Sign in with
Sign up | Sign in
Your question

Cannot access Safe Mode; 'Open With' virus blocking

Last response: in Windows XP
Share
May 29, 2012 11:50:46 AM

I haven't been able to access Safe Mode for quite some time without being blocked from doing so by an 'Open With' prompt for EVERY program on the desktop - NO such problem in normal operating mode.....can anyone give me some advice as to just how I can restore my Safe Mode access? Thanks!
May 29, 2012 11:57:11 AM

.....I should clarify that I am able to access Safe Mode ITSELF - just none of the programs or software (the ability to run security scans being the biggest concern, of course) without the 'Open With' prompt preventing me from doing so.....
m
0
l
May 30, 2012 4:34:13 AM

you can boot off of a cd to scan your drives for viruses (virii?) with a free tool like AVG.
m
0
l
Related resources
May 30, 2012 4:48:53 AM

.....currently I have SuperAntiSpyware, Dr. Fix It (?) Malwarebytes (was my background filter) and, as of this morning, IObit (experimenting with it as the background for a while) - previously I've had AVG, Avast!, AdAware (desktop resources required were ridiculous, especially as I only have 18 GB total capacity on the C drive) and I've done a LOT of scans.....no matter what scans I run and quarantines I do, NOTHING fixes my persistent problem with Safe Mode - but I do appreciate your responding, nhasian!
m
0
l
a b 8 Security
May 30, 2012 4:57:14 AM


Hello and welcome to Tom's Hardware Forums.

Presumably in Safe Mode you're logging in with a different account - possibly the Administrator - and if that one has been messed with you could have a big problem. Go to http://www.dougknox.com and download Doug's exe flie fix from the XP Tips section of his site. Put i ton a memory stick and run it in Safe Mode to see if it re-enables the part of that User Account's Registry and lets programmes run properly.

Doug also publishes a fix for LNK files in case it's only your icons that have become disassociated, download that one as well. His fixes are safe to let loose in the Registry - I've been using them for years to fix my customers' systems.

m
0
l
June 6, 2012 12:21:01 AM

Hi, Saga - thanks for the recommendation but I don't completely follow some of the language - presuming you mean 'flash drive' when you refer to a 'memory stick'? If so, puts me at a disadvantage; this CPU is so old, there's no USB ports on it (at least not in the front, anyhow).....I've bookmarked Doug's page, but not sure what you're directing me to download of what's offered there. Also not up on what 'LNK files' are, although have a feeling I've seen that acronym before.....please clarify further? Thanks- again, MUCH appreciated! Jim






Saga Lout said:

Hello and welcome to Tom's Hardware Forums.

Presumably in Safe Mode you're logging in with a different account - possibly the Administrator - and if that one has been messed with you could have a big problem. Go to http://www.dougknox.com and download Doug's exe flie fix from the XP Tips section of his site. Put i ton a memory stick and run it in Safe Mode to see if it re-enables the part of that User Account's Registry and lets programmes run properly.

Doug also publishes a fix for LNK files in case it's only your icons that have become disassociated, download that one as well. His fixes are safe to let loose in the Registry - I've been using them for years to fix my customers' systems.


m
0
l
a b 8 Security
June 6, 2012 7:04:55 AM


If that machine has no USB Ports at all, you have to mesws around putting Doug's fixes on to floppy disks. If the system is XP there must - surely - be at least two USB ports on he back.

On the left hand side of the opening page at Doug's site, right click on XP Fixes then at the next screen, click File Association fixes. EXE file association fix and LNK fix are both in the list and you need - or may as well have - both, just in case.

The LNK fix just puts the Registry settings back to normal to make programmes start when you click on the Link or desktop icon.


m
0
l
June 6, 2012 12:11:36 PM

Thanks again, Saga - will download the 2 applications as recommended.....one thing, however: located a site called 'GeeksToGo' last night where it was similarly recommended to download something they called 'TheKiller', which I was informed would present in Task Manager as another 'explorer.exe'.....ran it and I think the process may be identical or similar to the LNK application (?) from your description; a Java message appeared after starting it that read, 'resetting file attributes. Please wait.....' and did not go away until I restarted the desktop but, that may be due to my RAM issues, I suspect.....

The thread I first accessed, appears in this link: http://www.geekstogo.com/forum/topic/308390-in-safe-mod...


.....is there any harm in running the LNK as well after using this other application he appears to have designed himself?

Jim











Saga Lout said:

If that machine has no USB Ports at all, you have to mesws around putting Doug's fixes on to floppy disks. If the system is XP there must - surely - be at least two USB ports on he back.

On the left hand side of the opening page at Doug's site, right click on XP Fixes then at the next screen, click File Association fixes. EXE file association fix and LNK fix are both in the list and you need - or may as well have - both, just in case.

The LNK fix just puts the Registry settings back to normal to make programmes start when you click on the Link or desktop icon.


m
0
l
a b 8 Security
June 6, 2012 6:50:26 PM



They aren't applications, Jim - merely Registry fixes which put things back the way they should be. I'm not so sure about the Geeks2Go thing but if it hasn't done any harm, I could be over-reacting. The reason for using the LNK fix as well was in case the icons were affected as well as the EXE files.

m
0
l
June 6, 2012 7:54:28 PM

.....think the proper term for them would be, 'executables' - just used 'applications' in a generic sense.....I'm inclined to agree with you that 'TheKiller' didn't do any harm, nor would it for me to run both of Doug's fixes.....do want to get it clear to myself, though: how and what exactly is it they do which will remedy my Safe Mode problem? Let you know how it went with my next reply and, again, MUCH appreciated, Saga!






Saga Lout said:


They aren't applications, Jim - merely Registry fixes which put things back the way they should be. I'm not so sure about the Geeks2Go thing but if it hasn't done any harm, I could be over-reacting. The reason for using the LNK fix as well was in case the icons were affected as well as the EXE files.


m
0
l
a b 8 Security
June 7, 2012 10:34:37 AM



Doug's fixes are basically text file that modifies the Registry to put right entries that have gone wrong, for whatever reason - usually malware attack.

Example - if malware creeps in and doesn't want you to be able to open Task Manager to close the programme, type regedit in the Open box to edit the threat out of the Registry or open Control Panel to get to Add or Remove Programmes. In your case, it's preventing Safe Mode from coming up so eth LNK fix might - only might, mind you, fix that.

Go into your Registry and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot

then post back the names of the Subkeys. Let's have a look at what's been going on in there.

Hopefully it won't have been disabled at Command Line level - I say hopefully because I can't remember how to put that right. :D 


m
0
l
June 14, 2012 12:58:06 AM

Hi again, Saga - have been working with someone over at Geeks-To-Go as I hadn't heard back from you in a bit; ran several different operations and have been sending him reports with each step - just got rid of 346MB in bad processes a few minutes ago, it appears - performance doesn't seemed to have improved appreciably but that may be due to NoScript being fully active again.....went into my Registry as directed by you but there are a LOT of different subkeys under both the Minimal and Network files/keys - is there any way to capture/grab them all at once and, correct if I'm wrong, but you want both the key/subkey names and descriptions in the Add Window to the right of them? Thanks again; any assistance has been much appreciated! Jim
m
0
l
July 10, 2012 12:01:49 AM

.....the experience with GeekstoGo was pretty much a nightmare; they were some of the most arrogant people I've ever encountered online but, as I say, they responded before anyone here did again.....I REALLY, really need help, if anyone here can give it. To bring Saga and anyone else aware of my circumstances up to speed, I installed SP3 for XP as well as Avast! after uninstalling Malwarebytes and SuperAntiSpyware at their behest; now have Revo in addition to CCleaner and did countless diagnostics tests/scans.....EXTREMELY limited space on the C drive:(  Latest problems: cannot save/attach/upload/download on Firefox 13 and Flash seems to have SERIOUS buffering issues or something with both it and Internet Explorer 8 (am aware that there are different mechanisms with the 2 servers; IE uses Active X and most others, a plug-in format.....uninstalled and reinstalled FF 13 as well as both Flashs and Java a few times over) Almost 3 GBs left on the C drive - not much more I can dump unless any of you know if Open Office can be customized to delete all but the most common functions such as word processing and spreadsheet (?) And by the way, 2 questions, if I may ask: where is the Refresh mechanism on Firefox now? Not in the View dropdown, and two, how exactly can I format IE 8 to have multiple tabs in a single browser window? Followed their instructions on multiple attempts and just cannot get it to work.....

Whatever assistance you can lend would be MOST appreciated - thanks again! Jim
m
0
l
July 10, 2012 12:07:40 AM

ogam5 said:
.....the experience with GeekstoGo was pretty much a nightmare; they were some of the most arrogant people I've ever encountered online but, as I say, they responded before anyone here did again.....I REALLY, really need help, if anyone here can give it. To bring Saga and anyone else aware of my circumstances up to speed, I installed SP3 for XP as well as Avast! after uninstalling Malwarebytes and SuperAntiSpyware at their behest; now have Revo in addition to CCleaner and did countless diagnostics tests/scans.....EXTREMELY limited space on the C drive:(  Latest problems: cannot save/attach/upload/download on Firefox 13 and Flash seems to have SERIOUS buffering issues or something with both it and Internet Explorer 8 (am aware that there are different mechanisms with the 2 servers; IE uses Active X and most others, a plug-in format.....uninstalled and reinstalled FF 13 as well as both Flashs and Java a few times over) Almost 3 GBs left on the C drive - not much more I can dump unless any of you know if Open Office can be customized to delete all but the most common functions such as word processing and spreadsheet (?) And by the way, 2 questions, if I may ask: where is the Refresh mechanism on Firefox now? Not in the View dropdown, and two, how exactly can I format IE 8 to have multiple tabs in a single browser window? Followed their instructions on multiple attempts and just cannot get it to work.....

Whatever assistance you can lend would be MOST appreciated - thanks again! Jim



Jim,

I can help you too if noone else can. let me know
m
0
l
July 10, 2012 12:22:58 AM

tdrake2406 said:
Jim,

I can help you too if noone else can. let me know



Definitely - MUCH appreciated!
m
0
l
July 10, 2012 12:36:35 AM

you can either call me or you could email me let me know what works for you
m
0
l
July 10, 2012 12:48:05 AM

.....are you Stateside? Would definitely prefer to talk on the phone.....is tomorrow night good? need to get some supper right now! What's your number, and THANKS!
m
0
l
July 13, 2012 2:01:05 AM

tdrake, are you still able to help me out of this predicament? Hadn't heard back from you to my last reply.....please get back to me as soon as you can? Thanks again!
m
0
l
a b 8 Security
July 13, 2012 7:11:05 AM



A recently joined poster with no known quality of advice wants to deal directly with you instead of sharing his wisdom with the wider Forum?

Steer well clear - if he can help, let him do it here. He can read what's gone before and if he has a solution, why does he not put it up here?

Sharing your phone number with unknown persons on the Net is not just risky for children!



m
0
l
July 13, 2012 10:22:24 AM

.....well, I've been known to be a trusting soul, Saga - but, advice taken.....are you still interested in assisting me yourself, though?
m
0
l
a b 8 Security
July 13, 2012 6:17:47 PM


are you still interested in assisting me yourself, though?



Of course but only through the Forum with the collective brain looking on and pitching in suggestions.

Can you get into Safe Mode by going Start to Run and typing msconfig into the open box then hitting Enter? Under the BOOT.INI tab. tick the /SAFEBOOT box, click Apply then OK your way out. Let the system restart and you should be straight into Safe and if you are, log in as Administrator. Check those Registry keys I mentioned above then restart back into Normal and post back with the list of sub-keys.




m
0
l
July 13, 2012 8:16:12 PM

.....thanks, Saga! To be honest though, working in Safe Mode without the 'Open With' virus or whatever it is, isn't the pressing issue any longer - my biggest problem is four-fold:

One, I can't save/attach/upload/download anything in FireFox 13 without it permanently hanging up and I have to attempt closing the browser session;

two, no matter how closely I follow the instructions provided by Internet Explorer 8, I can't get the windows to configure for new tabs to appear all the time within the initial one;

three, continuing to have buffering issues with Flash - lots of speed and audio irregularities when I attempt to play YouTube videos and four,

my hard-drive space has been badly reduced by installing Avast! (which I can now completely see the wisdom of doing - very thorough firewall/antivirus program) and several automatic Microsoft updates, but I just do NOT have the financial resources to increase capacity at present - really, REALLY pressed for cash.....

2 questions: is there any way to compress all that MS-related stuff and can OpenOffice be customized based upon usage of certain features? (Realize I may need to ask Java that question directly.....) Jim







Saga Lout said:
are you still interested in assisting me yourself, though?



Of course but only through the Forum with the collective brain looking on and pitching in suggestions.

Can you get into Safe Mode by going Start to Run and typing msconfig into the open box then hitting Enter? Under the BOOT.INI tab. tick the /SAFEBOOT box, click Apply then OK your way out. Let the system restart and you should be straight into Safe and if you are, log in as Administrator. Check those Registry keys I mentioned above then restart back into Normal and post back with the list of sub-keys.


m
0
l
a b 8 Security
July 14, 2012 6:39:50 AM



If you still suspect malware, Avast isn't doing enough for you. Download MalwareBytes from http://www.malwarebytes.org and run a full scan then let it remove everything it finds. To free up some space, use ATF Cleaner from http://www.atribune.com and CCleaner from http://www.piriform.com. Both are quite small and find different forms of clutter.

Also, go into Windows folder then Software Distribution and empty the Download folder. Make sure Hidden Files and Protected System Files are all showing up (Tools>Folder Options>View menu) and delete all the blue printed $***$ entries at the top of the Windows folder - you don't need those any longer.

Go into Control Panel>System>System Restore and turn it off. Empty the Recycle bin and restart the computer. Now run the MalwareBytes scan again. Restart and open MBAM, click the Logs tab and post copies of both the logs back here.


m
0
l
July 14, 2012 2:57:06 PM

I don't actually suspect malware so much, Saga - AVAST! is definitely ON the case! No, I'm more certain now that it's a formatting or configuration issue with Firefox 13 and I may go back to a much earlier version as others with the same problem have done......as for CCleaner, already have it installed and was using it for a good while before one of the folks at GeekstoGo discouraged me from using it and provided a self-designed alternative, which I haven't installed. What, by the way, is ATF Cleaner? Similar to CCleaner? Also installed the Revo platform because it wasn't so big to be a concern with respect to harddrive space.....may run it to see what results are returned. A friend of mine confirmed that OpenOffice can be reduced in terms of applications and I'll be investigating that shortly - but my biggest concern is (if there's even a way) trying to compress all the Microsoft baggage, which I'm guessing takes up at least 7-8 GBs of my 18.64 GB C drive.....Jim

In the meantime, will check out Safe Mode again and see if anything's changed there.....also, they had me install a custom scanning and removal app called OTL; want to run the scan again and see what comes out of that - will post the results for you to see.....





Saga Lout said:


If you still suspect malware, Avast isn't doing enough for you. Download MalwareBytes from http://www.malwarebytes.org and run a full scan then let it remove everything it finds. To free up some space, use ATF Cleaner from http://www.atribune.com and CCleaner from http://www.piriform.com. Both are quite small and find different forms of clutter.

Also, go into Windows folder then Software Distribution and empty the Download folder. Make sure Hidden Files and Protected System Files are all showing up (Tools>Folder Options>View menu) and delete all the blue printed $***$ entries at the top of the Windows folder - you don't need those any longer.

Go into Control Panel>System>System Restore and turn it off. Empty the Recycle bin and restart the computer. Now run the MalwareBytes scan again. Restart and open MBAM, click the Logs tab and post copies of both the logs back here.


m
0
l
a b 8 Security
July 15, 2012 6:17:30 AM



When I install a clean XP Pro system with SP3 and 130 subsequent updates, and including MS Office, after cleaning up, I have 4.13Gb of used space on the hard drive. Your disk is very small but it should still be able to run efficiently.




m
0
l
July 16, 2012 12:01:17 AM

Hi, Saga - sorry it took me a while to reply (again!) but I hadn't really had a chance to work on increasing my free C drive space (uninstalled Safari as I haven't used it much and cleaned up the desktop a lot; still torn about bagging Revo as it got rid of every last Safari-related file in short order.....am hovering around 3 GBs at oresent) and ventured back into Safe Mode (though by using the F8 key as I always do.....) Still getting the 'Open With' prompt, but made an interesting discovery which may be a clue (?) when I went into the Control Panel, every attempt to access an icon resulted in an 'application win32dll.exe can't be found' classic MS red X notice.....also, need some guidance as to which keys you want me to copy; there are a BUNCH of 'em in several different folders, but two primary ones, 'Minimal' and 'Network'.....would one or the other be of more use in trying to figure out what might be happening?

Minimal subfolder contains the following keys/sub-folders:

{36FC9E60-C465-11CF-8056-444553540000} ab (Default) Universal Serial Bus Controllers

{4D36E965-E325-11CE-BFC1-08002BE10318} ab (Default) CD-ROM Drive

{4D36E967-E325-11CE-BFC1-08002BE10318} ab (Default) DiskDrive

{4D36E969-E325-11CE-BFC1-08002BE10318} ab (Default) Standard floppy disk controller

{4D36E96A-E325-11CE-BFC1-08002BE10318} ab (Default) Hdc

{4D36E96B-E325-11CE-BFC1-08002BE10318} Keyboard

{4D36E96F-E325-11CE-BFC1-08002BE10318} Mouse

{4D36E977-E325-11CE-BFC1-08002BE10318} PCMCIA Adapters

{4D36E97B-E325-11CE-BFC1-08002BE10318} SCSIA Adapter

{4D36E97D-E325-11CE-BFC1-08002BE10318} System

{4D36E980-E325-11CE-BFC1-08002BE10318} Floppy disk drive

{533C5B84-EC70-11D2-9505-00C04F79DEAF} Volume shadow copy

{71A27CDD-812A-11D0-BEC7-08002BE2092F} Volume

{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} Human Interface Devices

AppMgmt - Service

Base - Driver Group

Boot Bus Extender - Driver Group

Boot File System - Driver Group

CryptSvc - Service

DcomLaunch - Service

dmadmin - Service

dmboot.sys - Driver

dmio.sys - Driver

dmload.sys - Driver

dmserver - Service

EventLog - Service

File system - Driver Group

Filter - Driver Group

HelpSvc - Service

Netlogon - Service

PCI Configuration - Driver Group

PEVSystemStart - Service

PlugPlay - Service

PNP Filter - Driver Group

Primary disk - Driver Group

procexp90.sys - Driver

RpcSs - Service

SCSI Class - Driver Group

sermousesys - Driver

sr.sys - FSFilter System Recovery

SRService - Service

System Bus Extender - Driver Group

vds - Service

vga.sys - Driver

vgasave.sys - Driver

WinMgmt - Service


Network subfolder:

{36FC9E60-C465-11CF-8056-444553540000} Universal Serial Bus Controllers

{4D36E965-E325-11CE-BFC1-08002BE10318} CD-ROM Drive

{4D36E967-E325-11CE-BFC1-08002BE10318} DiskDrive

{4D36E969-E325-11CE-BFC1-08002BE10318} Standard floppy disk controller

{4D36E96A-E325-11CE-BFC1-08002BE10318} Hdc

{4D36E96B-E325-11CE-BFC1-08002BE10318} Keyboard

.....and so on, basically repeating the same series of keys until:

{4D36E972-E325-11CE-BFC1-08002BE10318} Net

{4D36E973-E325-11CE-BFC1-08002BE10318} NetClient

{4D36E974-E325-11CE-BFC1-08002BE10318} NetService

{4D36E975-E325-11CE-BFC1-08002BE10318} NetTrans

....then again repeating the last few Minimal numerical key values (with one exception, and I don't know if this is noteworthy or not: the Volume shadow copy key is missing from the Network hierarchy - have experienced intermittent loss of audio once in a while but not sure if that's related.....)

AFD - Service

AppMgmt - Service

Base - Driver Group

Boot Bus Extender - Driver Group

Boot File System - Driver Group

Browser - Service

CryptSvc - Service

DcomLaunch - Service

Dhcp - Service

dmadmin - Service

dmboot.sys - Driver

dmio.sys - Driver

dmload.sys - Driver

dmserver - Service

DnsCache - Service

EventLog - Service

File system - Driver Group

Filter - Driver Group

HelpSvc - Service

ip6fw.sys - Driver

pnat.sys - Driver

LanmanServer - Service

LanmanWorkstation - Service

LmHosts - Service

Messenger - Service

NDIS - Driver Group

NDIS Wrapper - Driver Group

Ndisuio - Service

NetBIOS - Service

NetBIOSGroup - Service

NetBT - Service

NetDDEGroup - Driver Group

Netlogon - Service

NetMan - Service

Network - Driver Group

NetworkProvider - Driver Group

NtLmSsp - Service

PCI Configuration - Driver Group

PEVSystemStart - Service

PlugPlay - Service

PNP Filter - Driver Group

PNP_TDI - Driver Group

Primary disk - Driver Group

procexp90.sys - Driver

rdpcdd.sys - Driver

rdpdd.sys - Driver

rdpwd.sys - Driver

rdsessmgr - Service

RpcSs - Service

SCSI Class - Driver Group

sermouse.sys - Driver

sharedaccess - Service

sr.sys - FSFilter System Recovery

SRService - Service

Streams Drivers - Driver Group

System Bus Extender - Driver Group

Tcpip - Service

TDI - Driver Group

tdipipe.sys - Driver

tdtcp.sys - Driver

termservice - Service

vga.sys - Driver

vgasave.sys - Driver

WinMgmt - Service

WRkrn - Driver

WRSVC - Service

WCZSVC - Service


.....and there you HAVE it all, a lot done long-form (!) I did run the OTL (GeekstoGo homemade device) scans as intended and I can send you those if they might help - VERY extensive and, I suspect, modeled after that of HijackThis! Will be awaiting your input:)  Thanks! Jim
















































Saga Lout said:


When I install a clean XP Pro system with SP3 and 130 subsequent updates, and including MS Office, after cleaning up, I have 4.13Gb of used space on the hard drive. Your disk is very small but it should still be able to run efficiently.




m
0
l
a b 8 Security
July 16, 2012 6:34:32 AM



Homemade but by Old Timer - no the Geeks-to-go website. ! :D 

Those entries look normal to me but I'll look again when I wake up properly. Let's go back to the beginning for a moment - did you ever run the Doug Knox fixes I recommended to cover the OpenWith issue?


m
0
l
July 16, 2012 10:29:05 AM

Yes, I'm pretty sure that I did, based upon your descriptions of them, anyway - think I saw, but didn't look at, the reports yesterday - will check further tonight and send those along if so, also the OTL reports as well.....thanks again!



Saga Lout said:


Homemade but by Old Timer - no the Geeks-to-go website. ! :D 

Those entries look normal to me but I'll look again when I wake up properly. Let's go back to the beginning for a moment - did you ever run the Doug Knox fixes I recommended to cover the OpenWith issue?


m
0
l
July 17, 2012 3:09:20 AM

.....if i did run those fixes, no sign of the reports for either - so I'll run 'em again and post the results.....here are both OTL report logs from Sunday.....



OTL report of 7-15:


OTL logfile created on: 7/15/2012 9:00:17 AM - Run 8
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\User\Desktop\Spyware & Virus tools\GeekstoGo tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.30 Mb Total Physical Memory | 21.42 Mb Available Physical Memory | 4.20% Memory free
672.54 Mb Paging File | 143.10 Mb Available in Paging File | 21.28% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.93 Gb Free Space | 15.70% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 1.74 Gb Free Space | 2.33% Space Free | Partition Type: NTFS

Computer Name: USER-2LHZ6LTLSL | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/26 22:57:35 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\Spyware & Virus tools\GeekstoGo tools\OTL.exe
PRC - [2012/06/14 18:20:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/15 04:56:50 | 001,783,296 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12071500\algo.dll
MOD - [2012/07/12 00:27:42 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/06/14 18:20:15 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/12 00:27:51 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/14 18:20:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/06/24 09:16:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:45 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:44 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:40 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/04 01:29:39 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/04 01:29:38 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/06/03 11:18:32 | 000,040,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 9E 5C DB A0 4E CD 01 [binary data]
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..\SearchScopes,DefaultScope = {C2EFBE96-ECEE-4A92-87C6-BA2F7F501B23}
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..\SearchScopes\{C2EFBE96-ECEE-4A92-87C6-BA2F7F501B23}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/07 22:04:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/27 00:14:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/06/27 00:15:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/07/15 07:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\4hatbizk.JMC\extensions
[2012/07/08 15:34:16 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\4hatbizk.JMC\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012/07/08 15:30:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\4hatbizk.JMC\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/07/15 07:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\4hatbizk.JMC\extensions\staged
[2012/07/08 15:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\swbxdwxe.default\extensions
[2012/07/08 15:30:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\swbxdwxe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/06/27 00:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2012/06/23 02:24:44 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..Trusted Domains: avast.com ([support] https in Trusted sites)
O15 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004\..Trusted Domains: streamwrhu.net ([live] https in Trusted sites)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0988B9E-1F28-41A8-A972-714885C819B3}: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/05 14:02:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1547161642-1060284298-1708537768-1004..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/14 16:02:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2012/07/08 21:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\PriceGong
[2012/07/08 15:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/07/08 15:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\DVDVideoSoftTB
[2012/07/08 15:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Conduit
[2012/07/08 15:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2012/07/08 15:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers
[2012/07/08 15:28:40 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\WINDOWS\System32\Newtonsoft.Json.Net20.dll
[2012/07/08 15:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012/07/08 15:24:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\DVDVideoSoft
[2012/07/08 15:22:40 | 027,578,008 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Documents and Settings\User\Desktop\FreeYouTubeToMP3Converter.exe
[2012/07/08 08:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\VS Revo Group
[2012/07/08 08:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2012/07/08 08:52:49 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/07/08 08:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/07/08 08:51:43 | 007,902,008 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\User\Desktop\RevoUninProSetup.exe
[2012/07/07 19:07:53 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/07 17:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\vGrabber
[2012/06/30 16:29:25 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/27 18:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Sun
[2012/06/27 00:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/27 00:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/27 00:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Oracle
[2012/06/27 00:29:32 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/06/27 00:29:32 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/06/27 00:29:31 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/06/27 00:29:09 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/06/27 00:29:08 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/06/27 00:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Mozilla
[2012/06/27 00:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/27 00:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/06/24 19:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/06/24 19:49:36 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/06/24 19:49:35 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/06/24 19:49:22 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/06/24 19:49:21 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/06/24 19:49:20 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/06/24 19:49:19 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/06/24 19:49:19 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/06/24 19:49:18 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/06/24 19:43:26 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/06/24 19:43:20 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/06/24 19:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/24 19:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/06/24 04:31:33 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/06/23 12:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\QuickScan
[2012/06/21 17:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Google
[2012/06/21 17:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/06/20 00:21:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\PrivacIE
[2012/06/19 03:17:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\IETldCache
[2012/06/18 23:36:29 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/18 23:30:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/06/18 23:28:28 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/06/18 23:23:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/06/18 20:05:03 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012/06/18 19:32:13 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012/06/18 19:29:25 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/06/18 19:22:23 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/06/18 19:22:15 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/06/18 19:08:17 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/06/18 19:01:04 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/06/17 21:12:26 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2012/06/17 21:11:33 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/06/17 21:11:23 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2012/06/17 21:09:59 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2012/06/17 21:09:59 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2012/06/17 21:09:47 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2012/06/17 21:09:40 | 002,148,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/06/17 21:09:34 | 002,192,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/06/17 21:09:23 | 002,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/06/17 21:00:28 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2012/06/17 20:49:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/06/17 19:22:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/06/17 19:22:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/06/17 19:21:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/06/17 17:12:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/17 16:45:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/15 13:39:11 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/15 13:27:14 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/15 06:09:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/14 16:05:25 | 000,010,152 | ---- | M] () -- C:\Documents and Settings\User\My Documents\CCleaner Registry Backup file 7-14-12.reg
[2012/07/12 21:06:27 | 009,380,522 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Crazy [Live, TOTPs] - Gnarls Barkley.mp3
[2012/07/12 00:27:44 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/12 00:27:44 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/11 04:39:27 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/08 15:29:07 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Free YouTube to MP3 Converter.lnk
[2012/07/08 15:22:38 | 027,578,008 | ---- | M] (DVDVideoSoft Ltd. ) -- C:\Documents and Settings\User\Desktop\FreeYouTubeToMP3Converter.exe
[2012/07/08 13:50:54 | 002,840,482 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Voice On The Radio - Conductor (w intro).mp3
[2012/07/08 08:52:52 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/07/08 08:51:38 | 007,902,008 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\User\Desktop\RevoUninProSetup.exe
[2012/07/08 08:26:12 | 000,035,036 | ---- | M] () -- C:\Documents and Settings\User\My Documents\CCleaner Registry Backup file 7-8-12.reg
[2012/07/07 22:04:32 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/07/07 17:38:30 | 068,310,096 | ---- | M] () -- C:\Documents and Settings\User\Desktop\drweb-cureit.exe
[2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/07/03 12:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/06/27 00:28:17 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/06/27 00:28:17 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/06/27 00:14:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/27 00:14:43 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/06/23 02:24:44 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/06/22 17:02:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/22 16:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\WINDOWS\System32\Newtonsoft.Json.Net20.dll
[2012/06/21 16:57:24 | 010,857,155 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Lucky Man - [LIVE] - Marillion.mp3
[2012/06/20 08:27:24 | 010,131,155 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Power [LIVE] - Marillion.mp3
[2012/06/19 12:23:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/19 03:17:18 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/18 23:01:07 | 000,432,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/18 23:01:07 | 000,067,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/18 08:09:40 | 000,040,020 | ---- | M] () -- C:\Documents and Settings\User\My Documents\CCleaner Registry Backup file 6-18-12.reg
[2012/06/17 18:59:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/15 15:25:31 | 000,053,570 | ---- | M] () -- C:\WINDOWS\System32\Defrag Report filepath name details F 6-15-12
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/14 16:05:19 | 000,010,152 | ---- | C] () -- C:\Documents and Settings\User\My Documents\CCleaner Registry Backup file 7-14-12.reg
[2012/07/12 21:02:25 | 009,380,522 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Crazy [Live, TOTPs] - Gnarls Barkley.mp3
[2012/07/08 15:29:07 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Free YouTube to MP3 Converter.lnk
[2012/07/08 13:50:08 | 002,840,482 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Voice On The Radio - Conductor (w intro).mp3
[2012/07/08 08:52:52 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2012/07/08 08:25:57 | 000,035,036 | ---- | C] () -- C:\Documents and Settings\User\My Documents\CCleaner Registry Backup file 7-8-12.reg
[2012/07/07 22:04:31 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/07 19:08:07 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/27 00:14:43 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/27 00:14:43 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/06/27 00:14:42 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/21 16:18:14 | 010,857,155 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Lucky Man - [LIVE] - Marillion.mp3
[2012/06/20 08:16:24 | 010,131,155 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Power [LIVE] - Marillion.mp3
[2012/06/18 19:07:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/18 19:07:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/06/18 08:09:33 | 000,040,020 | ---- | C] () -- C:\Documents and Settings\User\My Documents\CCleaner Registry Backup file 6-18-12.reg
[2012/06/15 15:25:22 | 000,053,570 | ---- | C] () -- C:\WINDOWS\System32\Defrag Report filepath name details F 6-15-12
[2012/03/17 12:42:40 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\User\Application Data\mcs.rma
[2011/06/04 09:18:39 | 000,000,022 | --S- | C] () -- C:\Documents and Settings\User\Application Data\Sys2662.Config.Repository.bin
[2010/12/12 15:10:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/12 15:10:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/12 15:10:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/12 15:10:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/12 15:10:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/08 02:02:27 | 005,275,648 | ---- | C] () -- C:\Documents and Settings\User\NTUSER.rhk
[2008/01/18 16:58:02 | 000,228,864 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/05/18 03:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amazon
[2010/07/17 20:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/06/24 19:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/12/12 14:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D05119C
[2012/06/04 15:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/05/08 02:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2010/12/25 09:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cPgMn08200
[2012/01/07 11:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/09/04 18:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2012/06/04 15:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/04/24 10:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/02 15:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/05/08 10:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C3243856-7746-4A05-8837-51A28C1CDD82}
[2010/10/17 02:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Amazon
[2012/06/15 15:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CBS Interactive
[2012/05/08 03:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CheckPoint
[2009/06/18 22:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
[2012/07/08 15:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DVDVideoSoft
[2012/07/08 15:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DVDVideoSoftIEHelpers
[2012/01/07 11:44:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\f-secure
[2010/11/13 15:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FreeFileViewer
[2012/05/29 05:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IObit
[2009/06/30 18:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2012/06/27 00:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
[2012/01/03 19:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OverDrive
[2012/07/08 21:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PriceGong
[2012/06/23 12:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2012/05/13 22:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sevas-S
[2012/05/31 19:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Uniblue
[2012/07/15 13:39:11 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\User\Desktop\drweb-cureit.exe:SummaryInformation

< End of report >


Extras Report of 7-15:


OTL Extras logfile created on: 7/15/2012 7:35:37 AM - Run 8
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\User\Desktop\Spyware & Virus tools\GeekstoGo tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.30 Mb Total Physical Memory | 294.17 Mb Available Physical Memory | 57.65% Memory free
672.54 Mb Paging File | 513.94 Mb Available in Paging File | 76.42% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.85 Gb Free Space | 15.28% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 1.74 Gb Free Space | 2.33% Space Free | Partition Type: NTFS

Computer Name: USER-2LHZ6LTLSL | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1547161642-1060284298-1708537768-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:D isabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:D isabled:@xpsp2res.dll,-22008
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{659314FA-F336-482D-B094-C3FCA68BB60B}" = GEAR driver installer for x86 and x64
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Star Trek: The Game Show" = Star Trek: The Game Show
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/8/2012 2:44:14 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Error | ID = 1000
Description = Faulting application youtubedl.exe, version 0.0.0.0, faulting module
qtcore4.dll, version 4.7.1.0, fault address 0x00105511.

Error - 7/8/2012 9:00:29 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/12/2012 7:20:45 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/12/2012 9:42:10 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application FreeYouTubeToMP3Converter.exe, version 3.11.26.706,
hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/12/2012 10:15:19 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/13/2012 6:07:02 AM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/13/2012 6:25:42 AM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/13/2012 6:25:42 AM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/13/2012 1:12:44 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/14/2012 4:24:24 PM | Computer Name = USER-2LHZ6LTLSL | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 13.0.1.4548, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/27/2012 12:03:11 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/27/2012 12:03:11 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/27/2012 12:03:11 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/27/2012 6:12:47 PM | Computer Name = USER-2LHZ6LTLSL | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'OTL.exe_{f .. 0bd2b8e4d}' on the volume 'HarddiskVolume1'.
It has stopped monitoring the volume.

Error - 7/7/2012 3:50:40 PM | Computer Name = USER-2LHZ6LTLSL | Source = System Error | ID = 1003
Description = Error code 0000004d, parameter1 0001cb9f, parameter2 0001cb9f, parameter3
0000765b, parameter4 00000000.

Error - 7/8/2012 1:28:34 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update
Service service to connect.

Error - 7/8/2012 1:28:35 AM | Computer Name = USER-2LHZ6LTLSL | Source = Service Control Manager | ID = 7000
Description = The Adobe Flash Player Update Service service failed to start due
to the following error: %%1053

Error - 7/8/2012 1:17:11 PM | Computer Name = USER-2LHZ6LTLSL | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Mozilla Firefox\crashreporter.exe.
Reference
error message: Error Message is unavailable .

Error - 7/14/2012 7:35:55 AM | Computer Name = USER-2LHZ6LTLSL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 7/14/2012 7:35:55 AM | Computer Name = USER-2LHZ6LTLSL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >
m
0
l
July 17, 2012 3:25:53 AM

.....well, now I know why there weren't any reports - by clicking on both icons, merely added the XP.exe & Lnk.exe fixes to the registry (probably did it at least twice now.....what happens next? Any follow-up to those?)
m
0
l
a b 8 Security
July 17, 2012 7:41:29 AM



Pick a specific file type that is affected by OpenWith and go into Control Panel>Folder Options>File Types and reassociate it with the programme that is supposed to open it by clicking the Change button beside Open With.


m
0
l
July 22, 2012 12:57:02 AM

Hey, Saga - haven't had a chance yet to experiment with your recommendations (very tired most of the week) but will do so tomorrow - appreciate your patience, and I'll get back to you Sunday night

Jim



Saga Lout said:


Pick a specific file type that is affected by OpenWith and go into Control Panel>Folder Options>File Types and reassociate it with the programme that is supposed to open it by clicking the Change button beside Open With.


m
0
l
July 23, 2012 6:30:22 PM

.....sorry I'm still getting back to you a bit later than stated, Saga; out of work again and trying to process that most of the day so far:(  Anyhow, did check out the Folder Options in my Control Panel and, to be honest, not clear as to what I am supposed to do - assume you want me to do whatever in SafeMode but, even just a brief look at things doesn't give me any idea of how changes would occur as that button isn't usable at present for some reason - in other words, no play, not live.....again, with the Boot Scan feature of Avast! the problem with Safe Mode is no longer my biggest concern; want to restore my ability to download/upload/save/attach in Firefox and fix whatever the problems are with Flash in both browsers (IE 8 as well.....)
m
0
l
a b 8 Security
July 23, 2012 6:47:21 PM



You can test or experiment with the File Associations in Folder Options quite safely in Normal Mode. Just pick on that misbehaves, check what file is set to open it and see if they match up. Try associating another programme with that file type - you won't be making any changes you can't reverse later.

m
0
l
July 23, 2012 6:54:05 PM

.....I'll keep trying to figure out how to do it - in the meantime, there may have been a new development: been getting a slew of 'A script may be causing a) your computer to run slow b) problems with Flash' notices in the past several days.....
m
0
l
July 23, 2012 6:59:45 PM

.....neglected to follow through with the other half of that equation - Flash is now subsequently CRASHING after such notices.....
m
0
l
July 27, 2012 11:30:38 AM

Hi, Saga - wanted to update you on what's been happening.....asking for us to take a different approach from here on in and address items based upon this prioritizing; the issue with not being to download/upload/attach/save in Firefox 13/14 is absolutely giving me FITS now - as directed by Mozilla's Help page, first checked once again to determine which plug-ins might be out-of-date and one was indicated: QuickTime, so I downloaded (from IE 8, of course) their Version 7.7.2 to my desktop, but when I attempted to install it (hoping that the previous version would be overwritten in the process to avoid even MORE space being taken up) received an Error message that believe related to configuring - not sure......


.....likely related to that, ran my nightly AVAST! Boot Scan and, while no threats were found, the following also was returned - can you tell me what it means? When I see the word 'corrupted' over and over again it gives me some PAUSE, to say the very least!


07/27/2012 02:45
Scan of all local drives

File C:\System Volume Information\_restore{D79813A2-D918-4CD4-901D-59C2E738ECD1}\RP1698\A0498263.exe|>QuickTime.msi|>QuickTime.cab|>QTOControl.dll Error 42127 {CAB archive is corrupted.}
File C:\System Volume Information\_restore{D79813A2-D918-4CD4-901D-59C2E738ECD1}\RP1698\A0498263.exe|>QuickTime.msi|>QuickTime.cab Error 42144 {OLE archive is corrupted.}
File C:\System Volume Information\_restore{D79813A2-D918-4CD4-901D-59C2E738ECD1}\RP1698\A0498263.exe|>QuickTime.msi|>01_StringPool Error 42144 {OLE archive is corrupted.}
File C:\System Volume Information\_restore{D79813A2-D918-4CD4-901D-59C2E738ECD1}\RP1698\A0498263.exe|>QuickTime.msi Error 42127 {CAB archive is corrupted.}
Number of searched folders: 11981
Number of tested files: 534534
Number of infected files: 0


.....anyhow, as I requested, this is the order of priorities I'd like to operate with going forward if at all possible:


1. Resolve Firefox 13/14 downloading/etc. issue (next step per Mozilla is to do trial-and-error disabling and re-enabling of plug-ins to determine if they're some causing associated problems - in the meantime, should I uninstall QuickTime completely and then try again to install the new version? Revo should be able to remove all remaining traces from the first attempt and existing version, I would think.....)

2. Fix minor (but no less annoying) problems with Flash in both browsers

3. Configure IE 8 for internal new windows/tabs rather than new windows opening

4. If at all possible, rectify Open With problem in Safe Mode - with the Boot Scan feature, it's become my least concern.....

I do VERY much appreciate your patience and assistance! Jim

m
0
l
July 29, 2012 1:11:24 PM

Update: uninstalled (completely, with the aid of RevoUninstaller?) QuickTime and downloaded, but have yet to install, the latest Version 7.7.2 as recommended by Firefox in my Add-ons diagnostic, as well as uninstalled and reinstalled Firefox 14 - but STILL cannot access Options feature nor download/upload/save/attach.....
m
0
l
August 14, 2012 4:42:29 PM

In response to an inquiry, ongoing problems have yet to be resolved; never received a reply in this thread from Saga and have been unable to remedy issues with Firefox 13-14.0/Flash/IE 8 as outlined above - in addition, I uninstalled iTunes on the erroneous advice of an Apple representative and, given my extremely limited Desktop resources/disk space, will in fact need to REinstall the older version shortly - corrupted CAB and OLE archives was what prompted me to inquire with Apple in the first place as to whether those were somehow causing added complications, and have not been able to address that problem EITHER.....if somebody would please respond ASAP? Thank you
m
0
l
August 14, 2012 5:04:12 PM

ogam5 said:
I haven't been able to access Safe Mode for quite some time without being blocked from doing so by an 'Open With' prompt for EVERY program on the desktop - NO such problem in normal operating mode.....can anyone give me some advice as to just how I can restore my Safe Mode access? Thanks!


“you can boot off of a cd to scan your drives for viruses (virii?) with a free tool like AVG.”
...”..currently I have SuperAntiSpyware, Dr. Fix It (?) Malwarebytes (was my background filter) and, as of this morning, IObit (experimenting with it as the background for a while) - previously I've had AVG, Avast!, AdAware (desktop resources required were ridiculous, especially as I only have 18 GB total capacity on the C drive) and I've done a LOT of scans.”

The problem IS the junk you load into your system.
Free security tools from the internet only create more and more problems.
Loading multiple mismatched security only creates system conflicts.

If you want to use the computer, stop downloading all the junk software.

Use ONLY professional all in one antivirus. Do not depend on free junk software to "fix" your computer.

Backup all your personal files, to a USB drive, etc.
Reformat your entire drive. Erase everything.
Load a fresh OS. Restore your backed up files.
Install your professional antivirus. Update and scan the entire computer.

Now, use your computer. There is nothing free on the internet, that you need to install in your computer. The free stuff is worthless, and only causes one problem after another.
How many times do you need to crash your system to learn this lesson?
m
0
l
August 14, 2012 5:18:34 PM

Just how much memory is taken up & size of your hard drive? If the system can't find any available space you might want to move/delete some files, especially when your installing stuff. Also uninstall any other programs you are not using which should get you some extra disk space.
m
0
l
August 14, 2012 6:43:27 PM

.....thank you both for responding; the only antiviral I have at present is AVAST! and, given my severely limited financial circumstances, I'm in NO position to expand either drive in terms of capacity (which is the only reason I'd ever do anything so drastic as wipe the C drive after transferring its contents - not even remotely an option).....as it stands now, been fluctuating (for reasons unknown) between 2.69-3.16 of 18.64 GBs (believe that I can get back up to just over 3 GBs easily enough but, there just ISN'T anything else expendable to delete - already attempted to pare down the features on OpenOffice which I don't use/need and that didn't buy me much at all - e drive consists almost entirely of MP# files and I'm not gonna delete any of those either (2.26 of 74.5 GBs, and the OO system is, I believe, in there as well.....)

No, what I need someone to do from here if they're willing is, help me with what's immediately of concern and as I've delineated previously: there's some sort of conflict between FF 13-14.0 (still cannot download/upload/save/attach) Flash (crashes a lot, buffering/syncing seems compromised) and, possibly, AVAST! - posted to THEIR forum but never heard from either them or Firefox) - no longer have Yahoo! Toolbar on Firefox (nor NoScript!which may be a big part of why Flash has been crashing, I do realize) - don't suspect I could download either, for obvious reasons, unless from IE 8 (but would they be recognized by FF in that case?)

.....anyhow, if you or anyone else could assist in rectifying these circumstances, I would definitely be most appreciative - thanks again! Jim
m
0
l
August 14, 2012 7:20:42 PM

I understand your financial issues as i am there as well. For your hard drive capacity issue (which could be partially your issue). If your hard drive is badly fragmented, running Defragglers analyze function would be able to tell you, or Windows defragmenter will tell you how much of your hard drive (do both partitions or drives) is fragmented will give you an idea and with your limited space capacity it'll be difficult to do a proper defrag.

A few options with that could be if someone is willing to help you out by lending you an external drive or transferring your files to cds or dvds and you don't need to create actual music cds unless y ou want to, they can be burned to a disc in its main format. I would suggest eBay for getting a used hard drive but since your not doing well financially i wouldn't take the risk in getting a drive that would fail on you after a couple of months or on arrival. If you got computer shops around your area that sells hard drives for cheap that's an option (long as they have a decent return policy).

I only suggest this because even 5GB could disappear easily with updates and stuff & even when i realized that my drive was nearly full i had a serious hard drive problem that i think is giving me weird desktop loads (where my program files are in different spots on the desktop) so since your space is low i suggest keeping both eyes glued to that to make sure you don't run out of space and seeing how your space is fluctuating, that is a pretty concern.

Have you tried uninstalling Firefox & flash completely then running CCleaner to run cleanup (you can right click > analyze any cleaning options that are not checked to see if you can clear up more space) & registry? Then re-install them and see if that does anything. Also if you have any extra system restore files that you wont use, i would delete those as they would add some extra space.

Also if you still have hibernate enabled disabling it http://www.opentutorial.com/Disable_hibernation_in_wind...

should free up a bit more space.

m
0
l
August 14, 2012 8:03:30 PM

ogam5 said:
.....thank you both for responding; the only antiviral I have at present is AVAST! and, given my severely limited financial circumstances, I'm in NO position to expand either drive in terms of capacity (which is the only reason I'd ever do anything so drastic as wipe the C drive after transferring its contents - not even remotely an option).....as it stands now, been fluctuating (for reasons unknown) between 2.69-3.16 of 18.64 GBs (believe that I can get back up to just over 3 GBs easily enough but, there just ISN'T anything else expendable to delete - already attempted to pare down the features on OpenOffice which I don't use/need and that didn't buy me much at all - e drive consists almost entirely of MP# files and I'm not gonna delete any of those either (2.26 of 74.5 GBs, and the OO system is, I believe, in there as well.....)

No, what I need someone to do from here if they're willing is, help me with what's immediately of concern and as I've delineated previously: there's some sort of conflict between FF 13-14.0 (still cannot download/upload/save/attach) Flash (crashes a lot, buffering/syncing seems compromised) and, possibly, AVAST! - posted to THEIR forum but never heard from either them or Firefox) - no longer have Yahoo! Toolbar on Firefox (nor NoScript!which may be a big part of why Flash has been crashing, I do realize) - don't suspect I could download either, for obvious reasons, unless from IE 8 (but would they be recognized by FF in that case?)

.....anyhow, if you or anyone else could assist in rectifying these circumstances, I would definitely be most appreciative - thanks again! Jim


You have loaded too much junk and corrupted your operating system.
The only way to fix it is to start over from scratch.
Recover and back up your files. (install the drive as a second drive in a working computer, OR have a computer shop do it for you)
Reformat the entire drive, slow complete format.
load a new OS.
No matter what "free" device you install, it will only make it worse.

Once you have loaded "free" tools from the internet,
These will not delete. You are stuck, until you start over again. There is no "free" tool that fixes corrupted software.
EXCEPT for the original OS disk.
m
0
l
August 14, 2012 8:10:15 PM

Hi, midnight - a few notes: have indeed uninstalled and reinstalled both FF 13-14.0 anf Flash, using first CCleaner and later, REVO uninstaller to remove any remaining traces from them - have also changed the Updates settings so that I'm reminded of the possible need for those (in other words, NO automatic updates!) Checked out the Hibernate tutorial link you included and it's already been disabled; only thing which could be changed is a setting under the 'Power Schemes' tab which indicates that the monitor will shut off after 20 minutes (although I can't remember it ever happening before.....) Think that might reduce the Desktop demands too?

Am also planning to trigger a full-scope CHKDSK run sometime today and may try. yet AGAIN, to uninstall and reinstall both FF14.0 (though may go with an older version as some have recommended) and Flash, using CCleaner as discussed in between.....Jim
m
0
l
August 15, 2012 5:25:01 AM

Yeah, see if an older version of FF and flash works. Hopefully you'll run across an opportunity to find some way of increasing your overall disk space. Generally nowadays 50GB is a good amount to have your current OS on.

I have a 80GB HDD partitioned with Windows XP at 32GB and 42.4GB for Windows 7. I had both drives packed with some videos but removed them after experiencing a bad sounding hard drive. Thought the drive was just going bad but it ran out of space on the Win7 partition. It's a lesson learned to at least keep 7GB free, but i got 20GB free. So just keep your eyes on your space & you should be good. If you got program installation files those can be deleted as well. Did you ever figure out what your fragmentation percentage was? I don't think power schemes really use that much space. I just know that hibernation or hiberfil.sys (sp?) system restore takes quite a bit of room, you should have at least 1 or 2 but you can delete the rest of them using CCleaner.

Disabling the automatic updates is good, having it so it will ask you if you want to download them should give you a little breathing room. But they shouldn't be ignored either so keep that in mind as well!
m
0
l
August 20, 2012 6:55:32 PM

Hi, midnight - know it's BEEN a few days since my last communication, but I finally found some time to work at length on solving these stubborn problems and took a more risky approach.....as I'm STILL encountering the same roadblock to downloading/uploading/saving/attaching in Firefox 3.6.28, uninstalled/reinstalled AVAST! to check whether it was causing difficulties - will be reinstalling first iTunes 9.6 (?) and then, a good while later, OpenOffice 3.3. as well......somehow, between CCleaner scans/removals, random deletions of dormant/inapplicable folders (especially my former service provider, I suspect) a Disk Cleanup operation, twice running both CHKDSK (with the repair command) and defragmentation, I now have double the hard drive space even after adding AVAST! back in: 5.20 GBs - had 5.60 or so was hoping to reach 6 so even with both iTunes/QuickTime and OpenOffice factored in, 5GBs were still left, but just a little too much.....can say Firefox seems to be working much better otherwise though.....


Saved one of the defrag reports, and I further suspect it may say a LOT: have wondered whether the Firefox/Flash issues were rooted in a bad or missing driver but haven't have a chance to really research the one indicated - as for the SafeMode boondoggle, not sure why the Recycler trojan didn't reveal itself sooner but, it is looked upon as one nasty bit of business by all indications - all advice is to get at it through SafeMode but, of course, that's still not an option for me.....tried doing a full search in both C and E drives but nothing had been returned after 30 minutes - NO sign of it merely looking through C drive - and so I had to bail for now.....please let me know what you think? I placed the 2 really interesting ones I've already mentioned at the beginning of this list; some of the remaining fragmented files may have since been deleted by CCleaner - not sure Thanks again:)  Jim



Volume (C:) 
Volume size = 18.64 GB
Cluster size = 4 KB
Used space = 13.08 GB
Free space = 5.56 GB
Percent free space = 29 %

Volume fragmentation
Total fragmentation = 25 %
File fragmentation = 48 %
Free space fragmentation = 2 %

File fragmentation
Total files = 42,384
Average file size = 1 MB
Total fragmented files = 549
Total excess fragments = 31,254
Average fragments per file = 1.73

Pagefile fragmentation
Pagefile size = 192 MB
Total fragments = 257

Folder fragmentation
Total folders = 7,480
Fragmented folders = 1
Excess folder fragments = 0

Master File Table (MFT) fragmentation
Total MFT size = 73 MB
MFT record count = 50,344
Percent MFT in use = 67 %
Total MFT fragments = 10

--------------------------------------------------------------------------------

2,120 151 MB \RECYCLER\S-1-5-21-1547161642-1060284298-1708537768-1004\Dc14.exe

795 57 MB \WINDOWS\system32\MRT.exe


Fragments File Size Files that cannot be defragmented
183 12 MB \WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
186 12 MB \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
184 12 MB \WINDOWS\PCHealth\HelpCtr\Database\HCdata.edb
203 13 MB \WINDOWS\system32\config\systemprofile\Local Settings\temp\Microsoft .NET Framework 2.0-KB2686828_20120619_014222480-Msi0.txt
204 13 MB \WINDOWS\system32\config\systemprofile\Local Settings\temp\Microsoft .NET Framework 2.0-KB2604092_20120619_023621378-Msi0.txt
212 13 MB \WINDOWS\system32\config\systemprofile\Local Settings\temp\Microsoft .NET Framework 2.0-KB2656369_20120619_025049536-Msi0.txt
212 13 MB \WINDOWS\system32\config\systemprofile\Local Settings\temp\Microsoft .NET Framework 2.0-KB2656352_20120619_021633079-Msi0.txt
207 13 MB \Program Files\Java\jre7\bin\client\classes.jsa
218 14 MB \WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
232 15 MB \Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
259 17 MB \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
300 19 MB \WINDOWS\system32\config\software.rhk
306 19 MB \WINDOWS\Installer\15032c3.msp
358 23 MB \WINDOWS\Installer\108fa481.msp
377 24 MB \WINDOWS\ERDNT\subs\software
378 24 MB \WINDOWS\ERDNT\Hiv-backup\software
305 24 MB \WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
203 24 MB \System Volume Information\_restore{D79813A2-D918-4CD4-901D-59C2E738ECD1}\RP1727\snapshot\_REGISTRY_MACHINE_SOFTWARE
213 24 MB \System Volume Information\_restore{D79813A2-D918-4CD4-901D-59C2E738ECD1}\RP1729\snapshot\_REGISTRY_MACHINE_SOFTWARE
377 24 MB \WINDOWS\system32\config\software.bak
400 25 MB \Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\Cache\_CACHE_003_
701 45 MB \Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\urlclassifier3.sqlite
793 50 MB \Program Files\Java\jre7\lib\rt.jar
763 50 MB \Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\swbxdwxe.default\urlclassifier3.sqlite
1,428 90 MB \WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
815 115 MB \Documents and Settings\User\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb
1,852 116 MB \Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\Data1.cab
1,822 123 MB \Documents and Settings\User\Local Settings\Application Data\Apple Computer\iTunes\Cache.db


2,120 151 MB \RECYCLER\S-1-5-21-1547161642-1060284298-1708537768-1004\Dc14.exe

795 57 MB \WINDOWS\system32\MRT.exe








MidnightDistort said:
Yeah, see if an older version of FF and flash works. Hopefully you'll run across an opportunity to find some way of increasing your overall disk space. Generally nowadays 50GB is a good amount to have your current OS on.

I have a 80GB HDD partitioned with Windows XP at 32GB and 42.4GB for Windows 7. I had both drives packed with some videos but removed them after experiencing a bad sounding hard drive. Thought the drive was just going bad but it ran out of space on the Win7 partition. It's a lesson learned to at least keep 7GB free, but i got 20GB free. So just keep your eyes on your space & you should be good. If you got program installation files those can be deleted as well. Did you ever figure out what your fragmentation percentage was? I don't think power schemes really use that much space. I just know that hibernation or hiberfil.sys (sp?) system restore takes quite a bit of room, you should have at least 1 or 2 but you can delete the rest of them using CCleaner.

Disabling the automatic updates is good, having it so it will ask you if you want to download them should give you a little breathing room. But they shouldn't be ignored either so keep that in mind as well!

m
0
l
August 21, 2012 4:35:34 AM

Hmmm.. well all looks fine to me with the defrag. Anyway you might want to try out Winderstat: http://sourceforge.net/projects/windirstat/

The download is small 632KB (647,168 bytes)

Installation Space Required: 1.3MB

2,400,256 bytes 2.29MB (actual installation size)

I made sure i wasn't doing anything else but that's the general size. It took me so long to reply (like 3 hours) i'm using my current PC to run SpinRite on a couple of new HDD's and using my '99 PC and i found out it's terrible at multitasking (music and internet browsing) so i have to tweak my programs priority rate so i can still try to multitask. Anyway that program will tell you how much you have and you can go through to see if there's anything you can delete or transfer elsewhere.
m
0
l
August 21, 2012 8:19:05 AM

Downloaded WinDirStat, and does it ever really lay out drive usage! Was busy otherwise too; reinstalled iTunes 9.0 as well as everything that came with it (including QuickTime) but couldn't restore my Playlist despite having the entire library and about 2/3rds of it, duplicated in both the C and E drive (!) At the advice of an Apple tech support person, uninstalled 9.0 and replaced it with the latest version, which allows for redownloading previous purchases from the cloud feature - still leaves me with the original folder on my Desktop and that's just HUGE, so will be deleting that shortly as it appears the new version uses a MUCH different, significantly larger platform - should free up a big chunk of C drive space of and by itself.....haven't reinstalled QuickTime yet as it's not part of it any longer.....


......also, neglected to mention that, while in Safe Mode experimenting, got a notice of NO rundll32.exe found when attempting to access any of my Control Panel features and THEN, discovered I have no System32 folder in WINDOWS at ALL - which might certainly explain most of my issues with Firefox, as would the indication by a Uniblue program called, if I'm not mistaken, RegistryBooster - or something like that, of 134 bad file associations alone but I couldn't fix those without paying so I uninstalled it and deleted any remaining elements with CCleaner - may try to revisit it when I'm in a better position to do so financially; seems as though it might help me to repair my C drive disk errors.....am including a screen capture of the WinDirStat results that focus upon in part the RECYCLER cascade and an unnamed alphanumeric function.....


.....or, maybe NOT - doesn't appear to be successfully pasting; please let me know what, if anthing, I can do to insert it and 2 other screen captures in this thread later today.....does WinDirStat allow for deleting programs from the display at all? Seems there's some sort of clean up feature in the toolbar......thanks SO much for your assistance! Need to get some sleep as it's just after 4:00 AM Eastern! Jim






MidnightDistort said:
Hmmm.. well all looks fine to me with the defrag. Anyway you might want to try out Winderstat: http://sourceforge.net/projects/windirstat/

The download is small 632KB (647,168 bytes)

Installation Space Required: 1.3MB

2,400,256 bytes 2.29MB (actual installation size)

I made sure i wasn't doing anything else but that's the general size. It took me so long to reply (like 3 hours) i'm using my current PC to run SpinRite on a couple of new HDD's and using my '99 PC and i found out it's terrible at multitasking (music and internet browsing) so i have to tweak my programs priority rate so i can still try to multitask. Anyway that program will tell you how much you have and you can go through to see if there's anything you can delete or transfer elsewhere.

m
0
l
August 21, 2012 5:16:04 PM

I don't know what happened with your System32 folder. Thats really weird, unless it's hidden..

Usually if an OS is having too many frequent issues a re-installation of the OS would be in order. However in your case with the lack of a second hard drive to back up your data keeping the OS intact would be your main priority. I'm not a super tech so i couldn't tell you how to retain those items, maybe an installation repair but again, that would require you to back up your data as you don't want anything to happen to it.

As for WinDirStat, i'm not sure if you can delete files in the program itself, but you can try. Just make sure not to delete anything important, lol. Anyway if you have any files your not sure to delete, do the PrtScn function and post the item on here or you can just let us know what it is. I need to use that program to get rid of large mp3 files or convert them down to a lower biterate as i've collected so much over the years. Anyway hopefully you can free up more space with the WinDirStat program.
m
0
l
!