iainwith2is Posted June 24, 2011 Posted June 24, 2011 Hi, I have a big problem with my net book and I hope you guys can help with. A couple of weeks ago I must' ve picked up a virus that would randomly open new windows or redirect links to search engines etc. I was using firefox but have since tried IE and the same happened. I had AVG which didn't pick up any thing on a scan before down loading spy bot and ad aware, both found nothing during scans. This was annoying but I could still browse until this week where fire fox has started crashing after a few seconds and asks to send a error report, when it restarts it just gets stuck in a loop. When trying IE it will keep restoring until it cannot reload. Same thing it appears. I'm forced to enter this post on my phone as the fields keep getting wiped with the page reloads! I thought a full HD wipe by reinstalling XP would be the way forward but I have a 2nd hand net book so no cd. The product key is on the bottom but as its a netbook I only have an external cd drive which I purchased. I cannot see a winnt32.exe file on my c: either, something I saw to look for online. Any help would be appreciated, sorry for long post but wanted to write a clear description. I have some pc knowledge from using basics only. Thanks in advance. Quote
Jelly Bean Posted June 24, 2011 Posted June 24, 2011 Hello there. Always a problem when no CD disk is at hand.... I can sugest you contact the makers of the netbook and order a recovery CD disk from them...It will cost you money....Then use the external CD drive to run a recovery... However do you know if the netbook has a hidden recovery console? What is the make and model of this netbook? Quote Rwy'n ceisio fy ngorau......................
KenB Posted June 24, 2011 Posted June 24, 2011 Hi, If you prefer to try to sort the problem rather than re-install ... spy bot and ad aware, These are not the software of choice by security experts. They are a bit dated. Download MBAM from here: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html Install - update and run it. If it finds anything post the log here. If you cannot d/l and run it in normal mode try Safe Mode with Networking. Switch on and constantly tap F8 once per second. You will be able to select Safe Mode with Networking from the Advanced Startup Options. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
ExTS Admin Starbuck Posted June 25, 2011 ExTS Admin Posted June 25, 2011 If you have any problems running the program suggested by KenB, Try this: Download RogueKiller and save it to your desktop. Close all the running processes Double click RogueKiller icon to run the program Vista/Win7 users should right click the icon and select Run as Administrator. When prompted, type 1 (SCAN) and then press Enter A report will open, please copy and paste this report in your next reply. A copy of the RKreport.txt can be found on your desktop. Note: If RogueKiller is blocked, do not hesitate to try running it again. If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again. If anything is found, post the report here so i can take a look for you. Quote Member of:UNITE
iainwith2is Posted June 26, 2011 Author Posted June 26, 2011 Thank you very much for the replies guys. I have downloaded and ran MBAM which found 7 items. My netbook would not shut down on reboot (stuck on wallpaper screen without icons etc) but after holding down power button on restarting seems ok, well I'm writing this from netbook rather than my phone! I still have AVG, spy bot and ad aware running and on PC, should I remove any of these now I have MBAM? Thanks again for the help and here is the log as requested: Malwarebytes' Anti-Malware 1.51.0.1200 http://www.malwarebytes.org Database version: 6950 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/26/2011 9:16:07 AM mbam-log-2011-06-26 (09-16-00).txt Scan type: Full scan (C:\|) Objects scanned: 292841 Time elapsed: 1 hour(s), 47 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 6 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Owner\Local Settings\Application Data\blm.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Owner\Local Settings\Application Data\blm.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Owner\Local Settings\Application Data\blm.exe" -a " "C:\Program Files\Internet Explorer\iexplore.exe"") Good: (iexplore.exe) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: c:\system volume information\_restore{729f0d3a-b16d-40d2-932f-f7795c61c8ba}\RP154\A0050128.dll (Adware.ShopperReports) -> No action taken. Quote
iainwith2is Posted June 26, 2011 Author Posted June 26, 2011 (edited) Update: Browsers are working but still getting re-directed to ebay (at the moment!) when clicking on search results through Google. RougeKiller's report following the above: RogueKiller V5.2.5 [06/24/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Woko [Admin rights] Mode: Scan -- Date : 06/26/2011 09:57:24 Bad processes: 1 [sUSP PATH] AGRSMMSG.exe -- c:\windows\agrsmmsg.exe -> KILLED Registry Entries: 1 [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND HOSTS File: 127.0.0.1 http://www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 http://www.008k.com 127.0.0.1 008k.com 127.0.0.1 http://www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 http://www.032439.com 127.0.0.1 032439.com 127.0.0.1 http://www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 http://www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 http://www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 http://www.100888290cs.com 127.0.0.1 http://www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] Finished : << RKreport[1].txt >> RKreport[1].txt Edited June 26, 2011 by iainwith2is Quote
ExTS Admin Starbuck Posted June 26, 2011 ExTS Admin Posted June 26, 2011 Hi iainwith2is The items in your MBAM report are showing No action Taken. Don't forget: When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Please update MBAM and run another scan and make sure that everything is removed this time. I still have AVG, spy bot and ad aware running and on PC, should I remove any of these now I have MBAM? Spybot and Adaware are not as good or as upto date as MBAM, so i see no reason to keep them. Step 1 Close all the running processes Double click RogueKiller icon to run the program Vista/Win7 users should right click the icon and select Run as Administrator. When prompted, type 2 (DELETE) and then press Enter A report will open, please copy and paste this report in your next reply. A copy of the RKreport.txt can be found on your desktop. Step 2 Download TDSSKiller and save it to your Desktop. Doubleclick on TDSSKiller.exe to run the application, then on Start Scan. Vista/Win7 users should right-click and select Run As Administrator. http://img.photobucket.com/albums/v708/starbuck50/new/tdss1.png If an infected file is detected, the default action will be Cure, click on Continue. http://img.photobucket.com/albums/v708/starbuck50/new/tdss2.png If a suspicious file is detected, the default action will be Skip, click on Continue. http://img.photobucket.com/albums/v708/starbuck50/new/tdss3.png It may ask you to reboot the computer to complete the process. Click on Reboot Now. http://img.photobucket.com/albums/v708/starbuck50/new/tdss4.png If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next reply. In your next reply, please submit: RogueKiller report New MBAM report TDSSKiller report. Thanks. Quote Member of:UNITE
iainwith2is Posted June 27, 2011 Author Posted June 27, 2011 Well I've ran the 3 as recommended and results are below. First of all my browsers aren't crashing and I'll keep an eye out for new windows opening and redirections. Going forward how should I protect my PC? Malwarebytes' Anti-Malware 1.51.0.1200 http://www.malwarebytes.org Database version: 6955 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/26/2011 11:22:18 PM mbam-log-2011-06-26 (23-22-18).txt Scan type: Quick scan Objects scanned: 234794 Time elapsed: 52 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) RogueKiller V5.2.5 [06/24/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Woko [Admin rights] Mode: Remove -- Date : 06/26/2011 22:09:32 Bad processes: 1 [sUSP PATH] AGRSMMSG.exe -- c:\windows\agrsmmsg.exe -> KILLED Registry Entries: 1 [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) HOSTS File: 127.0.0.1 http://www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 http://www.008k.com 127.0.0.1 008k.com 127.0.0.1 http://www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 http://www.032439.com 127.0.0.1 032439.com 127.0.0.1 http://www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 http://www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 http://www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 http://www.100888290cs.com 127.0.0.1 http://www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] Finished : << RKreport[1].txt >> RKreport[1].txt 2011/06/26 22:15:35.0732 1628 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15 2011/06/26 22:15:35.0920 1628 ================================================================================ 2011/06/26 22:15:35.0920 1628 SystemInfo: 2011/06/26 22:15:35.0920 1628 2011/06/26 22:15:35.0920 1628 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/26 22:15:35.0920 1628 Product type: Workstation 2011/06/26 22:15:35.0920 1628 ComputerName: NC4200 2011/06/26 22:15:35.0920 1628 UserName: Woko 2011/06/26 22:15:35.0920 1628 Windows directory: C:\WINDOWS 2011/06/26 22:15:35.0920 1628 System windows directory: C:\WINDOWS 2011/06/26 22:15:35.0920 1628 Processor architecture: Intel x86 2011/06/26 22:15:35.0920 1628 Number of processors: 1 2011/06/26 22:15:35.0920 1628 Page size: 0x1000 2011/06/26 22:15:35.0920 1628 Boot type: Normal boot 2011/06/26 22:15:35.0920 1628 ================================================================================ 2011/06/26 22:15:37.0967 1628 Initialize success 2011/06/26 22:15:54.0108 1404 ================================================================================ 2011/06/26 22:15:54.0108 1404 Scan started 2011/06/26 22:15:54.0108 1404 Mode: Manual; 2011/06/26 22:15:54.0108 1404 ================================================================================ 2011/06/26 22:15:54.0702 1404 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/26 22:15:54.0764 1404 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/06/26 22:15:54.0921 1404 aeaudio (ad707942e4ccb28d77cee5ed989c9e55) C:\WINDOWS\system32\drivers\aeaudio.sys 2011/06/26 22:15:55.0015 1404 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/26 22:15:55.0233 1404 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/06/26 22:15:55.0374 1404 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/06/26 22:15:55.0718 1404 aliadwdm (065a6d38a79216592de03f3525d6296e) C:\WINDOWS\system32\drivers\ac97ali.sys 2011/06/26 22:15:55.0936 1404 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/06/26 22:15:56.0030 1404 ALiIRDA (d81f7d885e9393b09ec5e46ed8d91565) C:\WINDOWS\system32\DRIVERS\alifir.sys 2011/06/26 22:15:56.0140 1404 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys 2011/06/26 22:15:56.0421 1404 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/26 22:15:56.0577 1404 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/26 22:15:56.0827 1404 ati2mtag (83f24e252908e59c4a7ef203bf7f4c02) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/06/26 22:15:56.0999 1404 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/26 22:15:57.0108 1404 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/26 22:15:57.0202 1404 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 2011/06/26 22:15:57.0312 1404 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 2011/06/26 22:15:57.0421 1404 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 2011/06/26 22:15:57.0562 1404 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 2011/06/26 22:15:57.0655 1404 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 2011/06/26 22:15:57.0718 1404 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 2011/06/26 22:15:57.0780 1404 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 2011/06/26 22:15:57.0999 1404 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 2011/06/26 22:15:58.0124 1404 b57w2k (2fa609c3411ec5f77f42d0b04d304ae5) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2011/06/26 22:15:58.0187 1404 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/26 22:15:58.0327 1404 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/26 22:15:58.0562 1404 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/26 22:15:58.0655 1404 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/26 22:15:58.0733 1404 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/26 22:15:58.0984 1404 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/06/26 22:15:59.0109 1404 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/06/26 22:15:59.0202 1404 CONAN (32b0ac2449d9ef70b719bfaf631f998a) C:\WINDOWS\system32\drivers\o2mmb.sys 2011/06/26 22:15:59.0765 1404 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys 2011/06/26 22:15:59.0843 1404 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/26 22:15:59.0921 1404 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/26 22:16:00.0124 1404 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys 2011/06/26 22:16:00.0187 1404 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/26 22:16:00.0265 1404 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/26 22:16:00.0374 1404 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/26 22:16:00.0452 1404 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys 2011/06/26 22:16:00.0593 1404 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/26 22:16:00.0827 1404 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/06/26 22:16:00.0890 1404 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/26 22:16:00.0937 1404 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/06/26 22:16:00.0999 1404 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/06/26 22:16:01.0093 1404 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/26 22:16:01.0124 1404 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/26 22:16:01.0218 1404 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/06/26 22:16:01.0281 1404 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/26 22:16:01.0484 1404 GTIPCI21 (ca835331825599b938e37525796d3549) C:\WINDOWS\system32\DRIVERS\gtipci21.sys 2011/06/26 22:16:01.0562 1404 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/26 22:16:01.0718 1404 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/26 22:16:02.0031 1404 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/26 22:16:02.0171 1404 ialm (c600649ca5ba2a7c9b280e9f90c5db25) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/06/26 22:16:02.0421 1404 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/26 22:16:02.0546 1404 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/06/26 22:16:02.0577 1404 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/06/26 22:16:02.0624 1404 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/06/26 22:16:02.0702 1404 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/26 22:16:02.0874 1404 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/26 22:16:02.0937 1404 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/26 22:16:03.0015 1404 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/26 22:16:03.0093 1404 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 2011/06/26 22:16:03.0156 1404 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/26 22:16:03.0218 1404 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/26 22:16:03.0265 1404 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/26 22:16:03.0328 1404 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/26 22:16:03.0515 1404 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/26 22:16:03.0687 1404 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 2011/06/26 22:16:03.0765 1404 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2011/06/26 22:16:03.0890 1404 MbxStby (4c32b247524f91db486d21dcb84d9c23) C:\WINDOWS\system32\drivers\MbxStby.sys 2011/06/26 22:16:04.0093 1404 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/26 22:16:04.0187 1404 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/26 22:16:04.0234 1404 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/26 22:16:04.0312 1404 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/06/26 22:16:04.0374 1404 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/26 22:16:04.0468 1404 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/26 22:16:04.0593 1404 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/26 22:16:04.0828 1404 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/26 22:16:04.0906 1404 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/26 22:16:04.0953 1404 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/26 22:16:05.0000 1404 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/26 22:16:05.0062 1404 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/26 22:16:05.0109 1404 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/26 22:16:05.0171 1404 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/26 22:16:05.0390 1404 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/26 22:16:05.0437 1404 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/26 22:16:05.0484 1404 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/26 22:16:05.0562 1404 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/26 22:16:05.0671 1404 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/26 22:16:05.0781 1404 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/26 22:16:06.0046 1404 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys 2011/06/26 22:16:06.0156 1404 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys 2011/06/26 22:16:06.0265 1404 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/26 22:16:06.0343 1404 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/26 22:16:06.0593 1404 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/26 22:16:06.0656 1404 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/26 22:16:06.0687 1404 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/26 22:16:06.0781 1404 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/06/26 22:16:06.0859 1404 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/26 22:16:06.0922 1404 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/26 22:16:07.0140 1404 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2011/06/26 22:16:07.0234 1404 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/26 22:16:07.0343 1404 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/26 22:16:07.0390 1404 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/06/26 22:16:07.0656 1404 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/26 22:16:07.0703 1404 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/06/26 22:16:07.0922 1404 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/26 22:16:07.0968 1404 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/26 22:16:08.0187 1404 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/26 22:16:08.0281 1404 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 2011/06/26 22:16:08.0328 1404 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/26 22:16:08.0375 1404 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/26 22:16:08.0422 1404 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/26 22:16:08.0484 1404 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/26 22:16:08.0687 1404 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/26 22:16:08.0859 1404 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/06/26 22:16:08.0953 1404 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/26 22:16:09.0156 1404 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/26 22:16:09.0328 1404 SCM488C (1daf27570a7d8a970eec4a48aa3062f5) C:\WINDOWS\system32\DRIVERS\pscr.sys 2011/06/26 22:16:09.0406 1404 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/06/26 22:16:09.0469 1404 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/26 22:16:09.0547 1404 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/06/26 22:16:09.0625 1404 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/06/26 22:16:09.0937 1404 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/06/26 22:16:10.0062 1404 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys 2011/06/26 22:16:10.0187 1404 smwdm (858934c454bdc6664c752bf0cd3eaeae) C:\WINDOWS\system32\drivers\smwdm.sys 2011/06/26 22:16:10.0281 1404 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/26 22:16:10.0500 1404 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/26 22:16:10.0594 1404 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/26 22:16:10.0672 1404 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys 2011/06/26 22:16:10.0750 1404 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys 2011/06/26 22:16:10.0797 1404 ssadmdm (9afaa23421622c392b55508fa9613949) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys 2011/06/26 22:16:11.0000 1404 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\WINDOWS\system32\DRIVERS\sscdbus.sys 2011/06/26 22:16:11.0078 1404 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 2011/06/26 22:16:11.0141 1404 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys 2011/06/26 22:16:11.0250 1404 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/26 22:16:11.0453 1404 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/26 22:16:11.0703 1404 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2011/06/26 22:16:11.0781 1404 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/26 22:16:11.0906 1404 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/26 22:16:12.0109 1404 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/26 22:16:12.0172 1404 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/26 22:16:12.0266 1404 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/26 22:16:12.0391 1404 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\WINDOWS\system32\drivers\tifm21.sys 2011/06/26 22:16:12.0516 1404 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/26 22:16:12.0781 1404 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/26 22:16:12.0891 1404 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 2011/06/26 22:16:13.0000 1404 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/06/26 22:16:13.0063 1404 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/26 22:16:13.0313 1404 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/26 22:16:13.0375 1404 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/06/26 22:16:13.0438 1404 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/06/26 22:16:13.0500 1404 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 2011/06/26 22:16:13.0547 1404 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/26 22:16:13.0578 1404 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/06/26 22:16:13.0781 1404 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/26 22:16:14.0016 1404 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/26 22:16:14.0250 1404 w29n51 (d6006de6a6ed423d8016a03bc50cbe6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys 2011/06/26 22:16:14.0547 1404 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/26 22:16:14.0656 1404 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 2011/06/26 22:16:14.0938 1404 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/26 22:16:15.0110 1404 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/06/26 22:16:15.0188 1404 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/06/26 22:16:15.0281 1404 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/06/26 22:16:15.0422 1404 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/06/26 22:16:15.0516 1404 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0 2011/06/26 22:16:15.0531 1404 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/06/26 22:16:15.0531 1404 ================================================================================ 2011/06/26 22:16:15.0531 1404 Scan finished 2011/06/26 22:16:15.0531 1404 ================================================================================ 2011/06/26 22:16:15.0547 2016 Detected object count: 1 2011/06/26 22:16:15.0547 2016 Actual detected object count: 1 2011/06/26 22:16:37.0767 2016 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/06/26 22:16:37.0767 2016 \Device\Harddisk0\DR0 - ok 2011/06/26 22:16:37.0767 2016 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/06/26 22:16:45.0080 4092 Deinitialize success Quote
ExTS Admin Starbuck Posted June 27, 2011 ExTS Admin Posted June 27, 2011 Hi iainwith2is 2011/06/26 22:16:15.0547 2016 Detected object count: 1 2011/06/26 22:16:15.0547 2016 Actual detected object count: 1 2011/06/26 22:16:37.0767 2016 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/06/26 22:16:37.0767 2016 \Device\Harddisk0\DR0 - ok 2011/06/26 22:16:37.0767 2016 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/06/26 22:16:45.0080 4092 Deinitialize success You were more infected than you thought. Going forward how should I protect my PC? Let's make sure everything is ok before we get to that. I'd like to check a few things. Step 1 ComboFix will not run with AVG installed. AVG will have to be removed first. Then download and run the AVG removal tool from: http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe AVG can be reinstalled once Combofix has been run. or you can install one of these: Avira AntiVir ....installation guide Here MS Security Essentials ... see note* ...installation guide Here Note*: Upon installation MS Security Essentials will check that your OS is a legal copy. Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. Vista/Win7 users should right click on the icon and select Run as Administrator. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista/Win7, you may not see the recovery console screens Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Step 2 Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: Combofix.txt both reports from OTL Thanks. Quote Member of:UNITE
iainwith2is Posted June 27, 2011 Author Posted June 27, 2011 Cannot uninstall AVG. Runs but nothing happens after first reboot. Quote
ExTS Admin Starbuck Posted June 27, 2011 ExTS Admin Posted June 27, 2011 Hi iainwith2is Cannot uninstall AVG. Runs but nothing happens after first reboot. Do you mean the uninstall process doesn't work or the AVG removal tool doesn't work? If it's the uninstall that doesn't work, just run the removal tool. Quote Member of:UNITE
iainwith2is Posted June 28, 2011 Author Posted June 28, 2011 Hi iainwith2is Do you mean the uninstall process doesn't work or the AVG removal tool doesn't work? If it's the uninstall that doesn't work, just run the removal tool. Removal tool. Dos window briefly appears showing commands before dissapearing before I have chance to read. Nothing appears to happen after that. Quote
ExTS Admin Starbuck Posted June 28, 2011 ExTS Admin Posted June 28, 2011 Hi iainwith2is Ok, let's get combofix to remove it then. Is Combofix downloaded to your desktop? Close any open browsers. Open Notepad - it must be Notepad, not Wordpad. Copy the text below in the code box by highlighting all the text and pressing Ctrl+C KillAll:: REGISTRY:: [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart] [-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray] [-HKEY_CURRENT_USER\Software\Avg] [-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension] [-HKEY_CLASSES_ROOT\.avgdx] [-HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}] [-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [-HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}] [-HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95} ] [-HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}] [-HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}] [-HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}] [-HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}] [-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}] [-HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension] [-HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE] [-HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF] [-HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98] [-HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE] [-HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF] [-HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98] [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\06DD9E4F7F3FF9C41BC2BD64A2CE18FE] [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10] [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011] [-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter] [-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1] [-HKEY_CLASSES_ROOT\MicroScanner.MicroScanner] [-HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension] [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner] [-HKEY_LOCAL_MACHINE\SOFTWARE\AVG] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG] [-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABED-40e0-8F7B-6DE4F6756F0B}] [-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEE-40e0-8F7B-6DE4F6756F0B}] [-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEF-40e0-8F7B-6DE4F6756F0B}] [-HKEY_CLASSES_ROOT\CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}] [-HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}] [-HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] [-HKEY_CLASSES_ROOT\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}] [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\avgsecuritytoolbar] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] [-HKEY_CURRENT_USER\Software\AppDataLow\Avg] [-HKEY_CURRENT_USER\Software\AVG Security Toolbar] [-HKEY_LOCAL_MACHINE\SOFTWARE\AVG Security Toolbar] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayRSAlert] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinished] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinishedThreatFound] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanStarted] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayWSAlert] [-HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgtray] [-HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg] [-HKEY_USERS\.DEFAULT\Software\Avg] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG9_TRAY"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"=- "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions] "{3f963a5b-e555-4543-90e2-c3908898db71}"=- "avg@igeared"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList] "AVG"=- DRIVER:: Avg AVGIDSAgent AVGIDSDriver AVGIDSEH AVGIDSFilter AVGIDSShim Avgldx86 Avgmfx86 Avgrkx86 Avgtdix avgwd AVG Security Toolbar Service avg9emc avg9wd FOLDER:: %SYSTEMDRIVE%\$AVG %COMMONAPPDATA%\AVG10 %COMMONAPPDATA%\MFAData %COMMONPROGRAMS%\AVG 2011 %APPDATA%\AVG10 %PROGRAMFILES%\AVG %SYSTEM%\drivers\AVG %COMMONAPPDATA%\AVG Security Toolbar %COMMONAPPDATA%\avg9 %COMMONPrograms%\AVG Free 9.0 File:: %COMMONAPPDATA%\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat %COMMONDESKTOP%\AVG 2011.lnk %SYSTEM%\drivers\AVGIDSDriver.sys %SYSTEM%\drivers\AVGIDSEH.sys %SYSTEM%\drivers\AVGIDSFilter.sys %SYSTEM%\drivers\AVGIDSShim.sys %SYSTEM%\drivers\avgldx86.sys %SYSTEM%\drivers\avgmfx86.sys %SYSTEM%\drivers\avgrkx86.sys %SYSTEM%\drivers\avgtdix.sys %COMMONDesktop%\AVG Free 9.0.lnk %PROGRAMFILES%\Mozilla Firefox\searchplugins\avg_igeared.xml %SYSTEM%\avgrsstx.dll SECCENTER:: AVG Anti-Virus Free Go to the Notepad window and click Edit >> Paste Then click File >> Save Name the file "CFScript.txt" (including the quotes) Save the file to your Desktop The main ComboFix.exe program should be on your Desktop Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon as below. http://i275.photobucket.com/albums/jj285/Bleeping/Combofix/cf.gif Now please wait for ComboFix to finish running. Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash If you get the messages about installing the recovery console, click to allow Combofix to install it for you. Quote Member of:UNITE
iainwith2is Posted June 28, 2011 Author Posted June 28, 2011 Warning box comes up saying combofix cannot run when avg is installed. Have to click ok and it ends. Quote
ExTS Admin Starbuck Posted June 29, 2011 ExTS Admin Posted June 29, 2011 Warning box comes up saying combofix cannot run when avg is installed. Have to click ok and it ends. Is this when trying to start Combofix using the script in post #14? Quote Member of:UNITE
iainwith2is Posted June 29, 2011 Author Posted June 29, 2011 Is this when trying to start Combofix using the script in post #14? Yes combofix starts and runs for a while before error message comes up. Quote
ExTS Admin Starbuck Posted June 29, 2011 ExTS Admin Posted June 29, 2011 Hi iainwith2is Ok, let's try something else for now. To be honest, this is one of the reasons i would never recommend AVG. It's too controlling and doesn't ( in my opinion) have a great detection rate. Download Dr.Web CureIt to the desktop: Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan. This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, select Complete scan. Click the green arrow http://i154.photobucket.com/albums/s258/evilfantasy69/drweb.jpg at the right, and the scan will start. Click Yes to all if it asks if you want to cure/move the file. When the scan has finished, in the menu, click File and choose Save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot. Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report. NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner. The DrWeb scan could take anything up to a few hours to run .... so don't sit and wait for it. :sleep: Quote Member of:UNITE
iainwith2is Posted July 1, 2011 Author Posted July 1, 2011 OK nearly 6 hours later and i have run DrWeb (found 1 item) and OTL. Here are the reports as requested: A0099755.com;C:\System Volume Information\_restore{729F0D3A-B16D-40D2-932F-F7795C61C8BA}\RP174;Trojan.Siggen2.42152;Incurable.Moved.; OTL logfile created on: 7/1/2011 3:17:31 PM - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Woko\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.29% Memory free 3.84 Gb Paging File | 3.64 Gb Available in Paging File | 94.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 49.22 Gb Free Space | 66.04% Space Free | Partition Type: NTFS Computer Name: NC4200 | User Name: Woko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Woko\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Woko\Desktop\OTL.scr (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (aliadwdm) -- C:\WINDOWS\system32\drivers\ac97ali.sys (Acer Laboratories Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (CONAN) -- C:\WINDOWS\system32\drivers\o2mmb.sys (O2 Micro ) DRV - (MbxStby) -- C:\WINDOWS\system32\drivers\MbxStby.sys (O2 Micro) DRV - (SCM488C) -- C:\WINDOWS\system32\drivers\pscr.sys (SCM Microsystems, Inc.) DRV - (ALiIRDA) -- C:\WINDOWS\system32\drivers\alifir.sys (Acer Laboratories Inc.) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 B6 A1 DD AA 32 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/sport1/hi/tennis/9523296.stm" FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 15:08:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 15:11:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 17:57:30 | 000,000,000 | ---D | M] [2011/06/24 16:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Woko\Application Data\Mozilla\Extensions [2011/04/22 22:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/09/17 16:59:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} File not found (No name found) -- [2011/06/24 15:08:16 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 [2010/09/17 16:58:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/04/10 18:26:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/07/01 15:10:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/09/17 16:58:55 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2011/06/30 18:42:18 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ATIPTA] File not found O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [EPSON Stylus C46 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LidPolicy] c:\Program Files\Hewlett-Packard\LidSwitch Policy\PwrSchem.exe (Hewlett-Packard) O4 - HKLM..\Run: [PHIME2002A] File not found O4 - HKLM..\Run: [PHIME2002ASync] File not found O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://bristolremote.workman.co.uk/XTSAC.cab (XTSAC Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: dvd43 - hkey= - key= - C:\Program Files\dvd43\DVD43_Tray.exe () MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) MsConfig - StartUpReg: NokiaMServer - hkey= - key= - File not found MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/07/01 15:14:13 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Woko\Desktop\OTL.scr [2011/06/30 18:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\DoctorWeb [2011/06/29 18:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\avg [2011/06/27 20:28:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/06/27 20:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Videos [2011/06/27 20:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Administrative Tools [2011/06/27 20:25:08 | 004,127,961 | R--- | C] (Swearware) -- C:\Documents and Settings\Woko\Desktop\Combo-Fix.exe [2011/06/27 17:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop\tdsskiller [2011/06/26 22:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\WinRAR [2011/06/26 09:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop\RK_Quarantine [2011/06/26 09:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\My Documents\Downloads [2011/06/26 01:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Malwarebytes [2011/06/24 21:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Tracing [2011/06/24 21:12:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\IECompatCache [2011/06/24 21:11:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\PrivacIE [2011/06/24 21:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Adobe [2011/06/24 16:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Mozilla [2011/06/24 16:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Mozilla [2011/06/24 16:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\AVG10 [2011/06/24 16:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Apple Computer [2011/06/24 16:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Apple Computer [2011/06/24 16:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Google [2011/06/24 16:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Identities [2011/06/24 16:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Pictures [2011/06/24 16:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Music [2011/06/24 16:30:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\IETldCache [2011/06/24 16:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\PC Suite [2011/06/24 16:30:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Woko\Application Data\Microsoft [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\SendTo [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\Recent [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\Application Data [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Startup [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Favorites [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Accessories [2011/06/24 16:30:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\Cookies [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\Templates [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\PrintHood [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\NetHood [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\Local Settings [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Microsoft [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Macromedia [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop [2011/06/15 19:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\adidas [2011/06/11 19:29:27 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/01 15:14:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Woko\Desktop\OTL.scr [2011/07/01 15:10:38 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/07/01 15:10:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/07/01 15:10:18 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys [2011/07/01 06:10:51 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\DrWeb.csv [2011/06/30 18:42:18 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/06/30 18:19:28 | 068,941,072 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\drweb-cureit.exe [2011/06/29 18:41:22 | 078,849,187 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm [2011/06/29 18:41:22 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\iavichjw.avm [2011/06/27 20:27:27 | 004,127,961 | R--- | M] (Swearware) -- C:\Documents and Settings\Woko\Desktop\Combo-Fix.exe [2011/06/27 17:46:41 | 001,316,026 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\tdsskiller.zip [2011/06/26 19:41:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/06/26 09:56:09 | 000,510,976 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\RogueKiller.exe [2011/06/26 01:39:45 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/06/24 21:06:33 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2011/06/24 18:37:32 | 000,434,206 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-184040.backup [2011/06/24 17:24:51 | 000,434,206 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-183731.backup [2011/06/24 16:30:53 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/06/24 16:30:50 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/06/24 15:08:18 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk [2011/06/20 21:25:25 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/06/20 21:25:25 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/06/15 17:57:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/06/14 17:38:55 | 000,001,504 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mbkv74n4pw410j [2011/06/12 18:29:53 | 000,001,228 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\240238c4428eeufaje [2011/06/11 19:29:27 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/01 06:10:51 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\DrWeb.csv [2011/06/30 18:11:58 | 068,941,072 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\drweb-cureit.exe [2011/06/29 18:41:22 | 078,849,187 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm [2011/06/29 18:41:22 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\iavichjw.avm [2011/06/26 22:15:07 | 001,316,026 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\tdsskiller.zip [2011/06/26 09:56:08 | 000,510,976 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\RogueKiller.exe [2011/06/26 01:39:44 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/06/24 21:06:33 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2011/06/24 16:30:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/06/24 16:30:53 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Internet Explorer.lnk [2011/06/24 16:30:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/06/24 16:30:42 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Windows Media Player.lnk [2011/06/24 16:30:38 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Outlook Express.lnk [2011/06/24 16:30:12 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Remote Assistance.lnk [2011/06/15 17:57:31 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/06/14 17:38:55 | 000,001,504 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mbkv74n4pw410j [2011/06/12 18:29:53 | 000,001,228 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\240238c4428eeufaje [2011/05/31 22:17:50 | 000,188,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/05/23 23:03:06 | 000,001,352 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h0387md7ekpl3vuk24yy [2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011/04/22 11:48:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/04/22 11:48:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/04/15 21:17:53 | 000,001,300 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k5542164r0fmo474gk6utkw10fwdw07 [2011/02/13 16:58:53 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT [2011/02/13 16:56:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC46Euro.ini [2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2010/11/25 21:24:49 | 000,074,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/11/07 00:48:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/09/14 22:31:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/06/20 20:13:18 | 004,477,539 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2009/06/20 20:13:18 | 000,832,632 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2009/06/20 20:13:18 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/06/20 20:13:18 | 000,557,469 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2009/06/20 20:13:18 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2009/06/20 20:13:18 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2009/06/20 20:13:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2009/06/20 20:13:18 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2009/06/20 20:13:18 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2009/06/20 20:13:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2009/06/20 20:13:16 | 000,176,640 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2009/06/20 20:13:16 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll [2009/06/20 20:13:16 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll [2009/06/20 19:28:02 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/06/14 16:21:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll [2009/06/14 16:21:32 | 000,237,056 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2009/05/18 09:24:22 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe [2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll [2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll [2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll [2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll [2009/01/10 23:16:04 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe [2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll [2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll [2009/01/10 23:15:36 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe [2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll [2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll [2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll [2009/01/10 23:15:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe [2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini [2004/08/04 13:00:00 | 000,437,206 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 13:00:00 | 000,069,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003/03/31 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003/03/31 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003/03/31 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003/03/31 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003/03/31 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003/03/31 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002/05/28 19:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/28 19:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [1980/02/16 20:20:19 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe [1980/02/16 20:20:19 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [1980/02/16 19:35:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [1980/02/16 19:27:12 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [1980/02/16 19:12:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [1980/02/16 19:09:58 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011/05/15 00:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/10/16 09:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/10/16 10:02:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/10/20 22:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz [2011/04/08 17:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2010/09/25 17:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2010/09/25 17:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2010/09/25 17:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2011/05/31 20:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2011/02/13 17:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2010/10/17 21:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2010/11/25 20:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/06/24 16:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woko\Application Data\AVG10 [2011/06/24 16:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woko\Application Data\PC Suite [2011/05/14 13:22:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2011/06/26 22:18:05 | 000,039,414 | ---- | M] () -- C:\aaw7boot.log [2010/10/30 17:30:22 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/10/04 21:25:02 | 000,000,192 | ---- | M] () -- C:\BcBtRmv.log [2011/05/07 19:55:18 | 000,000,211 | RHS- | M] () -- C:\boot.ini [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011/07/01 15:10:18 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys [1980/02/16 19:31:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [1980/02/16 19:31:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010/06/14 17:59:42 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/09/25 16:12:03 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/07/01 15:10:16 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2011/06/26 22:16:45 | 000,044,810 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_26.06.2011_22.15.35_log.txt [2011/06/27 17:45:00 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_27.06.2011_17.44.55_log.txt [2011/06/27 17:46:32 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_27.06.2011_17.46.18_log.txt [2011/06/27 17:48:41 | 000,043,796 | ---- | M] () -- C:\TDSSKiller.2.5.6.0_27.06.2011_17.47.38_log.txt < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2009/07/07 20:14:51 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008/11/27 18:12:13 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav [2009/07/07 20:14:51 | 009,961,472 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009/07/07 20:14:51 | 004,194,304 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe < End of report > OTL Extras logfile created on: 7/1/2011 3:17:31 PM - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Woko\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.29% Memory free 3.84 Gb Paging File | 3.64 Gb Available in Paging File | 94.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 49.22 Gb Free Space | 66.04% Space Free | Partition Type: NTFS Computer Name: NC4200 | User Name: Woko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "5910:TCP" = 5910:TCP:*:Enabled:vnc5910 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Tesco\Downloaderv2\Tesco.DLM.Installer.Helper.exe" = C:\Program Files\Tesco\Downloaderv2\Tesco.DLM.Installer.Helper.exe:*:Enabled:Tesco.DLM.Installer.Helper.exe "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}" = PIF DESIGNER2.1 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{228814B2-6A64-4AD5-8D2D-4E2188DEB191}" = AVG 2011 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21 "{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup "{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.1.5 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96D33319-C14C-3070-A464-CE8416E46487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5 "{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = TIPCI "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D22AFEDF-6A5B-459D-A9EA-D16E422E4C18}" = Nokia Connectivity Cable Driver "{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = TIPCIxx20 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "All ATI Software" = ATI - Software Uninstall Utility "Any Video Converter_is1" = Any Video Converter 3.2.3 "ATI Display Driver" = ATI Display Driver "AVG" = AVG 2011 "AVS Update Manager_is1" = AVS Update Manager 1.0 "Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.7.0 "DVD43_is1" = DVD43 v4.6.0 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON Printer Software "ESC46 Reference Guide" = ESC46 Reference Guide "ESC46 Software Guide" = ESC46 Software Guide "Google Calendar Sync" = Google Calendar Sync "ie8" = Windows Internet Explorer 8 "InstallShield_{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy "InstallShield_{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "InstallShield_{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = Texas Instruments PCIxx20 drivers. "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "SynTPDeinstKey" = Synaptics Pointing Device Driver "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/24/2011 7:37:51 PM | Computer Name = NC4200 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/24/2011 7:37:53 PM | Computer Name = NC4200 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/25/2011 5:39:53 AM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 6/25/2011 5:40:03 AM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/25/2011 8:37:34 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 6/25/2011 8:38:04 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/25/2011 8:38:07 PM | Computer Name = NC4200 | Source = Application Error | ID = 1001 Description = Fault bucket -1796944378. Error - 6/26/2011 5:13:06 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/27/2011 3:31:31 PM | Computer Name = NC4200 | Source = MsiInstaller | ID = 11921 Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 1921. SA_Error1921: StandardAction(0xC0070781): Service 'AVG WatchDog' (avgwd) could not be stopped. Verify that you have sufficient privileges to stop system services. Error - 6/27/2011 3:37:21 PM | Computer Name = NC4200 | Source = MsiInstaller | ID = 10005 Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed [ OSession Events ] Error - 4/4/2011 1:54:59 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 2:20:17 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 2:32:04 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 3:52:16 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 3:52:28 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the BITS service. Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7000 Description = The Background Intelligent Transfer Service service failed to start due to the following error: %%1053 Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/28/2011 4:17:35 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7031 Description = The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 6/28/2011 4:24:36 PM | Computer Name = NC4200 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.156 for the Network Card with network address 00166F616EFF has been denied by the DHCP server 10.23.121.17 (The DHCP Server sent a DHCPNACK message). Error - 6/28/2011 4:25:02 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/28/2011 5:46:15 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/29/2011 1:33:42 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/30/2011 1:49:16 PM | Computer Name = NC4200 | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. Error - 7/1/2011 10:10:37 AM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH < End of report > Quote
iainwith2is Posted July 1, 2011 Author Posted July 1, 2011 ok it took 6 hours to run DrWeb and found 1 item, here is the report and OTL's too: A0099755.com;C:\System Volume Information\_restore{729F0D3A-B16D-40D2-932F-F7795C61C8BA}\RP174;Trojan.Siggen2.42152;Incurable.Moved.; OTL logfile created on: 7/1/2011 3:17:31 PM - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Woko\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.29% Memory free 3.84 Gb Paging File | 3.64 Gb Available in Paging File | 94.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 49.22 Gb Free Space | 66.04% Space Free | Partition Type: NTFS Computer Name: NC4200 | User Name: Woko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Woko\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Woko\Desktop\OTL.scr (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (aliadwdm) -- C:\WINDOWS\system32\drivers\ac97ali.sys (Acer Laboratories Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (CONAN) -- C:\WINDOWS\system32\drivers\o2mmb.sys (O2 Micro ) DRV - (MbxStby) -- C:\WINDOWS\system32\drivers\MbxStby.sys (O2 Micro) DRV - (SCM488C) -- C:\WINDOWS\system32\drivers\pscr.sys (SCM Microsystems, Inc.) DRV - (ALiIRDA) -- C:\WINDOWS\system32\drivers\alifir.sys (Acer Laboratories Inc.) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 B6 A1 DD AA 32 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/sport1/hi/tennis/9523296.stm" FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 15:08:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 15:11:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 17:57:30 | 000,000,000 | ---D | M] [2011/06/24 16:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Woko\Application Data\Mozilla\Extensions [2011/04/22 22:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/09/17 16:59:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} File not found (No name found) -- [2011/06/24 15:08:16 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 [2010/09/17 16:58:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/04/10 18:26:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/07/01 15:10:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/09/17 16:58:55 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2011/06/30 18:42:18 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ATIPTA] File not found O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [EPSON Stylus C46 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LidPolicy] c:\Program Files\Hewlett-Packard\LidSwitch Policy\PwrSchem.exe (Hewlett-Packard) O4 - HKLM..\Run: [PHIME2002A] File not found O4 - HKLM..\Run: [PHIME2002ASync] File not found O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://bristolremote.workman.co.uk/XTSAC.cab (XTSAC Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: dvd43 - hkey= - key= - C:\Program Files\dvd43\DVD43_Tray.exe () MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) MsConfig - StartUpReg: NokiaMServer - hkey= - key= - File not found MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/07/01 15:14:13 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Woko\Desktop\OTL.scr [2011/06/30 18:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\DoctorWeb [2011/06/29 18:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\avg [2011/06/27 20:28:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/06/27 20:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Videos [2011/06/27 20:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Administrative Tools [2011/06/27 20:25:08 | 004,127,961 | R--- | C] (Swearware) -- C:\Documents and Settings\Woko\Desktop\Combo-Fix.exe [2011/06/27 17:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop\tdsskiller [2011/06/26 22:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\WinRAR [2011/06/26 09:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop\RK_Quarantine [2011/06/26 09:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\My Documents\Downloads [2011/06/26 01:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Malwarebytes [2011/06/24 21:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Tracing [2011/06/24 21:12:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\IECompatCache [2011/06/24 21:11:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\PrivacIE [2011/06/24 21:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Adobe [2011/06/24 16:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Mozilla [2011/06/24 16:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Mozilla [2011/06/24 16:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\AVG10 [2011/06/24 16:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Apple Computer [2011/06/24 16:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Apple Computer [2011/06/24 16:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Google [2011/06/24 16:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Identities [2011/06/24 16:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Pictures [2011/06/24 16:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Music [2011/06/24 16:30:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\IETldCache [2011/06/24 16:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\PC Suite [2011/06/24 16:30:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Woko\Application Data\Microsoft [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\SendTo [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\Recent [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\Application Data [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Startup [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Favorites [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Accessories [2011/06/24 16:30:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\Cookies [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\Templates [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\PrintHood [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\NetHood [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\Local Settings [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Microsoft [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Macromedia [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop [2011/06/15 19:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\adidas [2011/06/11 19:29:27 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/01 15:14:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Woko\Desktop\OTL.scr [2011/07/01 15:10:38 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/07/01 15:10:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/07/01 15:10:18 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys [2011/07/01 06:10:51 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\DrWeb.csv [2011/06/30 18:42:18 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/06/30 18:19:28 | 068,941,072 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\drweb-cureit.exe [2011/06/29 18:41:22 | 078,849,187 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm [2011/06/29 18:41:22 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\iavichjw.avm [2011/06/27 20:27:27 | 004,127,961 | R--- | M] (Swearware) -- C:\Documents and Settings\Woko\Desktop\Combo-Fix.exe [2011/06/27 17:46:41 | 001,316,026 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\tdsskiller.zip [2011/06/26 19:41:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/06/26 09:56:09 | 000,510,976 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\RogueKiller.exe [2011/06/26 01:39:45 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/06/24 21:06:33 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2011/06/24 18:37:32 | 000,434,206 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-184040.backup [2011/06/24 17:24:51 | 000,434,206 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-183731.backup [2011/06/24 16:30:53 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/06/24 16:30:50 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/06/24 15:08:18 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk [2011/06/20 21:25:25 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/06/20 21:25:25 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/06/15 17:57:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/06/14 17:38:55 | 000,001,504 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mbkv74n4pw410j [2011/06/12 18:29:53 | 000,001,228 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\240238c4428eeufaje [2011/06/11 19:29:27 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/01 06:10:51 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\DrWeb.csv [2011/06/30 18:11:58 | 068,941,072 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\drweb-cureit.exe [2011/06/29 18:41:22 | 078,849,187 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm [2011/06/29 18:41:22 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\iavichjw.avm [2011/06/26 22:15:07 | 001,316,026 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\tdsskiller.zip [2011/06/26 09:56:08 | 000,510,976 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\RogueKiller.exe [2011/06/26 01:39:44 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/06/24 21:06:33 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2011/06/24 16:30:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/06/24 16:30:53 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Internet Explorer.lnk [2011/06/24 16:30:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/06/24 16:30:42 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Windows Media Player.lnk [2011/06/24 16:30:38 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Outlook Express.lnk [2011/06/24 16:30:12 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Remote Assistance.lnk [2011/06/15 17:57:31 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/06/14 17:38:55 | 000,001,504 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mbkv74n4pw410j [2011/06/12 18:29:53 | 000,001,228 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\240238c4428eeufaje [2011/05/31 22:17:50 | 000,188,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/05/23 23:03:06 | 000,001,352 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h0387md7ekpl3vuk24yy [2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011/04/22 11:48:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/04/22 11:48:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/04/15 21:17:53 | 000,001,300 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k5542164r0fmo474gk6utkw10fwdw07 [2011/02/13 16:58:53 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT [2011/02/13 16:56:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC46Euro.ini [2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2010/11/25 21:24:49 | 000,074,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/11/07 00:48:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/09/14 22:31:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/06/20 20:13:18 | 004,477,539 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2009/06/20 20:13:18 | 000,832,632 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2009/06/20 20:13:18 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/06/20 20:13:18 | 000,557,469 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2009/06/20 20:13:18 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2009/06/20 20:13:18 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2009/06/20 20:13:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2009/06/20 20:13:18 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2009/06/20 20:13:18 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2009/06/20 20:13:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2009/06/20 20:13:16 | 000,176,640 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2009/06/20 20:13:16 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll [2009/06/20 20:13:16 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll [2009/06/20 19:28:02 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/06/14 16:21:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll [2009/06/14 16:21:32 | 000,237,056 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2009/05/18 09:24:22 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe [2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll [2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll [2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll [2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll [2009/01/10 23:16:04 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe [2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll [2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll [2009/01/10 23:15:36 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe [2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll [2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll [2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll [2009/01/10 23:15:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe [2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini [2004/08/04 13:00:00 | 000,437,206 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 13:00:00 | 000,069,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003/03/31 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003/03/31 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003/03/31 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003/03/31 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003/03/31 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003/03/31 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002/05/28 19:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/28 19:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [1980/02/16 20:20:19 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe [1980/02/16 20:20:19 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [1980/02/16 19:35:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [1980/02/16 19:27:12 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [1980/02/16 19:12:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [1980/02/16 19:09:58 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011/05/15 00:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/10/16 09:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/10/16 10:02:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/10/20 22:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz [2011/04/08 17:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2010/09/25 17:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2010/09/25 17:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2010/09/25 17:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2011/05/31 20:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2011/02/13 17:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2010/10/17 21:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2010/11/25 20:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/06/24 16:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woko\Application Data\AVG10 [2011/06/24 16:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woko\Application Data\PC Suite [2011/05/14 13:22:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2011/06/26 22:18:05 | 000,039,414 | ---- | M] () -- C:\aaw7boot.log [2010/10/30 17:30:22 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/10/04 21:25:02 | 000,000,192 | ---- | M] () -- C:\BcBtRmv.log [2011/05/07 19:55:18 | 000,000,211 | RHS- | M] () -- C:\boot.ini [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011/07/01 15:10:18 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys [1980/02/16 19:31:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [1980/02/16 19:31:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010/06/14 17:59:42 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/09/25 16:12:03 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/07/01 15:10:16 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2011/06/26 22:16:45 | 000,044,810 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_26.06.2011_22.15.35_log.txt [2011/06/27 17:45:00 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_27.06.2011_17.44.55_log.txt [2011/06/27 17:46:32 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_27.06.2011_17.46.18_log.txt [2011/06/27 17:48:41 | 000,043,796 | ---- | M] () -- C:\TDSSKiller.2.5.6.0_27.06.2011_17.47.38_log.txt < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2009/07/07 20:14:51 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008/11/27 18:12:13 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav [2009/07/07 20:14:51 | 009,961,472 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009/07/07 20:14:51 | 004,194,304 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe < End of report > OTL Extras logfile created on: 7/1/2011 3:17:31 PM - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Woko\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.29% Memory free 3.84 Gb Paging File | 3.64 Gb Available in Paging File | 94.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 49.22 Gb Free Space | 66.04% Space Free | Partition Type: NTFS Computer Name: NC4200 | User Name: Woko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "5910:TCP" = 5910:TCP:*:Enabled:vnc5910 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Tesco\Downloaderv2\Tesco.DLM.Installer.Helper.exe" = C:\Program Files\Tesco\Downloaderv2\Tesco.DLM.Installer.Helper.exe:*:Enabled:Tesco.DLM.Installer.Helper.exe "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}" = PIF DESIGNER2.1 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{228814B2-6A64-4AD5-8D2D-4E2188DEB191}" = AVG 2011 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21 "{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup "{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.1.5 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96D33319-C14C-3070-A464-CE8416E46487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5 "{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = TIPCI "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D22AFEDF-6A5B-459D-A9EA-D16E422E4C18}" = Nokia Connectivity Cable Driver "{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = TIPCIxx20 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "All ATI Software" = ATI - Software Uninstall Utility "Any Video Converter_is1" = Any Video Converter 3.2.3 "ATI Display Driver" = ATI Display Driver "AVG" = AVG 2011 "AVS Update Manager_is1" = AVS Update Manager 1.0 "Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.7.0 "DVD43_is1" = DVD43 v4.6.0 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON Printer Software "ESC46 Reference Guide" = ESC46 Reference Guide "ESC46 Software Guide" = ESC46 Software Guide "Google Calendar Sync" = Google Calendar Sync "ie8" = Windows Internet Explorer 8 "InstallShield_{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy "InstallShield_{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "InstallShield_{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = Texas Instruments PCIxx20 drivers. "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "SynTPDeinstKey" = Synaptics Pointing Device Driver "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/24/2011 7:37:51 PM | Computer Name = NC4200 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/24/2011 7:37:53 PM | Computer Name = NC4200 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/25/2011 5:39:53 AM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 6/25/2011 5:40:03 AM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/25/2011 8:37:34 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 6/25/2011 8:38:04 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/25/2011 8:38:07 PM | Computer Name = NC4200 | Source = Application Error | ID = 1001 Description = Fault bucket -1796944378. Error - 6/26/2011 5:13:06 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/27/2011 3:31:31 PM | Computer Name = NC4200 | Source = MsiInstaller | ID = 11921 Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 1921. SA_Error1921: StandardAction(0xC0070781): Service 'AVG WatchDog' (avgwd) could not be stopped. Verify that you have sufficient privileges to stop system services. Error - 6/27/2011 3:37:21 PM | Computer Name = NC4200 | Source = MsiInstaller | ID = 10005 Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed [ OSession Events ] Error - 4/4/2011 1:54:59 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 2:20:17 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 2:32:04 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 3:52:16 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 3:52:28 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the BITS service. Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7000 Description = The Background Intelligent Transfer Service service failed to start due to the following error: %%1053 Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/28/2011 4:17:35 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7031 Description = The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 6/28/2011 4:24:36 PM | Computer Name = NC4200 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.156 for the Network Card with network address 00166F616EFF has been denied by the DHCP server 10.23.121.17 (The DHCP Server sent a DHCPNACK message). Error - 6/28/2011 4:25:02 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/28/2011 5:46:15 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/29/2011 1:33:42 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/30/2011 1:49:16 PM | Computer Name = NC4200 | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. Error - 7/1/2011 10:10:37 AM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH < End of report > Quote
iainwith2is Posted July 1, 2011 Author Posted July 1, 2011 ok here is DrWeb: A0099755.com;C:\System Volume Information\_restore{729F0D3A-B16D-40D2-932F-F7795C61C8BA}\RP174;Trojan.Siggen2.42152;Incurable.Moved.; Quote
iainwith2is Posted July 1, 2011 Author Posted July 1, 2011 OTL: OTL logfile created on: 7/1/2011 3:17:31 PM - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Woko\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.29% Memory free 3.84 Gb Paging File | 3.64 Gb Available in Paging File | 94.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 49.22 Gb Free Space | 66.04% Space Free | Partition Type: NTFS Computer Name: NC4200 | User Name: Woko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Woko\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Woko\Desktop\OTL.scr (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (aliadwdm) -- C:\WINDOWS\system32\drivers\ac97ali.sys (Acer Laboratories Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (CONAN) -- C:\WINDOWS\system32\drivers\o2mmb.sys (O2 Micro ) DRV - (MbxStby) -- C:\WINDOWS\system32\drivers\MbxStby.sys (O2 Micro) DRV - (SCM488C) -- C:\WINDOWS\system32\drivers\pscr.sys (SCM Microsystems, Inc.) DRV - (ALiIRDA) -- C:\WINDOWS\system32\drivers\alifir.sys (Acer Laboratories Inc.) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 B6 A1 DD AA 32 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk/sport1/hi/tennis/9523296.stm" FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 15:08:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 15:11:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/15 17:57:30 | 000,000,000 | ---D | M] [2011/06/24 16:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Woko\Application Data\Mozilla\Extensions [2011/04/22 22:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/09/17 16:59:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} File not found (No name found) -- [2011/06/24 15:08:16 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 [2010/09/17 16:58:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/04/10 18:26:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/07/01 15:10:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/09/17 16:58:55 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2011/06/30 18:42:18 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [ATIPTA] File not found O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [EPSON Stylus C46 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LidPolicy] c:\Program Files\Hewlett-Packard\LidSwitch Policy\PwrSchem.exe (Hewlett-Packard) O4 - HKLM..\Run: [PHIME2002A] File not found O4 - HKLM..\Run: [PHIME2002ASync] File not found O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://bristolremote.workman.co.uk/XTSAC.cab (XTSAC Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: dvd43 - hkey= - key= - C:\Program Files\dvd43\DVD43_Tray.exe () MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) MsConfig - StartUpReg: NokiaMServer - hkey= - key= - File not found MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/07/01 15:14:13 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Woko\Desktop\OTL.scr [2011/06/30 18:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\DoctorWeb [2011/06/29 18:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\avg [2011/06/27 20:28:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/06/27 20:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Videos [2011/06/27 20:28:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Administrative Tools [2011/06/27 20:25:08 | 004,127,961 | R--- | C] (Swearware) -- C:\Documents and Settings\Woko\Desktop\Combo-Fix.exe [2011/06/27 17:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop\tdsskiller [2011/06/26 22:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\WinRAR [2011/06/26 09:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop\RK_Quarantine [2011/06/26 09:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\My Documents\Downloads [2011/06/26 01:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Malwarebytes [2011/06/24 21:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Tracing [2011/06/24 21:12:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\IECompatCache [2011/06/24 21:11:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\PrivacIE [2011/06/24 21:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Adobe [2011/06/24 16:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Mozilla [2011/06/24 16:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Mozilla [2011/06/24 16:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\AVG10 [2011/06/24 16:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Apple Computer [2011/06/24 16:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Apple Computer [2011/06/24 16:31:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Google [2011/06/24 16:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Identities [2011/06/24 16:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Pictures [2011/06/24 16:30:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents\My Music [2011/06/24 16:30:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\IETldCache [2011/06/24 16:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\PC Suite [2011/06/24 16:30:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Woko\Application Data\Microsoft [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\SendTo [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\Recent [2011/06/24 16:30:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Woko\Application Data [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Startup [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\My Documents [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Favorites [2011/06/24 16:30:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Woko\Start Menu\Programs\Accessories [2011/06/24 16:30:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Woko\Cookies [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\Templates [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\PrintHood [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\NetHood [2011/06/24 16:30:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Woko\Local Settings [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Local Settings\Application Data\Microsoft [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Application Data\Macromedia [2011/06/24 16:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Woko\Desktop [2011/06/15 19:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\adidas [2011/06/11 19:29:27 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/01 15:14:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Woko\Desktop\OTL.scr [2011/07/01 15:10:38 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/07/01 15:10:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/07/01 15:10:18 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys [2011/07/01 06:10:51 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\DrWeb.csv [2011/06/30 18:42:18 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/06/30 18:19:28 | 068,941,072 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\drweb-cureit.exe [2011/06/29 18:41:22 | 078,849,187 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm [2011/06/29 18:41:22 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\iavichjw.avm [2011/06/27 20:27:27 | 004,127,961 | R--- | M] (Swearware) -- C:\Documents and Settings\Woko\Desktop\Combo-Fix.exe [2011/06/27 17:46:41 | 001,316,026 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\tdsskiller.zip [2011/06/26 19:41:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/06/26 09:56:09 | 000,510,976 | ---- | M] () -- C:\Documents and Settings\Woko\Desktop\RogueKiller.exe [2011/06/26 01:39:45 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/06/24 21:06:33 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2011/06/24 18:37:32 | 000,434,206 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-184040.backup [2011/06/24 17:24:51 | 000,434,206 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110624-183731.backup [2011/06/24 16:30:53 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/06/24 16:30:50 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/06/24 15:08:18 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk [2011/06/20 21:25:25 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/06/20 21:25:25 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/06/15 17:57:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/06/14 17:38:55 | 000,001,504 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mbkv74n4pw410j [2011/06/12 18:29:53 | 000,001,228 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\240238c4428eeufaje [2011/06/11 19:29:27 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/01 06:10:51 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\DrWeb.csv [2011/06/30 18:11:58 | 068,941,072 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\drweb-cureit.exe [2011/06/29 18:41:22 | 078,849,187 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm [2011/06/29 18:41:22 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\iavichjw.avm [2011/06/26 22:15:07 | 001,316,026 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\tdsskiller.zip [2011/06/26 09:56:08 | 000,510,976 | ---- | C] () -- C:\Documents and Settings\Woko\Desktop\RogueKiller.exe [2011/06/26 01:39:44 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/06/24 21:06:33 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk [2011/06/24 16:30:53 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/06/24 16:30:53 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Internet Explorer.lnk [2011/06/24 16:30:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Woko\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2011/06/24 16:30:42 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Windows Media Player.lnk [2011/06/24 16:30:38 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Outlook Express.lnk [2011/06/24 16:30:12 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Woko\Start Menu\Programs\Remote Assistance.lnk [2011/06/15 17:57:31 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/06/14 17:38:55 | 000,001,504 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mbkv74n4pw410j [2011/06/12 18:29:53 | 000,001,228 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\240238c4428eeufaje [2011/05/31 22:17:50 | 000,188,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/05/23 23:03:06 | 000,001,352 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h0387md7ekpl3vuk24yy [2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011/04/22 11:48:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/04/22 11:48:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/04/15 21:17:53 | 000,001,300 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\k5542164r0fmo474gk6utkw10fwdw07 [2011/02/13 16:58:53 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT [2011/02/13 16:56:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC46Euro.ini [2011/01/04 17:10:56 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011/01/04 17:10:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011/01/04 17:10:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011/01/04 17:10:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2010/11/25 21:24:49 | 000,074,952 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/11/07 00:48:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/09/14 22:31:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/06/20 20:13:18 | 004,477,539 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2009/06/20 20:13:18 | 000,832,632 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2009/06/20 20:13:18 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/06/20 20:13:18 | 000,557,469 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2009/06/20 20:13:18 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2009/06/20 20:13:18 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2009/06/20 20:13:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2009/06/20 20:13:18 | 000,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2009/06/20 20:13:18 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2009/06/20 20:13:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2009/06/20 20:13:16 | 000,176,640 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2009/06/20 20:13:16 | 000,117,760 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll [2009/06/20 20:13:16 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll [2009/06/20 19:28:02 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/06/14 16:21:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll [2009/06/14 16:21:32 | 000,237,056 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2009/05/18 09:24:22 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe [2009/01/10 23:17:32 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll [2009/01/10 23:16:56 | 000,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll [2009/01/10 23:16:50 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll [2009/01/10 23:16:14 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll [2009/01/10 23:16:04 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe [2009/01/10 23:15:54 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll [2009/01/10 23:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll [2009/01/10 23:15:36 | 000,103,424 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe [2009/01/10 23:15:32 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll [2009/01/10 23:15:28 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll [2009/01/10 23:15:12 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll [2009/01/10 23:15:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe [2009/01/10 23:14:08 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2009/01/10 23:14:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2008/12/03 23:11:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2007/10/13 10:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini [2004/08/04 13:00:00 | 000,437,206 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 13:00:00 | 000,069,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003/03/31 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003/03/31 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003/03/31 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003/03/31 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003/03/31 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003/03/31 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002/05/28 19:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/28 19:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [1980/02/16 20:20:19 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe [1980/02/16 20:20:19 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll [1980/02/16 19:35:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [1980/02/16 19:27:12 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [1980/02/16 19:12:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [1980/02/16 19:09:58 | 000,333,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011/05/15 00:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/10/16 09:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/10/16 10:02:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/10/20 22:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz [2011/04/08 17:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2010/09/25 17:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2010/09/25 17:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2010/09/25 17:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2011/05/31 20:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2011/02/13 17:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2010/10/17 21:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2010/11/25 20:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011/06/24 16:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woko\Application Data\AVG10 [2011/06/24 16:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Woko\Application Data\PC Suite [2011/05/14 13:22:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2011/06/26 22:18:05 | 000,039,414 | ---- | M] () -- C:\aaw7boot.log [2010/10/30 17:30:22 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/10/04 21:25:02 | 000,000,192 | ---- | M] () -- C:\BcBtRmv.log [2011/05/07 19:55:18 | 000,000,211 | RHS- | M] () -- C:\boot.ini [1980/02/16 19:31:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011/07/01 15:10:18 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys [1980/02/16 19:31:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [1980/02/16 19:31:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010/06/14 17:59:42 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/09/25 16:12:03 | 000,250,048 | RHS- | M] () -- C:\ntldr [2011/07/01 15:10:16 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2011/06/26 22:16:45 | 000,044,810 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_26.06.2011_22.15.35_log.txt [2011/06/27 17:45:00 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_27.06.2011_17.44.55_log.txt [2011/06/27 17:46:32 | 000,000,412 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_27.06.2011_17.46.18_log.txt [2011/06/27 17:48:41 | 000,043,796 | ---- | M] () -- C:\TDSSKiller.2.5.6.0_27.06.2011_17.47.38_log.txt < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2009/07/07 20:14:51 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008/11/27 18:12:13 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav [2009/07/07 20:14:51 | 009,961,472 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009/07/07 20:14:51 | 004,194,304 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/01 15:10:51 | 000,712,976 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/07/01 15:10:58 | 000,924,632 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2010/12/20 13:55:27 | 000,173,568 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe < End of report > Quote
iainwith2is Posted July 1, 2011 Author Posted July 1, 2011 OTL extras: OTL Extras logfile created on: 7/1/2011 3:17:31 PM - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Documents and Settings\Woko\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.29% Memory free 3.84 Gb Paging File | 3.64 Gb Available in Paging File | 94.76% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 49.22 Gb Free Space | 66.04% Space Free | Partition Type: NTFS Computer Name: NC4200 | User Name: Woko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "5910:TCP" = 5910:TCP:*:Enabled:vnc5910 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Tesco\Downloaderv2\Tesco.DLM.Installer.Helper.exe" = C:\Program Files\Tesco\Downloaderv2\Tesco.DLM.Installer.Helper.exe:*:Enabled:Tesco.DLM.Installer.Helper.exe "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}" = PIF DESIGNER2.1 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{228814B2-6A64-4AD5-8D2D-4E2188DEB191}" = AVG 2011 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21 "{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup "{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.1.5 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96D33319-C14C-3070-A464-CE8416E46487}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5 "{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = TIPCI "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D22AFEDF-6A5B-459D-A9EA-D16E422E4C18}" = Nokia Connectivity Cable Driver "{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011 "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = TIPCIxx20 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems AC'97 Modem "All ATI Software" = ATI - Software Uninstall Utility "Any Video Converter_is1" = Any Video Converter 3.2.3 "ATI Display Driver" = ATI Display Driver "AVG" = AVG 2011 "AVS Update Manager_is1" = AVS Update Manager 1.0 "Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.7.0 "DVD43_is1" = DVD43 v4.6.0 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON Printer Software "ESC46 Reference Guide" = ESC46 Reference Guide "ESC46 Software Guide" = ESC46 Software Guide "Google Calendar Sync" = Google Calendar Sync "ie8" = Windows Internet Explorer 8 "InstallShield_{2EDA8979-0ADA-480E-AF76-AEB92F4CD7C2}" = HP Notebook LidSwitch Policy "InstallShield_{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "InstallShield_{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = Texas Instruments PCIxx20 drivers. "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Mozilla Firefox 5.0 (x86 en-GB)" = Mozilla Firefox 5.0 (x86 en-GB) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "SynTPDeinstKey" = Synaptics Pointing Device Driver "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/24/2011 7:37:51 PM | Computer Name = NC4200 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/24/2011 7:37:53 PM | Computer Name = NC4200 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/25/2011 5:39:53 AM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 6/25/2011 5:40:03 AM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/25/2011 8:37:34 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 6/25/2011 8:38:04 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/25/2011 8:38:07 PM | Computer Name = NC4200 | Source = Application Error | ID = 1001 Description = Fault bucket -1796944378. Error - 6/26/2011 5:13:06 PM | Computer Name = NC4200 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x00267411. Error - 6/27/2011 3:31:31 PM | Computer Name = NC4200 | Source = MsiInstaller | ID = 11921 Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 1921. SA_Error1921: StandardAction(0xC0070781): Service 'AVG WatchDog' (avgwd) could not be stopped. Verify that you have sufficient privileges to stop system services. Error - 6/27/2011 3:37:21 PM | Computer Name = NC4200 | Source = MsiInstaller | ID = 10005 Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed [ OSession Events ] Error - 4/4/2011 1:54:59 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 2:20:17 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 2:32:04 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 3:52:16 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/4/2011 3:52:28 PM | Computer Name = NC4200 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7011 Description = Timeout (30000 milliseconds) waiting for a transaction response from the BITS service. Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7000 Description = The Background Intelligent Transfer Service service failed to start due to the following error: %%1053 Error - 6/28/2011 4:11:49 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/28/2011 4:17:35 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7031 Description = The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 6/28/2011 4:24:36 PM | Computer Name = NC4200 | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.156 for the Network Card with network address 00166F616EFF has been denied by the DHCP server 10.23.121.17 (The DHCP Server sent a DHCPNACK message). Error - 6/28/2011 4:25:02 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/28/2011 5:46:15 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/29/2011 1:33:42 PM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH Error - 6/30/2011 1:49:16 PM | Computer Name = NC4200 | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. Error - 7/1/2011 10:10:37 AM | Computer Name = NC4200 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AVGIDSEH < End of report > Quote
iainwith2is Posted July 1, 2011 Author Posted July 1, 2011 I see from your earlier posts that by installing either MSE or Avira I must remove old anti-virus but I'm having trouble removing AVG!? Quote
ExTS Admin Starbuck Posted July 1, 2011 ExTS Admin Posted July 1, 2011 Hi iainwith2is DrWeb only found an infected restore point, so that's not too bad at all. Error - 6/30/2011 1:49:16 PM | Computer Name = NC4200 | Source = Ntfs | ID = 262199 Description = The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. This needs addressing. Step 1 Click on My Computer Right click on your main drive (usually 'C') Select Properties Click on the Tools tab Under Error Checking.. Click Check Now Tick the options that you require ( I recommend that you tick both options ) Click Start On the screen that comes up.. Click Yes then OK Now restart your computer. Note: Be patient. Analyzing the drive can be a lengthy process Step 2 I see from your earlier posts that by installing either MSE or Avira I must remove old anti-virus but I'm having trouble removing AVG!? AVG is the bane of my life, it's a pig to remove sometimes. Let's see if AVG can survive this: Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Services is on the first line and that [emptytemp] is on the last line ) :Services Avg AVGIDSAgent AVGIDSDriver AVGIDSEH AVGIDSFilter AVGIDSShim Avgldx86 Avgmfx86 Avgrkx86 Avgtdix avgwd AVG Security Toolbar Service avg9emc avg9wd :Reg [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart] [-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray] [-HKEY_CURRENT_USER\Software\Avg] [-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension] [-HKEY_CLASSES_ROOT\.avgdx] [-HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}] [-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [-HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}] [-HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95} ] [-HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}] [-HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}] [-HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}] [-HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}] [-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}] [-HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension] [-HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE] [-HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF] [-HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98] [-HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE] [-HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF] [-HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98] [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\06DD9E4F7F3FF9C41BC2BD64A2CE18FE] [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10] [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011] [-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter] [-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1] [-HKEY_CLASSES_ROOT\MicroScanner.MicroScanner] [-HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension] [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner] [-HKEY_LOCAL_MACHINE\SOFTWARE\AVG] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG] [-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABED-40e0-8F7B-6DE4F6756F0B}] [-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEE-40e0-8F7B-6DE4F6756F0B}] [-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEF-40e0-8F7B-6DE4F6756F0B}] [-HKEY_CLASSES_ROOT\CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}] [-HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}] [-HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] [-HKEY_CLASSES_ROOT\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}] [-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\avgsecuritytoolbar] [-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] [-HKEY_CURRENT_USER\Software\AppDataLow\Avg] [-HKEY_CURRENT_USER\Software\AVG Security Toolbar] [-HKEY_LOCAL_MACHINE\SOFTWARE\AVG Security Toolbar] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayRSAlert] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinished] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinishedThreatFound] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanStarted] [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayWSAlert] [-HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgtray] [-HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg] [-HKEY_USERS\.DEFAULT\Software\Avg] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG9_TRAY"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"=- "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions] "{3f963a5b-e555-4543-90e2-c3908898db71}"=- "avg@igeared"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList] "AVG"=- :Files %SYSTEMDRIVE%\$AVG %COMMONAPPDATA%\AVG10 %COMMONAPPDATA%\MFAData %COMMONPROGRAMS%\AVG 2011 %APPDATA%\AVG10 %PROGRAMFILES%\AVG %SYSTEM%\drivers\AVG %COMMONAPPDATA%\AVG Security Toolbar %COMMONAPPDATA%\avg9 %COMMONPrograms%\AVG Free 9.0 %COMMONAPPDATA%\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat %COMMONDESKTOP%\AVG 2011.lnk %SYSTEM%\drivers\AVGIDSDriver.sys %SYSTEM%\drivers\AVGIDSEH.sys %SYSTEM%\drivers\AVGIDSFilter.sys %SYSTEM%\drivers\AVGIDSShim.sys %SYSTEM%\drivers\avgldx86.sys %SYSTEM%\drivers\avgmfx86.sys %SYSTEM%\drivers\avgrkx86.sys %SYSTEM%\drivers\avgtdix.sys %COMMONDesktop%\AVG Free 9.0.lnk %PROGRAMFILES%\Mozilla Firefox\searchplugins\avg_igeared.xml %SYSTEM%\avgrsstx.dll :commands [emptytemp] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.