalid Environment Variable: %APPDATA%\Microsoft\*.*

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

Invalid Environment Variable: %APPDATA%\Update\*.*

< %systemroot%\*. /mp /s >

< CREATERESTOREPOINT >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

Invalid Environment Variable: %ALLUSERSPROFILE%\Start Menu\*.lnk

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

Invalid Environment Variable: %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk

Invalid Environment Variable: %USERPROFILE%\Desktop\*.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2013/05/17 04:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/27 14:23:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013/05/27 14:23:02 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

Invalid Environment Variable: %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

Invalid Environment Variable: %USERPROFILE%\My Documents\*.exe

Invalid Environment Variable: %USERPROFILE%\*.exe

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2013/03/02 08:44:24 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2013/03/02 08:44:24 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2013/01/28 20:49:58 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2013/01/28 20:49:58 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2013/03/02 08:44:24 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

Invalid Environment Variable: %USERPROFILE%\Favorites\*.url

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

Invalid Environment Variable: %ALLUSERSPROFILE%\*.dat

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

Invalid Environment Variable: %USERPROFILE%\Cookies\*.txt

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

Invalid Environment Variable: %AppData%\Microsoft\Installer\msupdates\*.*

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 464 bytes -> C:\Users\FRAZ\Desktop\LABEL - Parcel Address Label.ppp:SummaryInformation
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C5760A8B
< End of report >
 
I don't know if it's of any help but I last used the PC successfilly on 16th May 2013 on 17th, it showed the problem but I went away at approx mid-day on 17th until 11pm on 23rd (So it wasn't used during this period.)

Am I right in thinking that I also have the Babylon Virus, as it appears in Programdata?
 
I don't know if it's of any help but I last used the PC successfilly on 16th May 2013
According to FRST you last successful boot was on Last Boot: 2013-05-14 05:58
With our last fix we restored your computer to that date but it didn't work.

We'll try OTLPE fix but I don't really see anything there what would prevent this computer from booting.
We'll give it a shot anyway...

Do this on the computer you are posting from:
Copy the text in the codebox below:


Code:
:OTL
IE - HKU\FRAZ_ON_C\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
FF - prefs.js..browser.startup.homepage: "http://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=DE81BCAEC53EDB5B"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: File not found
IE - HKU\FRAZ_ON_C\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=DE81BCAEC53EDB5B
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
[2013/04/22 09:33:33 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\extensions\ffxtlbr@delta.com
[2013/04/22 09:33:33 | 000,001,294 | ---- | M] () -- C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\searchplugins\delta.xml
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
[2013/04/22 09:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\extensions\ffxtlbr@babylon.com
[2013/04/30 03:47:55 | 000,006,473 | ---- | M] () -- C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\searchplugins\babylon.xml
[2013/04/22 09:33:26 | 000,006,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No CLSID value found.
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - File not found
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
O3 - HKU\FRAZ_ON_C\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - File not found
O4 - HKLM..\Run: [Sweetpacks Communicator] File not found
O4 - HKU\FRAZ_ON_C..\Run: [EPSON Stylus Photo R220 Series] File not found
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin] File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll ()
O33 - MountPoints2\W\Shell - "" = AutoRun
O33 - MountPoints2\W\Shell\AutoRun\command - "" = W:\autorun.exe
O33 - MountPoints2\Y\Shell - "" = AutoRun
O33 - MountPoints2\Y\Shell\AutoRun\command - "" = Y:\autorun.bat
Drivers32:64bit: VIDC.ACDV - ACDV.dll File not found
Drivers32: VIDC.ACDV - ACDV.dll File not found
[2013/04/22 09:33:19 | 000,000,000 | ---D | M] -- C:\Users\FRAZ\AppData\Roaming\Babylon
[2013/04/22 09:33:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
@Alternate Data Stream - 464 bytes -> C:\Users\FRAZ\Desktop\LABEL - Parcel Address Label.ppp:SummaryInformation
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C5760A8B

:Services

:Reg

:Files

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Remove the CD and shut down computer manually.
  • Attempt to reboot normally into Windows.
 
I recall copying some music files to my phone on 16th May, for the holiday and also backing up my camera's SD Card. From the Log, I saw that Flash was updated on 16th or 17th, could that have brought something bad in?

Will try the above fix right now but I will not be able to post the log from the temp OS (That runs the OTLPE) as it will not connect to techspot site. I will post it from this drive, once I've done the above.
 
Hi.

It won't run!

Followed the instructions and OTLPE runs for about 2 seconds, then hangs. I left it for 10 minutes 1st attempt and Task Manager said "Not Responding"

I closed OTLPE down and re-started it and the same happened again but I left it for 30 minutes. It seems to hang in the same place.

The cursor works and all the other icons work but the OTLPE window can't be moved or accessed.
 
Yes, the OTL fix from REATOGO-X-PE desktop won't run.

I re-assigned drive letters etc, as before, so C:| is my affected drive.

OTL starts up ok, the fix text appears in the lower window as expected and when I click "Run Fix", that's when it hangs, 2 seconds later.
 
Just a thought but the affected os comes up with the "Windows will restart . . " warning at about the same time as my Kaspersky would normally appear in the taskbar, after having loaded. Kaspersky doesn't have time to appear and there is the spinning circle over the LAN connection icon - then it all shuts down.

Don't know if this is at all relevent?
 
Here is the bottom line when it hangs:

"Processing O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\"


It seems to be a shortened version of the line in the fix text:
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)

"Delta Search" is something that suddenly popped up a few days before the pc all went wrong. Don't know where it came from and like Sweetpacks, I don't want it. Delta Search replaced my Google search, which happened automatically, without my knowledge of how it happened.
 
Done but still windows shuts down!

Followed your instructions to the letter.

New message says" You are about to be logged off" "Windows must restart because the DCOM Server Process Launcher service terminated unexpectedly"

Here's the LOG created:

========== OTL ==========
Registry value HKEY_USERS\FRAZ_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
Prefs.js: "http://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=DE81BCAEC53EDB5B" removed from browser.startup.homepage
Prefs.js: "Delta Search" removed from browser.search.selectedEngine
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
HKU\FRAZ_ON_C\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Folder C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\extensions\ffxtlbr@delta.com\ not found.
File C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\searchplugins\delta.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}\ deleted successfully.
File C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll not found.
C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\FRAZ\AppData\Roaming\Mozilla\Firefox\Profiles\usfkuo0s.default\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549B5CA7-4A86-11D7-A4DF-000874180BB3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry value HKEY_USERS\FRAZ_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
Registry key HKEY_USERS\FRAZ_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\UpdatusUser_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\\Security Packages:pku2u deleted successfully.
C:\Windows\SysWOW64\pku2u.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\W\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\W\ not found.
File W:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Y\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Y\ not found.
File Y:\autorun.bat not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\Drivers32 VIDC.ACDV not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.ACDV deleted successfully.
C:\Users\FRAZ\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
ADS C:\Users\FRAZ\Desktop\LABEL - Parcel Address Label.ppp:SummaryInformation deleted successfully.
ADS C:\ProgramData\TEMP:C5760A8B deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 05292013_002046
 
Back