Jump to content

iainwith2is

Members
 View Profile  See their activity

  • Posts

    20

  • Joined

  • Last visited

Tech Info

  • Experience
    some_experience
  • System: windows_xp

iainwith2is's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. iainwith2is
    cheers folks
  2. iainwith2is
    Hi, I've been video-ing myself on the driving range (yes, sad I know!) and watching it back in media player. My galaxy S records in MPEG-4 which is fine to watch in media player and play forward each frame but I can only play forward by a frame rather than backwards and I cannot slow down the play back. Can anyone recommend a software that would enable me to do this? Ta very muchly.
  3. iainwith2is
    Hi, I went and installed Avira and everything looks hunky-dory. Thank you for the help, there's no way I could have done it myself its way beyond the PC knowledge I have. Its nice to reply to these posts without my phone!
  4. iainwith2is
    Any AV that you would recommend in particular? How about the stuff I have installed during this process, remove, keep, run some occasionally?
  5. iainwith2is
    I am correctly in assuming AVG has been completely removed?: All processes killed ========== SERVICES/DRIVERS ========== Error: No service named Avg was found to stop! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avg deleted successfully. Error: Unable to stop service AVGIDSAgent! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSAgent deleted successfully. Error: Unable to stop service AVGIDSDriver! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSDriver deleted successfully. Error: Unable to stop service AVGIDSEH! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSEH deleted successfully. Error: Unable to stop service AVGIDSFilter! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSFilter deleted successfully. Error: Unable to stop service AVGIDSShim! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSShim deleted successfully. Error: Unable to stop service Avgldx86! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgldx86 deleted successfully. Error: Unable to stop service Avgmfx86! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgmfx86 deleted successfully. Error: Unable to stop service Avgrkx86! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgrkx86 deleted successfully. Error: Unable to stop service Avgtdix! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgtdix deleted successfully. Error: Unable to stop service avgwd! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgwd deleted successfully. Error: No service named AVG Security Toolbar Service was found to stop! Service\Driver key AVG Security Toolbar Service not found. Error: No service named avg9emc was found to stop! Service\Driver key avg9emc not found. Error: No service named avg9wd was found to stop! Service\Driver key avg9wd not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert\ not found. Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished\ not found. Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound\ not found. Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted\ not found. Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd\ not found. Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail\ not found. Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart\ not found. Registry key HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray\ not found. Registry key HKEY_CURRENT_USER\Software\Avg\ deleted successfully. Registry key HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension\ deleted successfully. Registry key HKEY_CLASSES_ROOT\.avgdx not found. Registry key HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95} \ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found. Registry key HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension\ deleted successfully. Registry key HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE\ not found. Registry key HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF\ not found. Registry key HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98\ deleted successfully. Registry key HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE\ not found. Registry key HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF\ not found. Registry key HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98\ deleted successfully. Registry key HKEY_CLASSES_ROOT\Installer\UpgradeCodes\06DD9E4F7F3FF9C41BC2BD64A2CE18FE\ deleted successfully. Registry key HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10\ deleted successfully. Registry key HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011\ deleted successfully. Registry value HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter\\ deleted successfully. Registry value HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1\\ deleted successfully. Registry value HKEY_CLASSES_ROOT\MicroScanner.MicroScanner\\ deleted successfully. Registry key HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension\ deleted successfully. Registry key HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\AVG\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0323CB96-221A-4042-84A3-93EDE47099FC}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG\ deleted successfully. Registry key HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABED-40e0-8F7B-6DE4F6756F0B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{976BA62F-ABED-40e0-8F7B-6DE4F6756F0B}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEE-40e0-8F7B-6DE4F6756F0B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{976BA62F-ABEE-40e0-8F7B-6DE4F6756F0B}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEF-40e0-8F7B-6DE4F6756F0B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{976BA62F-ABEF-40e0-8F7B-6DE4F6756F0B}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ not found. Registry key HKEY_CLASSES_ROOT\PROTOCOLS\Handler\avgsecuritytoolbar\ not found. Registry key HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry key HKEY_CURRENT_USER\Software\AppDataLow\Avg\ not found. Registry key HKEY_CURRENT_USER\Software\AVG Security Toolbar\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\AVG Security Toolbar\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms\ not found. Registry key HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayRSAlert\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinished\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinishedThreatFound\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanStarted\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayWSAlert\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgtray\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\Software\Avg\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVG9_TRAY not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f963a5b-e555-4543-90e2-c3908898db71}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\avg@igeared not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList\\AVG deleted successfully. ========== FILES ========== C:\$AVG\$VAULT folder moved successfully. C:\$AVG folder moved successfully. Invalid Environment Variable: COMMONAPPDATA Invalid Environment Variable: COMMONAPPDATA Invalid Environment Variable: COMMONPROGRAMS C:\Documents and Settings\Woko\Application Data\AVG10\cfgall folder moved successfully. C:\Documents and Settings\Woko\Application Data\AVG10 folder moved successfully. C:\Program Files\AVG\AVG9 folder moved successfully. C:\Program Files\AVG\AVG10\PCTuneup folder moved successfully. C:\Program Files\AVG\AVG10\Notification folder moved successfully. C:\Program Files\AVG\AVG10\Identity Protection\Agent\driver\platform_XP folder moved successfully. C:\Program Files\AVG\AVG10\Identity Protection\Agent\driver folder moved successfully. C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin folder moved successfully. C:\Program Files\AVG\AVG10\Identity Protection\Agent folder moved successfully. C:\Program Files\AVG\AVG10\Identity Protection folder moved successfully. C:\Program Files\AVG\AVG10\Icons folder moved successfully. C:\Program Files\AVG\AVG10\Firefox4\Components folder moved successfully. C:\Program Files\AVG\AVG10\Firefox4\Chrome folder moved successfully. C:\Program Files\AVG\AVG10\Firefox4 folder moved successfully. C:\Program Files\AVG\AVG10\Firefox\Chrome folder moved successfully. C:\Program Files\AVG\AVG10\Firefox folder moved successfully. C:\Program Files\AVG\AVG10\Drivers\XP folder moved successfully. C:\Program Files\AVG\AVG10\Drivers\ErHrXpx86 folder moved successfully. C:\Program Files\AVG\AVG10\Drivers folder moved successfully. C:\Program Files\AVG\AVG10\Chrome folder moved successfully. C:\Program Files\AVG\AVG10\3rd_party\licenses folder moved successfully. C:\Program Files\AVG\AVG10\3rd_party folder moved successfully. Folder move failed. C:\Program Files\AVG\AVG10 scheduled to be moved on reboot. Folder move failed. C:\Program Files\AVG scheduled to be moved on reboot. Invalid Environment Variable: SYSTEM Invalid Environment Variable: COMMONAPPDATA Invalid Environment Variable: COMMONAPPDATA Invalid Environment Variable: COMMONPrograms Invalid Environment Variable: COMMONAPPDATA Invalid Environment Variable: COMMONDESKTOP Invalid Environment Variable: SYSTEM Invalid Environment Variable: SYSTEM Invalid Environment Variable: SYSTEM Invalid Environment Variable: SYSTEM Invalid Environment Variable: SYSTEM Invalid Environment Variable: SYSTEM Invalid Environment Variable: SYSTEM Invalid Environment Variable: SYSTEM Invalid Environment Variable: COMMONDesktop File/Folder C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml not found. Invalid Environment Variable: SYSTEM ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 124442984 bytes ->Flash cache emptied: 4023 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1707492322 bytes ->Java cache emptied: 69885 bytes ->Flash cache emptied: 79739 bytes User: Nicola ->Temp folder emptied: 72636750 bytes ->Temporary Internet Files folder emptied: 11589094 bytes ->Java cache emptied: 26188 bytes ->FireFox cache emptied: 52663456 bytes ->Flash cache emptied: 70204 bytes User: Owner ->Temporary Internet Files folder emptied: 48838 bytes User: Woko ->Temp folder emptied: 4834607 bytes ->Temporary Internet Files folder emptied: 3905811 bytes ->Java cache emptied: 277863 bytes ->FireFox cache emptied: 190843525 bytes ->Flash cache emptied: 58071 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 3281601 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 87229774 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2,155.00 mb OTL by OldTimer - Version 3.2.25.0 log created on 07032011_143802 Files\Folders moved on Reboot... C:\Program Files\AVG\AVG10 folder moved successfully. C:\Program Files\AVG folder moved successfully. Registry entries deleted on Reboot...
  6. iainwith2is
    I see from your earlier posts that by installing either MSE or Avira I must remove old anti-virus but I'm having trouble removing AVG!?
  7. iainwith2is
    OTL extras: OTL Extras logfile created on: 7/1/2011 3:17:31 PM - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Woko\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.29% Memory free 3.84 Gb Paging File | 3.64 Gb Available in Paging File | 94.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 49.22 Gb Free Space | 66.04% Space Free | Partition Type: NTFS Computer Name: NC4200 | User Name: Woko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "5910:TCP" = 5910:TCP:*:Enabled:vnc5910 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Tesco\Downloaderv2\Tesco.DLM.Installer.Helper.exe" = C:\Program Files\Tesco\Downloaderv2\Tesco.DLM.Installer.Helper.exe:*:Enabled:Tesco.DLM.Installer.Helper.exe "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}" = PIF DESIGNER2.1 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{228814B2-6A64-4AD5-8D2D-4E2188DEB191}" = AVG 2011 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21 "{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup "{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.1.5 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = IntelĀ® Graphics Media Accelerator Driver for Mobile "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96D33319-C14C-3070-A464-CE8416E46487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5 "{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = TIPCI "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D22AFEDF-6A5B-459D-A9EA-D16E422E4C18}" = Nokia Connectivity Cable Driver "{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = TIPCIxx20 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "All ATI Software" = ATI - Software Uninstall Utility "Any Video Converter_is1" = Any Video Converter 3.2.3 "ATI Display Driver" = ATI Display Driver "AVG" = AVG 2011 "AVS Update Manager_is1" = AVS Update Manager 1.0 "Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.7.0 "DVD43_is1" = DVD43 v4.6.0 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON Printer Software "ESC46 Reference Guide" = ESC46 Reference Guide "ESC46 Software Guide" = ESC46 Software Guide "Google Calendar Sync" = Google Calendar Sync "ie8" = Windows Internet Explorer 8 "InstallShield_{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy "InstallShield_{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "InstallShield_{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = Texas Instruments PCIxx20 drivers. "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "SynTPDeinstKey" = Synaptics Pointing Device Driver "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/24/2011 7:37:51 PM | Computer Name = NC4200 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/24/2011 7:37:53 PM | Computer Name = NC4200 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/25/2011 5:39:53 AM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 6/25/2011 5:40:03 AM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/25/2011 8:37:34 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 6/25/2011 8:38:04 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/25/2011 8:38:07 PM | Computer Name = NC4200 | Source = Application Error | ID = 1001 Description = Fault bucket -1796944378. Error - 6/26/2011 5:13:06 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/27/2011 3:31:31 PM | Computer Name = NC4200 | Source = MsiInstaller | ID = 11921 Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 1921. SA_Error1921: StandardAction(0xC0070781): Service 'AVG WatchDog' (avgwd) could not be stopped. Verify that you have sufficient privileges to stop system services. Error - 6/27/2011 3:37:21 PM | Computer Name = NC4200 | Source = MsiInstaller | ID = 10005 Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed [ OSession Events ] Error - 4/4/2011 1:54:59 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 2:20:17 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 2:32:04 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 3:52:16 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 3:52:28 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the BITS service. Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7000 Description = The Background Intelligent Transfer Service service failed to start due to the following error: %%1053 Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/28/2011 4:17:35 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7031 Description = The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 6/28/2011 4:24:36 PM | Computer Name = NC4200 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.156 for the Network Card with network address 00166F616EFF has been denied by the DHCP server 10.23.121.17 (The DHCP Server sent a DHCPNACK message). Error - 6/28/2011 4:25:02 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/28/2011 5:46:15 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/29/2011 1:33:42 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/30/2011 1:49:16 PM | Computer Name = NC4200 | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. Error - 7/1/2011 10:10:37 AM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH < End of report >
  8. iainwith2is
    OTL: OTL logfile created on: 7/1/2011 3:17:31 PM - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Woko\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.29% Memory free 3.84 Gb Paging File | 3.64 Gb Available in Paging File | 94.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 49.22 Gb Free Space | 66.04% Space Free | Partition Type: NTFS Computer Name: NC4200 | User Name: Woko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Woko\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Woko\Desktop\OTL.scr (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (w29n51) IntelĀ® -- C:\WINDOWS\system32\drivers\w29n51.sys (IntelĀ® Corporation) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (aliadwdm) -- C:\WINDOWS\system32\drivers\ac97ali.sys (Acer Laboratories Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (CONAN) -- C:\WINDOWS\system32\drivers\o2mmb.sys (O2 Micro ) DRV - (MbxStby) -- C:\WINDOWS\system32\drivers\MbxStby.sys (O2 Micro) DRV - (SCM488C) -- C:\WINDOWS\system32\drivers\pscr.sys (SCM Microsystems, Inc.) DRV - (ALiIRDA) -- C:\WINDOWS\system32\drivers\alifir.sys (Acer Laboratories Inc.) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 B6 A1 DD AA 32 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/sport1/hi/tennis/9523296.stm" FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 15:08:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 15:11:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 17:57:30 | 000,000,000 | ---D | M] [2011/06/24 16:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Woko\Application Data\Mozilla\Extensions [2011/04/22 22:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/09/17 16:59:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} File not found (No name found) -- [2011/06/24 15:08:16 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 [2010/09/17 16:58:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/04/10 18:26:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/07/01 15:10:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/09/17 16:58:55 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2011/06/30 18:42:18 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ATIPTA] File not found O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [EPSON Stylus C46 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LidPolicy] c:\Program Files\Hewlett-Packard\LidSwitch Policy\PwrSchem.exe (Hewlett-Packard) O4 - HKLM..\Run: [PHIME2002A] File not found O4 - HKLM..\Run: [PHIME2002ASync] File not found O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://bristolremote.workman.co.uk/XTSAC.cab (XTSAC Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: dvd43 - hkey= - key= - C:\Program Files\dvd43\DVD43_Tray.exe () MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) MsConfig - StartUpReg: NokiaMServer - hkey= - key= - File not found MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/07/01 15:14:13 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Woko\Desktop\OTL.scr [2011/06/30 18:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\DoctorWeb [2011/06/29 18:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\avg [2011/06/27 20:28:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/06/27 20:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Videos [2011/06/27 20:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Administrative Tools [2011/06/27 20:25:08 | 004,127,961 | R--- | C] (Swearware) -- C:\Documents and Settings\Woko\Desktop\Combo-Fix.exe [2011/06/27 17:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop\tdsskiller [2011/06/26 22:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\WinRAR [2011/06/26 09:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop\RK_Quarantine [2011/06/26 09:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\My Documents\Downloads [2011/06/26 01:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Malwarebytes [2011/06/24 21:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Tracing [2011/06/24 21:12:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\IECompatCache [2011/06/24 21:11:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\PrivacIE [2011/06/24 21:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Adobe [2011/06/24 16:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Mozilla [2011/06/24 16:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Mozilla [2011/06/24 16:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\AVG10 [2011/06/24 16:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Apple Computer [2011/06/24 16:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Apple Computer [2011/06/24 16:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Google [2011/06/24 16:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Identities [2011/06/24 16:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Pictures [2011/06/24 16:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Music [2011/06/24 16:30:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\IETldCache [2011/06/24 16:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\PC Suite [2011/06/24 16:30:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Woko\Application Data\Microsoft [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\SendTo [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\Recent [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\Application Data [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Startup [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Favorites [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Accessories [2011/06/24 16:30:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\Cookies [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\Templates [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\PrintHood [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\NetHood [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\Local Settings [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Microsoft [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Macromedia [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop [2011/06/15 19:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\adidas [2011/06/11 19:29:27 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/01 15:14:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Woko\Desktop\OTL.scr [2011/07/01 15:10:38 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/07/01 15:10:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/07/01 15:10:18 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys [2011/07/01 06:10:51 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\DrWeb.csv [2011/06/30 18:42:18 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/06/30 18:19:28 | 068,941,072 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\drweb-cureit.exe [2011/06/29 18:41:22 | 078,849,187 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm [2011/06/29 18:41:22 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\iavichjw.avm [2011/06/27 20:27:27 | 004,127,961 | R--- | M] (Swearware) -- C:\Documents and Settings\Woko\Desktop\Combo-Fix.exe [2011/06/27 17:46:41 | 001,316,026 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\tdsskiller.zip [2011/06/26 19:41:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/06/26 09:56:09 | 000,510,976 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\RogueKiller.exe [2011/06/26 01:39:45 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/06/24 21:06:33 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2011/06/24 18:37:32 | 000,434,206 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-184040.backup [2011/06/24 17:24:51 | 000,434,206 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-183731.backup [2011/06/24 16:30:53 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/06/24 16:30:50 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/06/24 15:08:18 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk [2011/06/20 21:25:25 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/06/20 21:25:25 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/06/15 17:57:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/06/14 17:38:55 | 000,001,504 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mbkv74n4pw410j [2011/06/12 18:29:53 | 000,001,228 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\240238c4428eeufaje [2011/06/11 19:29:27 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/01 06:10:51 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\DrWeb.csv [2011/06/30 18:11:58 | 068,941,072 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\drweb-cureit.exe [2011/06/29 18:41:22 | 078,849,187 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm [2011/06/29 18:41:22 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\iavichjw.avm [2011/06/26 22:15:07 | 001,316,026 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\tdsskiller.zip [2011/06/26 09:56:08 | 000,510,976 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\RogueKiller.exe [2011/06/26 01:39:44 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/06/24 21:06:33 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2011/06/24 16:30:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/06/24 16:30:53 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Internet Explorer.lnk [2011/06/24 16:30:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/06/24 16:30:42 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Windows Media Player.lnk [2011/06/24 16:30:38 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Outlook Express.lnk [2011/06/24 16:30:12 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Remote Assistance.lnk [2011/06/15 17:57:31 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/06/14 17:38:55 | 000,001,504 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mbkv74n4pw410j [2011/06/12 18:29:53 | 000,001,228 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\240238c4428eeufaje [2011/05/31 22:17:50 | 000,188,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/05/23 23:03:06 | 000,001,352 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h0387md7ekpl3vuk24yy [2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011/04/22 11:48:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/04/22 11:48:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/04/15 21:17:53 | 000,001,300 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k5542164r0fmo474gk6utkw10fwdw07 [2011/02/13 16:58:53 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT [2011/02/13 16:56:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC46Euro.ini [2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2010/11/25 21:24:49 | 000,074,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/11/07 00:48:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/09/14 22:31:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/06/20 20:13:18 | 004,477,539 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2009/06/20 20:13:18 | 000,832,632 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2009/06/20 20:13:18 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/06/20 20:13:18 | 000,557,469 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2009/06/20 20:13:18 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2009/06/20 20:13:18 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2009/06/20 20:13:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2009/06/20 20:13:18 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2009/06/20 20:13:18 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2009/06/20 20:13:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2009/06/20 20:13:16 | 000,176,640 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2009/06/20 20:13:16 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll [2009/06/20 20:13:16 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll [2009/06/20 19:28:02 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/06/14 16:21:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll [2009/06/14 16:21:32 | 000,237,056 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2009/05/18 09:24:22 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe [2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll [2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll [2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll [2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll [2009/01/10 23:16:04 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe [2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll [2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll [2009/01/10 23:15:36 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe [2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll [2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll [2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll [2009/01/10 23:15:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe [2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini [2004/08/04 13:00:00 | 000,437,206 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 13:00:00 | 000,069,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003/03/31 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003/03/31 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003/03/31 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003/03/31 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003/03/31 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003/03/31 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002/05/28 19:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/28 19:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [1980/02/16 20:20:19 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe [1980/02/16 20:20:19 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [1980/02/16 19:35:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [1980/02/16 19:27:12 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [1980/02/16 19:12:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [1980/02/16 19:09:58 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011/05/15 00:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/10/16 09:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/10/16 10:02:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/10/20 22:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz [2011/04/08 17:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2010/09/25 17:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2010/09/25 17:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2010/09/25 17:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2011/05/31 20:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2011/02/13 17:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2010/10/17 21:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2010/11/25 20:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/06/24 16:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woko\Application Data\AVG10 [2011/06/24 16:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woko\Application Data\PC Suite [2011/05/14 13:22:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2011/06/26 22:18:05 | 000,039,414 | ---- | M] () -- C:\aaw7boot.log [2010/10/30 17:30:22 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/10/04 21:25:02 | 000,000,192 | ---- | M] () -- C:\BcBtRmv.log [2011/05/07 19:55:18 | 000,000,211 | RHS- | M] () -- C:\boot.ini [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011/07/01 15:10:18 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys [1980/02/16 19:31:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [1980/02/16 19:31:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010/06/14 17:59:42 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/09/25 16:12:03 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/07/01 15:10:16 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2011/06/26 22:16:45 | 000,044,810 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_26.06.2011_22.15.35_log.txt [2011/06/27 17:45:00 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_27.06.2011_17.44.55_log.txt [2011/06/27 17:46:32 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_27.06.2011_17.46.18_log.txt [2011/06/27 17:48:41 | 000,043,796 | ---- | M] () -- C:\TDSSKiller.2.5.6.0_27.06.2011_17.47.38_log.txt < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2009/07/07 20:14:51 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008/11/27 18:12:13 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav [2009/07/07 20:14:51 | 009,961,472 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009/07/07 20:14:51 | 004,194,304 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe < End of report >
  9. iainwith2is
    ok here is DrWeb: A0099755.com;C:\System Volume Information\_restore{729F0D3A-B16D-40D2-932F-F7795C61C8BA}\RP174;Trojan.Siggen2.42152;Incurable.Moved.;
  10. iainwith2is
    ok it took 6 hours to run DrWeb and found 1 item, here is the report and OTL's too: A0099755.com;C:\System Volume Information\_restore{729F0D3A-B16D-40D2-932F-F7795C61C8BA}\RP174;Trojan.Siggen2.42152;Incurable.Moved.; OTL logfile created on: 7/1/2011 3:17:31 PM - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Woko\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.29% Memory free 3.84 Gb Paging File | 3.64 Gb Available in Paging File | 94.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 49.22 Gb Free Space | 66.04% Space Free | Partition Type: NTFS Computer Name: NC4200 | User Name: Woko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Woko\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Woko\Desktop\OTL.scr (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (w29n51) IntelĀ® -- C:\WINDOWS\system32\drivers\w29n51.sys (IntelĀ® Corporation) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (aliadwdm) -- C:\WINDOWS\system32\drivers\ac97ali.sys (Acer Laboratories Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (CONAN) -- C:\WINDOWS\system32\drivers\o2mmb.sys (O2 Micro ) DRV - (MbxStby) -- C:\WINDOWS\system32\drivers\MbxStby.sys (O2 Micro) DRV - (SCM488C) -- C:\WINDOWS\system32\drivers\pscr.sys (SCM Microsystems, Inc.) DRV - (ALiIRDA) -- C:\WINDOWS\system32\drivers\alifir.sys (Acer Laboratories Inc.) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 B6 A1 DD AA 32 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/sport1/hi/tennis/9523296.stm" FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 15:08:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 15:11:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 17:57:30 | 000,000,000 | ---D | M] [2011/06/24 16:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Woko\Application Data\Mozilla\Extensions [2011/04/22 22:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/09/17 16:59:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} File not found (No name found) -- [2011/06/24 15:08:16 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 [2010/09/17 16:58:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/04/10 18:26:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/07/01 15:10:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/09/17 16:58:55 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2011/06/30 18:42:18 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ATIPTA] File not found O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [EPSON Stylus C46 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LidPolicy] c:\Program Files\Hewlett-Packard\LidSwitch Policy\PwrSchem.exe (Hewlett-Packard) O4 - HKLM..\Run: [PHIME2002A] File not found O4 - HKLM..\Run: [PHIME2002ASync] File not found O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://bristolremote.workman.co.uk/XTSAC.cab (XTSAC Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: dvd43 - hkey= - key= - C:\Program Files\dvd43\DVD43_Tray.exe () MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) MsConfig - StartUpReg: NokiaMServer - hkey= - key= - File not found MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/07/01 15:14:13 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Woko\Desktop\OTL.scr [2011/06/30 18:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\DoctorWeb [2011/06/29 18:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\avg [2011/06/27 20:28:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/06/27 20:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Videos [2011/06/27 20:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Administrative Tools [2011/06/27 20:25:08 | 004,127,961 | R--- | C] (Swearware) -- C:\Documents and Settings\Woko\Desktop\Combo-Fix.exe [2011/06/27 17:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop\tdsskiller [2011/06/26 22:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\WinRAR [2011/06/26 09:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop\RK_Quarantine [2011/06/26 09:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\My Documents\Downloads [2011/06/26 01:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Malwarebytes [2011/06/24 21:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Tracing [2011/06/24 21:12:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\IECompatCache [2011/06/24 21:11:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\PrivacIE [2011/06/24 21:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Adobe [2011/06/24 16:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Mozilla [2011/06/24 16:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Mozilla [2011/06/24 16:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\AVG10 [2011/06/24 16:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Apple Computer [2011/06/24 16:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Apple Computer [2011/06/24 16:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Google [2011/06/24 16:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Identities [2011/06/24 16:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Pictures [2011/06/24 16:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Music [2011/06/24 16:30:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\IETldCache [2011/06/24 16:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\PC Suite [2011/06/24 16:30:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Woko\Application Data\Microsoft [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\SendTo [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\Recent [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\Application Data [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Startup [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Favorites [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Accessories [2011/06/24 16:30:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\Cookies [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\Templates [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\PrintHood [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\NetHood [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\Local Settings [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Microsoft [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Macromedia [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop [2011/06/15 19:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\adidas [2011/06/11 19:29:27 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/01 15:14:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Woko\Desktop\OTL.scr [2011/07/01 15:10:38 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/07/01 15:10:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/07/01 15:10:18 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys [2011/07/01 06:10:51 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\DrWeb.csv [2011/06/30 18:42:18 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/06/30 18:19:28 | 068,941,072 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\drweb-cureit.exe [2011/06/29 18:41:22 | 078,849,187 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm [2011/06/29 18:41:22 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\iavichjw.avm [2011/06/27 20:27:27 | 004,127,961 | R--- | M] (Swearware) -- C:\Documents and Settings\Woko\Desktop\Combo-Fix.exe [2011/06/27 17:46:41 | 001,316,026 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\tdsskiller.zip [2011/06/26 19:41:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/06/26 09:56:09 | 000,510,976 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\RogueKiller.exe [2011/06/26 01:39:45 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/06/24 21:06:33 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2011/06/24 18:37:32 | 000,434,206 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-184040.backup [2011/06/24 17:24:51 | 000,434,206 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-183731.backup [2011/06/24 16:30:53 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/06/24 16:30:50 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/06/24 15:08:18 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk [2011/06/20 21:25:25 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/06/20 21:25:25 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/06/15 17:57:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/06/14 17:38:55 | 000,001,504 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mbkv74n4pw410j [2011/06/12 18:29:53 | 000,001,228 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\240238c4428eeufaje [2011/06/11 19:29:27 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/01 06:10:51 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\DrWeb.csv [2011/06/30 18:11:58 | 068,941,072 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\drweb-cureit.exe [2011/06/29 18:41:22 | 078,849,187 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm [2011/06/29 18:41:22 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\iavichjw.avm [2011/06/26 22:15:07 | 001,316,026 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\tdsskiller.zip [2011/06/26 09:56:08 | 000,510,976 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\RogueKiller.exe [2011/06/26 01:39:44 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/06/24 21:06:33 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2011/06/24 16:30:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/06/24 16:30:53 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Internet Explorer.lnk [2011/06/24 16:30:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/06/24 16:30:42 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Windows Media Player.lnk [2011/06/24 16:30:38 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Outlook Express.lnk [2011/06/24 16:30:12 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Remote Assistance.lnk [2011/06/15 17:57:31 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/06/14 17:38:55 | 000,001,504 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mbkv74n4pw410j [2011/06/12 18:29:53 | 000,001,228 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\240238c4428eeufaje [2011/05/31 22:17:50 | 000,188,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/05/23 23:03:06 | 000,001,352 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h0387md7ekpl3vuk24yy [2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011/04/22 11:48:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/04/22 11:48:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/04/15 21:17:53 | 000,001,300 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k5542164r0fmo474gk6utkw10fwdw07 [2011/02/13 16:58:53 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT [2011/02/13 16:56:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC46Euro.ini [2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2010/11/25 21:24:49 | 000,074,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/11/07 00:48:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/09/14 22:31:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/06/20 20:13:18 | 004,477,539 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2009/06/20 20:13:18 | 000,832,632 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2009/06/20 20:13:18 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/06/20 20:13:18 | 000,557,469 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2009/06/20 20:13:18 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2009/06/20 20:13:18 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2009/06/20 20:13:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2009/06/20 20:13:18 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2009/06/20 20:13:18 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2009/06/20 20:13:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2009/06/20 20:13:16 | 000,176,640 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2009/06/20 20:13:16 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll [2009/06/20 20:13:16 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll [2009/06/20 19:28:02 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/06/14 16:21:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll [2009/06/14 16:21:32 | 000,237,056 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2009/05/18 09:24:22 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe [2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll [2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll [2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll [2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll [2009/01/10 23:16:04 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe [2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll [2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll [2009/01/10 23:15:36 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe [2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll [2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll [2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll [2009/01/10 23:15:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe [2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini [2004/08/04 13:00:00 | 000,437,206 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 13:00:00 | 000,069,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003/03/31 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003/03/31 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003/03/31 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003/03/31 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003/03/31 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003/03/31 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002/05/28 19:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/28 19:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [1980/02/16 20:20:19 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe [1980/02/16 20:20:19 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [1980/02/16 19:35:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [1980/02/16 19:27:12 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [1980/02/16 19:12:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [1980/02/16 19:09:58 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011/05/15 00:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/10/16 09:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/10/16 10:02:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/10/20 22:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz [2011/04/08 17:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2010/09/25 17:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2010/09/25 17:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2010/09/25 17:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2011/05/31 20:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2011/02/13 17:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2010/10/17 21:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2010/11/25 20:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/06/24 16:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woko\Application Data\AVG10 [2011/06/24 16:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woko\Application Data\PC Suite [2011/05/14 13:22:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2011/06/26 22:18:05 | 000,039,414 | ---- | M] () -- C:\aaw7boot.log [2010/10/30 17:30:22 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/10/04 21:25:02 | 000,000,192 | ---- | M] () -- C:\BcBtRmv.log [2011/05/07 19:55:18 | 000,000,211 | RHS- | M] () -- C:\boot.ini [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011/07/01 15:10:18 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys [1980/02/16 19:31:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [1980/02/16 19:31:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010/06/14 17:59:42 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/09/25 16:12:03 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/07/01 15:10:16 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2011/06/26 22:16:45 | 000,044,810 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_26.06.2011_22.15.35_log.txt [2011/06/27 17:45:00 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_27.06.2011_17.44.55_log.txt [2011/06/27 17:46:32 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_27.06.2011_17.46.18_log.txt [2011/06/27 17:48:41 | 000,043,796 | ---- | M] () -- C:\TDSSKiller.2.5.6.0_27.06.2011_17.47.38_log.txt < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2009/07/07 20:14:51 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008/11/27 18:12:13 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav [2009/07/07 20:14:51 | 009,961,472 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009/07/07 20:14:51 | 004,194,304 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe < End of report > OTL Extras logfile created on: 7/1/2011 3:17:31 PM - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Woko\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.29% Memory free 3.84 Gb Paging File | 3.64 Gb Available in Paging File | 94.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 49.22 Gb Free Space | 66.04% Space Free | Partition Type: NTFS Computer Name: NC4200 | User Name: Woko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "5910:TCP" = 5910:TCP:*:Enabled:vnc5910 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Tesco\Downloaderv2\Tesco.DLM.Installer.Helper.exe" = C:\Program Files\Tesco\Downloaderv2\Tesco.DLM.Installer.Helper.exe:*:Enabled:Tesco.DLM.Installer.Helper.exe "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}" = PIF DESIGNER2.1 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{228814B2-6A64-4AD5-8D2D-4E2188DEB191}" = AVG 2011 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21 "{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup "{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.1.5 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = IntelĀ® Graphics Media Accelerator Driver for Mobile "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96D33319-C14C-3070-A464-CE8416E46487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5 "{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = TIPCI "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D22AFEDF-6A5B-459D-A9EA-D16E422E4C18}" = Nokia Connectivity Cable Driver "{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = TIPCIxx20 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "All ATI Software" = ATI - Software Uninstall Utility "Any Video Converter_is1" = Any Video Converter 3.2.3 "ATI Display Driver" = ATI Display Driver "AVG" = AVG 2011 "AVS Update Manager_is1" = AVS Update Manager 1.0 "Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.7.0 "DVD43_is1" = DVD43 v4.6.0 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON Printer Software "ESC46 Reference Guide" = ESC46 Reference Guide "ESC46 Software Guide" = ESC46 Software Guide "Google Calendar Sync" = Google Calendar Sync "ie8" = Windows Internet Explorer 8 "InstallShield_{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy "InstallShield_{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "InstallShield_{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = Texas Instruments PCIxx20 drivers. "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "SynTPDeinstKey" = Synaptics Pointing Device Driver "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/24/2011 7:37:51 PM | Computer Name = NC4200 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/24/2011 7:37:53 PM | Computer Name = NC4200 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/25/2011 5:39:53 AM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 6/25/2011 5:40:03 AM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/25/2011 8:37:34 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 6/25/2011 8:38:04 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/25/2011 8:38:07 PM | Computer Name = NC4200 | Source = Application Error | ID = 1001 Description = Fault bucket -1796944378. Error - 6/26/2011 5:13:06 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/27/2011 3:31:31 PM | Computer Name = NC4200 | Source = MsiInstaller | ID = 11921 Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 1921. SA_Error1921: StandardAction(0xC0070781): Service 'AVG WatchDog' (avgwd) could not be stopped. Verify that you have sufficient privileges to stop system services. Error - 6/27/2011 3:37:21 PM | Computer Name = NC4200 | Source = MsiInstaller | ID = 10005 Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed [ OSession Events ] Error - 4/4/2011 1:54:59 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 2:20:17 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 2:32:04 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 3:52:16 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 3:52:28 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the BITS service. Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7000 Description = The Background Intelligent Transfer Service service failed to start due to the following error: %%1053 Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/28/2011 4:17:35 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7031 Description = The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 6/28/2011 4:24:36 PM | Computer Name = NC4200 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.156 for the Network Card with network address 00166F616EFF has been denied by the DHCP server 10.23.121.17 (The DHCP Server sent a DHCPNACK message). Error - 6/28/2011 4:25:02 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/28/2011 5:46:15 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/29/2011 1:33:42 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/30/2011 1:49:16 PM | Computer Name = NC4200 | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. Error - 7/1/2011 10:10:37 AM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH < End of report >
  11. iainwith2is
    OK nearly 6 hours later and i have run DrWeb (found 1 item) and OTL. Here are the reports as requested: A0099755.com;C:\System Volume Information\_restore{729F0D3A-B16D-40D2-932F-F7795C61C8BA}\RP174;Trojan.Siggen2.42152;Incurable.Moved.; OTL logfile created on: 7/1/2011 3:17:31 PM - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Woko\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.29% Memory free 3.84 Gb Paging File | 3.64 Gb Available in Paging File | 94.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 49.22 Gb Free Space | 66.04% Space Free | Partition Type: NTFS Computer Name: NC4200 | User Name: Woko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Woko\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Woko\Desktop\OTL.scr (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (w29n51) IntelĀ® -- C:\WINDOWS\system32\drivers\w29n51.sys (IntelĀ® Corporation) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (aliadwdm) -- C:\WINDOWS\system32\drivers\ac97ali.sys (Acer Laboratories Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (CONAN) -- C:\WINDOWS\system32\drivers\o2mmb.sys (O2 Micro ) DRV - (MbxStby) -- C:\WINDOWS\system32\drivers\MbxStby.sys (O2 Micro) DRV - (SCM488C) -- C:\WINDOWS\system32\drivers\pscr.sys (SCM Microsystems, Inc.) DRV - (ALiIRDA) -- C:\WINDOWS\system32\drivers\alifir.sys (Acer Laboratories Inc.) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 B6 A1 DD AA 32 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/sport1/hi/tennis/9523296.stm" FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 15:08:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 15:11:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 17:57:30 | 000,000,000 | ---D | M] [2011/06/24 16:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Woko\Application Data\Mozilla\Extensions [2011/04/22 22:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/09/17 16:59:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} File not found (No name found) -- [2011/06/24 15:08:16 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 [2010/09/17 16:58:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/04/10 18:26:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/07/01 15:10:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/09/17 16:58:55 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2011/06/30 18:42:18 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ATIPTA] File not found O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [EPSON Stylus C46 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LidPolicy] c:\Program Files\Hewlett-Packard\LidSwitch Policy\PwrSchem.exe (Hewlett-Packard) O4 - HKLM..\Run: [PHIME2002A] File not found O4 - HKLM..\Run: [PHIME2002ASync] File not found O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://bristolremote.workman.co.uk/XTSAC.cab (XTSAC Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: dvd43 - hkey= - key= - C:\Program Files\dvd43\DVD43_Tray.exe () MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) MsConfig - StartUpReg: NokiaMServer - hkey= - key= - File not found MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/07/01 15:14:13 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Woko\Desktop\OTL.scr [2011/06/30 18:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\DoctorWeb [2011/06/29 18:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\avg [2011/06/27 20:28:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/06/27 20:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Videos [2011/06/27 20:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Administrative Tools [2011/06/27 20:25:08 | 004,127,961 | R--- | C] (Swearware) -- C:\Documents and Settings\Woko\Desktop\Combo-Fix.exe [2011/06/27 17:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop\tdsskiller [2011/06/26 22:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\WinRAR [2011/06/26 09:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop\RK_Quarantine [2011/06/26 09:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\My Documents\Downloads [2011/06/26 01:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Malwarebytes [2011/06/24 21:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Tracing [2011/06/24 21:12:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\IECompatCache [2011/06/24 21:11:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\PrivacIE [2011/06/24 21:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Adobe [2011/06/24 16:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Mozilla [2011/06/24 16:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Mozilla [2011/06/24 16:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\AVG10 [2011/06/24 16:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Apple Computer [2011/06/24 16:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Apple Computer [2011/06/24 16:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Google [2011/06/24 16:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Identities [2011/06/24 16:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Pictures [2011/06/24 16:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Music [2011/06/24 16:30:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\IETldCache [2011/06/24 16:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\PC Suite [2011/06/24 16:30:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Woko\Application Data\Microsoft [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\SendTo [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\Recent [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\Application Data [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Startup [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Favorites [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Accessories [2011/06/24 16:30:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\Cookies [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\Templates [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\PrintHood [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\NetHood [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\Local Settings [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Microsoft [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Macromedia [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop [2011/06/15 19:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\adidas [2011/06/11 19:29:27 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/01 15:14:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Woko\Desktop\OTL.scr [2011/07/01 15:10:38 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/07/01 15:10:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/07/01 15:10:18 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys [2011/07/01 06:10:51 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\DrWeb.csv [2011/06/30 18:42:18 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/06/30 18:19:28 | 068,941,072 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\drweb-cureit.exe [2011/06/29 18:41:22 | 078,849,187 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm [2011/06/29 18:41:22 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\iavichjw.avm [2011/06/27 20:27:27 | 004,127,961 | R--- | M] (Swearware) -- C:\Documents and Settings\Woko\Desktop\Combo-Fix.exe [2011/06/27 17:46:41 | 001,316,026 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\tdsskiller.zip [2011/06/26 19:41:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/06/26 09:56:09 | 000,510,976 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\RogueKiller.exe [2011/06/26 01:39:45 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/06/24 21:06:33 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2011/06/24 18:37:32 | 000,434,206 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-184040.backup [2011/06/24 17:24:51 | 000,434,206 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-183731.backup [2011/06/24 16:30:53 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/06/24 16:30:50 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/06/24 15:08:18 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk [2011/06/20 21:25:25 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/06/20 21:25:25 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/06/15 17:57:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/06/14 17:38:55 | 000,001,504 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mbkv74n4pw410j [2011/06/12 18:29:53 | 000,001,228 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\240238c4428eeufaje [2011/06/11 19:29:27 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/01 06:10:51 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\DrWeb.csv [2011/06/30 18:11:58 | 068,941,072 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\drweb-cureit.exe [2011/06/29 18:41:22 | 078,849,187 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm [2011/06/29 18:41:22 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\iavichjw.avm [2011/06/26 22:15:07 | 001,316,026 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\tdsskiller.zip [2011/06/26 09:56:08 | 000,510,976 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\RogueKiller.exe [2011/06/26 01:39:44 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/06/24 21:06:33 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2011/06/24 16:30:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/06/24 16:30:53 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Internet Explorer.lnk [2011/06/24 16:30:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/06/24 16:30:42 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Windows Media Player.lnk [2011/06/24 16:30:38 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Outlook Express.lnk [2011/06/24 16:30:12 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Remote Assistance.lnk [2011/06/15 17:57:31 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/06/14 17:38:55 | 000,001,504 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mbkv74n4pw410j [2011/06/12 18:29:53 | 000,001,228 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\240238c4428eeufaje [2011/05/31 22:17:50 | 000,188,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/05/23 23:03:06 | 000,001,352 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h0387md7ekpl3vuk24yy [2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011/04/22 11:48:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/04/22 11:48:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/04/15 21:17:53 | 000,001,300 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k5542164r0fmo474gk6utkw10fwdw07 [2011/02/13 16:58:53 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT [2011/02/13 16:56:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC46Euro.ini [2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2010/11/25 21:24:49 | 000,074,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/11/07 00:48:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/09/14 22:31:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/06/20 20:13:18 | 004,477,539 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2009/06/20 20:13:18 | 000,832,632 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2009/06/20 20:13:18 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/06/20 20:13:18 | 000,557,469 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2009/06/20 20:13:18 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2009/06/20 20:13:18 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2009/06/20 20:13:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2009/06/20 20:13:18 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2009/06/20 20:13:18 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2009/06/20 20:13:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2009/06/20 20:13:16 | 000,176,640 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2009/06/20 20:13:16 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll [2009/06/20 20:13:16 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll [2009/06/20 19:28:02 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/06/14 16:21:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll [2009/06/14 16:21:32 | 000,237,056 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2009/05/18 09:24:22 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe [2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll [2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll [2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll [2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll [2009/01/10 23:16:04 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe [2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll [2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll [2009/01/10 23:15:36 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe [2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll [2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll [2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll [2009/01/10 23:15:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe [2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini [2004/08/04 13:00:00 | 000,437,206 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 13:00:00 | 000,069,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003/03/31 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003/03/31 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003/03/31 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003/03/31 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003/03/31 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003/03/31 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002/05/28 19:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/28 19:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [1980/02/16 20:20:19 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe [1980/02/16 20:20:19 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [1980/02/16 19:35:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [1980/02/16 19:27:12 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [1980/02/16 19:12:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [1980/02/16 19:09:58 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011/05/15 00:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/10/16 09:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/10/16 10:02:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/10/20 22:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz [2011/04/08 17:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2010/09/25 17:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2010/09/25 17:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2010/09/25 17:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2011/05/31 20:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2011/02/13 17:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2010/10/17 21:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2010/11/25 20:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/06/24 16:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woko\Application Data\AVG10 [2011/06/24 16:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woko\Application Data\PC Suite [2011/05/14 13:22:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2011/06/26 22:18:05 | 000,039,414 | ---- | M] () -- C:\aaw7boot.log [2010/10/30 17:30:22 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/10/04 21:25:02 | 000,000,192 | ---- | M] () -- C:\BcBtRmv.log [2011/05/07 19:55:18 | 000,000,211 | RHS- | M] () -- C:\boot.ini [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011/07/01 15:10:18 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys [1980/02/16 19:31:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [1980/02/16 19:31:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010/06/14 17:59:42 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/09/25 16:12:03 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/07/01 15:10:16 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2011/06/26 22:16:45 | 000,044,810 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_26.06.2011_22.15.35_log.txt [2011/06/27 17:45:00 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_27.06.2011_17.44.55_log.txt [2011/06/27 17:46:32 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_27.06.2011_17.46.18_log.txt [2011/06/27 17:48:41 | 000,043,796 | ---- | M] () -- C:\TDSSKiller.2.5.6.0_27.06.2011_17.47.38_log.txt < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2009/07/07 20:14:51 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008/11/27 18:12:13 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav [2009/07/07 20:14:51 | 009,961,472 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009/07/07 20:14:51 | 004,194,304 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe < End of report > OTL Extras logfile created on: 7/1/2011 3:17:31 PM - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Woko\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.29% Memory free 3.84 Gb Paging File | 3.64 Gb Available in Paging File | 94.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 49.22 Gb Free Space | 66.04% Space Free | Partition Type: NTFS Computer Name: NC4200 | User Name: Woko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "5910:TCP" = 5910:TCP:*:Enabled:vnc5910 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Tesco\Downloaderv2\Tesco.DLM.Installer.Helper.exe" = C:\Program Files\Tesco\Downloaderv2\Tesco.DLM.Installer.Helper.exe:*:Enabled:Tesco.DLM.Installer.Helper.exe "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}" = PIF DESIGNER2.1 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{228814B2-6A64-4AD5-8D2D-4E2188DEB191}" = AVG 2011 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21 "{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup "{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.1.5 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = IntelĀ® Graphics Media Accelerator Driver for Mobile "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96D33319-C14C-3070-A464-CE8416E46487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5 "{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = TIPCI "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D22AFEDF-6A5B-459D-A9EA-D16E422E4C18}" = Nokia Connectivity Cable Driver "{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = TIPCIxx20 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "All ATI Software" = ATI - Software Uninstall Utility "Any Video Converter_is1" = Any Video Converter 3.2.3 "ATI Display Driver" = ATI Display Driver "AVG" = AVG 2011 "AVS Update Manager_is1" = AVS Update Manager 1.0 "Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.7.0 "DVD43_is1" = DVD43 v4.6.0 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON Printer Software "ESC46 Reference Guide" = ESC46 Reference Guide "ESC46 Software Guide" = ESC46 Software Guide "Google Calendar Sync" = Google Calendar Sync "ie8" = Windows Internet Explorer 8 "InstallShield_{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy "InstallShield_{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "InstallShield_{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = Texas Instruments PCIxx20 drivers. "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "SynTPDeinstKey" = Synaptics Pointing Device Driver "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/24/2011 7:37:51 PM | Computer Name = NC4200 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/24/2011 7:37:53 PM | Computer Name = NC4200 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/25/2011 5:39:53 AM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 6/25/2011 5:40:03 AM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/25/2011 8:37:34 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 6/25/2011 8:38:04 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/25/2011 8:38:07 PM | Computer Name = NC4200 | Source = Application Error | ID = 1001 Description = Fault bucket -1796944378. Error - 6/26/2011 5:13:06 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/27/2011 3:31:31 PM | Computer Name = NC4200 | Source = MsiInstaller | ID = 11921 Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 1921. SA_Error1921: StandardAction(0xC0070781): Service 'AVG WatchDog' (avgwd) could not be stopped. Verify that you have sufficient privileges to stop system services. Error - 6/27/2011 3:37:21 PM | Computer Name = NC4200 | Source = MsiInstaller | ID = 10005 Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed [ OSession Events ] Error - 4/4/2011 1:54:59 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 2:20:17 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 2:32:04 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 3:52:16 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 3:52:28 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the BITS service. Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7000 Description = The Background Intelligent Transfer Service service failed to start due to the following error: %%1053 Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/28/2011 4:17:35 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7031 Description = The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 6/28/2011 4:24:36 PM | Computer Name = NC4200 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.156 for the Network Card with network address 00166F616EFF has been denied by the DHCP server 10.23.121.17 (The DHCP Server sent a DHCPNACK message). Error - 6/28/2011 4:25:02 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/28/2011 5:46:15 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/29/2011 1:33:42 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/30/2011 1:49:16 PM | Computer Name = NC4200 | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. Error - 7/1/2011 10:10:37 AM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH < End of report >
  12. iainwith2is
    Yes combofix starts and runs for a while before error message comes up.
  13. iainwith2is
    Warning box comes up saying combofix cannot run when avg is installed. Have to click ok and it ends.
  14. iainwith2is
    Removal tool. Dos window briefly appears showing commands before dissapearing before I have chance to read. Nothing appears to happen after that.
  15. iainwith2is
    Cannot uninstall AVG. Runs but nothing happens after first reboot.
×
×
  • Create New...