Jump to content

Unwanted updating on start up

PEV
 Share

Recommended Posts

PEV Newbie

PEV

Posted
  • Author
Posted

Hi Starbuck I used the Malware bytes scan following instructions (took about 90 minutes!) and only two objects showed which were 'PUM disabled s' registry data HKLM software or microsoft security/centre ANTIVIRUS'

and same wording for microsoft firewal

I presume this refers to fact that as I use AVG ATM and McAfee firewall then of course they are disabled which I am already aware of.

Malwarebytes did not issue a report in notebook and the logs section shoes nothingin this year at all.

I am currently doing the scan with OTL although it would not work with the links you provided but I managed to download it from a link vis Google search.

Ah! the OTL have just appeared so I'm pasting it here for you

TL Extras logfile created on: 13/02/2012 14:38:28 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

511.36 Mb Total Physical Memory | 129.20 Mb Available Physical Memory | 25.27% Memory free

1.22 Gb Paging File | 0.53 Gb Available in Paging File | 43.14% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 69.34 Gb Total Space | 51.40 Gb Free Space | 74.14% Space Free | Partition Type: NTFS

Drive D: | 5.17 Gb Total Space | 1.13 Gb Free Space | 21.90% Space Free | Partition Type: FAT32

 

Computer Name: DESKTOP | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"ANTIVIRUSDISABLENOTIFY" = 0

"FIREWALLDISABLENOTIFY" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer

"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01161F64-6897-4885-93A0-A9F7BE9A4253}" = hp psc 1100 series

"{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}" = AVG 2012

"{098637A9-C208-4398-8374-853151D35200}" = SkinsHP2

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{11946FA8-329A-4DDF-B867-A32781FED8EE}" = HPImageZone

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 29

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp

"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0

"{305B23E7-F8D8-4B92-83AA-5AE0D0090DE7}" = Unload

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0

"{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}" = O2 Broadband Assistant

"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics

"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C650855-4C2B-418F-A747-8B3D8E3FF2A8}" = TrayApp

"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras

"{62B3B82F-B9B1-4D8C-B5D1-C3DAEA1F73AA}" = PhotoGallery

"{642B473F-2584-4C21-AB10-6D1EF28BD601}" = QuickProjects

"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2

"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP

"{84464E93-0222-42E5-8CCE-A618F86210F3}" = SkinsHP1

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{98386532-89B5-42FF-AC49-60C0D9DBD8B1}" = CreativeProjects

"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One

"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0

"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel

"{B9266252-00CB-4140-B740-DE88FC0F7609}" = hpmdtab

"{C05E10AC-BD86-4564-9D16-EF11D7314FB2}" = HP Software Update

"{C224DBAC-57F4-40FD-BB83-09DB532CCD68}" = HPSystemDiagnostics

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CF07F56D-F9FD-45CB-8E2B-48786B5B5723}" = Director

"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen

"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager

"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack

"{E05895C5-FE97-4334-8D73-B0089FD07CE3}" = Multimedia Card Reader

"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02

"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers

"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"alotToolbar" = ALOT Toolbar

"ATI Display Driver" = ATI Display Driver

"AVG" = AVG 2012

"BBC iPlayer Download Manager" = BBC iPlayer Download Manager

"HP Photo & Imaging" = HP Photo & Imaging 3.0

"HP PSC 1100 Series" = HP Photo and Imaging 2.0 - hp psc 1100 series

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"InstallShield_{E05895C5-FE97-4334-8D73-B0089FD07CE3}" = Multimedia Card Reader

"Java Web Start" = Java Web Start

"Jessops Picture Suite" = Jessops Picture Suite

"LiveReg" = LiveReg (Symantec Corporation)

"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"McAfee Personal Firewall Plus" = McAfee Personal Firewall Plus

"Mcafee SecurityCenter" = McAfee SecurityCenter

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers

"NVIDIA Ethernet Driver" = NVIDIA Ethernet Driver

"NVIDIA Gart Driver" = NVIDIA Gart Driver

"PS2" = PS2

"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions

"Python 2.2.1" = Python 2.2.1

"RealPlayer 6.0" = RealPlayer

"Shockwave" = Shockwave

"VTDisplay" = S3 S3Display

"VTGamma2" = S3 S3Gamma2

"VTInfo2" = S3 S3Info2

"VTOverlay" = S3 S3Overlay

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Works2003Setup" = Microsoft Works 2003 Setup Launcher

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 11/02/2012 18:48:30 | Computer Name = DESKTOP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 11/02/2012 18:48:31 | Computer Name = DESKTOP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 30453

 

Error - 11/02/2012 18:48:31 | Computer Name = DESKTOP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 30453

 

Error - 12/02/2012 16:27:10 | Computer Name = DESKTOP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 12/02/2012 16:27:10 | Computer Name = DESKTOP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 22718

 

Error - 12/02/2012 16:27:10 | Computer Name = DESKTOP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 22718

 

Error - 12/02/2012 19:35:32 | Computer Name = DESKTOP | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

 

Error - 12/02/2012 21:13:22 | Computer Name = DESKTOP | Source = Application Hang | ID = 1002

Description = Hanging application mbam.exe, version 1.60.0.61, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

 

Error - 12/02/2012 21:13:30 | Computer Name = DESKTOP | Source = Application Hang | ID = 1001

Description = Fault bucket -1495933831.

 

Error - 12/02/2012 21:33:54 | Computer Name = DESKTOP | Source = Application Hang | ID = 1002

Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

 

[ System Events ]

Error - 12/02/2012 20:27:57 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 12/02/2012 20:27:57 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 12/02/2012 20:27:58 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 12/02/2012 20:27:58 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 12/02/2012 20:27:58 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 12/02/2012 20:27:58 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 12/02/2012 20:27:58 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

Error - 12/02/2012 20:27:58 | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

 

I followed the instruction to edit select all edit copy but cant see a way to transfer it to this post so have just copy/pasted the stuff in but I hope it's all here for you. If not I can re scan with OTL

Thanks

Ray

  • Replies 55
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

PEV Newbie

PEV

Posted
  • Author
Posted

Hi again Starbuck

Also thought I'd mention that two icons have appeared on 'my dicuments'

They are called thumbs.db and desktop ini Also an existing file had been changed in appearance and when I try to open it gives a message 'words cannot start the converter mswrd 632.wpc' any idea what this is all about?

Anyway here's the stuff from my desktop you asked for (hope it's what you want)

 

TL logfile created on: 13/02/2012 14:38:28 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

511.36 Mb Total Physical Memory | 129.20 Mb Available Physical Memory | 25.27% Memory free

1.22 Gb Paging File | 0.53 Gb Available in Paging File | 43.14% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 69.34 Gb Total Space | 51.40 Gb Free Space | 74.14% Space Free | Partition Type: NTFS

Drive D: | 5.17 Gb Total Space | 1.13 Gb Free Space | 21.90% Space Free | Partition Type: FAT32

 

Computer Name: DESKTOP | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)

PRC - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)

PRC - C:\Program Files\O2\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program Files\O2\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)

PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)

PRC - C:\Program Files\McAfee.com\Personal Firewall\Mp***ent.exe (McAfee Security)

PRC - c:\Program Files\McAfee.com\Agent\Mcdetect.exe (McAfee, Inc)

PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)

PRC - c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)

PRC - C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)

PRC - C:\Program Files\HP\HP Software Update\hpwuSchd.exe (Hewlett-Packard)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Jessops\Picture Suite\InsDetect.exe ()

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()

MOD - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqUtil.dll ()

MOD - C:\Program Files\Jessops\Picture Suite\InsDetect.exe ()

MOD - C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)

SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)

SRV - (sprtsvc_O2) SupportSoft Sprocket Service (O2) -- C:\Program Files\O2\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (MpfService) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)

SRV - (McDetect.exe) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe (McAfee, Inc)

SRV - (McTskshd.exe) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)

SRV - (mcupdmgr.exe) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (MPFIREWL) -- C:\WINDOWS\system32\drivers\MpFirewall.sys (McAfee)

DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)

DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)

DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)

DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.o2.co.uk/"

 

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/02 11:18:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/03 22:51:31 | 000,000,000 | ---D | M]

 

[2011/02/17 16:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ukky7w9z.default\extensions

[2001/01/01 04:56:37 | 000,000,000 | ---D | M] (United States English Dictionary) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ukky7w9z.default\extensions\en-US@dictionaries.addons.mozilla.org

[2009/01/23 00:57:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX

File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF

[2008/02/27 16:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll

 

========== Chrome ==========

 

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

 

O1 HOSTS File: ([2003/01/21 07:21:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)

O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()

O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)

O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)

O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [O2] C:\Program Files\O2\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [storageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)

O4 - HKCU..\Run: [Jessops Insert Detect] C:\Program Files\Jessops\Picture Suite\InsDetect.exe ()

O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)

O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)

O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)

O16 - DPF: {245338C3-BCA3-4A2C-A7B7-53345999A8E8} http://www.torro.org.uk/forum/registered/wspellam.cab (WSpell ActiveX Spelling Checker V5.15)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211706165984 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://amersfoortcam.vedor.nl/AxisCamControl.cab (CamImage Class)

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2283653A-C62F-452D-8CA7-A001BBF940F1}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/01/01 00:15:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 21:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2002/09/10 18:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: kdx - hkey= - key= - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)

MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

MsConfig - StartUpReg: MoneyAgent - hkey= - key= - File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/02/13 01:20:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2012/02/13 00:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

[2012/02/13 00:26:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/02/12 23:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/12 23:54:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/02/12 23:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/02/12 23:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware

[2012/02/02 01:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com

[2012/02/02 00:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2012/02/02 00:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2012/02/02 00:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/01/29 21:19:35 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012/01/26 23:36:28 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/02/13 14:31:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-641102270-331075232-3512642251-1003UA.job

[2012/02/13 14:02:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/13 07:40:46 | 000,264,192 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF

[2012/02/13 07:38:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012/02/13 07:38:36 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/13 07:38:28 | 000,000,542 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2012/02/13 07:38:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/02/13 07:38:20 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/13 01:20:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2012/02/13 00:48:24 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Met Office Fax Weather Charts - Netweather.tv.url

[2012/02/13 00:29:38 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google.url

[2012/02/12 23:55:02 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/12 23:35:37 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2012/02/12 23:35:08 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat

[2012/02/12 23:35:08 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

[2012/02/12 22:31:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-641102270-331075232-3512642251-1003Core.job

[2012/02/12 10:54:51 | 000,384,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/02/12 10:54:51 | 000,054,280 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/02/12 10:38:08 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Extreme Tech Support - Free PC Help.url

[2012/02/12 10:11:40 | 000,000,306 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Current ESTOFEX Convective Forecasts - ESTOFEX.url

[2012/02/12 00:31:38 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\football.mitoo (2).url

[2012/02/11 09:02:38 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\UKweatherworld Forums.url

[2012/02/09 23:28:27 | 000,000,329 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\medical.url

[2012/02/09 22:51:47 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Menorca, Spain Forecast Weather Underground.url

[2012/02/09 22:12:58 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Storm Prediction Center (2).url

[2012/02/09 15:15:55 | 000,000,377 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Netweather Extra (2).url

[2012/02/08 14:32:19 | 000,000,522 | ---- | M] () -- C:\hpfr3420.xml

[2012/02/08 14:30:29 | 000,000,360 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Barclaycard Enter your log-in details.url

[2012/02/08 14:01:54 | 000,000,321 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AvBrief - Flight Briefing for Pilots.url

[2012/02/06 12:29:53 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1,000's of Hotels, Guest Houses, Lodgings - Worldwide Accommodation Directory - Europe.url

[2012/02/06 09:26:12 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk

[2012/02/03 22:51:36 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

[2012/02/03 22:46:54 | 088,091,593 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012/02/03 21:06:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/02/02 23:14:48 | 000,007,567 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LEIGHTON SUNDAY LEAGUE.url

[2012/02/02 00:58:47 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/01/31 19:27:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/01/26 23:36:26 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2012/01/25 22:05:37 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\YouTube - Broadcast Yourself..url

[2012/01/23 02:02:11 | 000,000,311 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Book cheap flights and find last minute flight deals – easyJet.com.url

[2012/01/23 01:56:06 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Tariffs - O2 Pay monthly tariffs.url

[2012/01/23 00:59:29 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fixture List Generator, Free web based sports league management software (2).url

[2012/01/21 20:22:50 | 000,000,253 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stony medical.url

[2012/01/20 18:58:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/01/19 21:19:41 | 000,000,172 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Driving Lessons l Find Driving Instructors l DrivingInstructor.co.uk.url

[2012/01/17 17:19:02 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Luton Airport Parking, Cheap Luton Airport Car Parking, Airport CarParkz.url

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/02/12 23:55:02 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/12 10:38:08 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Extreme Tech Support - Free PC Help.url

[2012/02/09 23:28:27 | 000,000,329 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\medical.url

[2012/02/07 00:17:36 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2012/02/02 00:58:47 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/01/31 14:40:25 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Met Office Fax Weather Charts - Netweather.tv.url

[2012/01/29 23:32:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

[2012/01/29 23:32:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

[2012/01/23 00:59:29 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Fixture List Generator, Free web based sports league management software (2).url

[2012/01/19 21:19:41 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Driving Lessons l Find Driving Instructors l DrivingInstructor.co.uk.url

[2010/09/24 20:11:50 | 000,087,540 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/06/05 18:51:52 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini

[2008/11/14 20:36:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008/10/14 14:59:50 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SPEA.INI

[2008/10/08 22:05:54 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini

[2008/09/30 18:27:33 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll

[2008/09/30 10:43:05 | 000,020,475 | ---- | C] () -- C:\WINDOWS\hpoins01.dat

[2008/09/30 10:43:05 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat

[2008/04/14 11:49:45 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/02/27 16:52:20 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT

[2008/02/27 14:39:59 | 000,000,728 | ---- | C] () -- C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini

[2003/12/05 14:23:18 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe

[2003/12/05 14:23:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

[2003/03/09 20:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2003/01/02 06:11:22 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/01/02 06:10:46 | 000,384,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2003/01/02 06:10:46 | 000,054,280 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2003/01/02 01:05:09 | 000,023,042 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2003/01/02 01:04:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll

[2003/01/02 01:04:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2003/01/02 01:03:31 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini

[2003/01/02 01:03:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

[2003/01/02 00:54:34 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat

[2003/01/02 00:42:11 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat

[2003/01/02 00:41:58 | 000,018,403 | ---- | C] () -- C:\WINDOWS\HPHins01.dat

[2003/01/02 00:41:58 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat

[2003/01/02 00:33:24 | 000,014,598 | ---- | C] () -- C:\WINDOWS\hpdins01.dat

[2003/01/02 00:23:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003/01/02 00:15:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin

[2003/01/02 00:15:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin

[2003/01/02 00:12:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/01/01 23:55:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2003/01/01 23:44:51 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2003/01/01 23:44:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2003/01/01 23:44:29 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2003/01/01 23:28:45 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/01/01 23:26:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2003/01/01 23:21:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2003/01/01 23:15:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003/01/01 23:14:52 | 000,383,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2003/01/01 12:30:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003/01/01 10:31:45 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2003/01/01 10:31:45 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2003/01/01 10:31:42 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003/01/01 10:31:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003/01/01 10:31:31 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/01/01 10:31:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2003/01/01 10:31:12 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2003/01/01 10:30:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003/01/01 10:29:25 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2001/01/05 17:34:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2001/01/01 04:51:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2001/01/01 00:15:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat

[2001/01/01 00:12:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll

 

========== LOP Check ==========

 

[2011/11/24 09:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2010/10/20 09:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/10/20 09:49:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/03/24 11:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents

[2003/01/02 00:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo

[2012/02/13 14:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki

[2012/02/03 22:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2009/03/03 16:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

[2009/03/03 16:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2008/02/27 14:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2012/02/13 00:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/09/24 20:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012/02/13 00:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

[2011/07/06 22:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\alot

[2011/11/24 08:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG2012

[2008/12/19 23:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2003/01/02 01:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2010/05/16 19:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue

[2012/02/12 23:35:37 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2009/01/18 12:28:27 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1222773798.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2001/01/01 00:15:48 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2001/01/01 00:09:00 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK

[2010/08/20 13:06:02 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2003/01/20 17:01:00 | 000,245,920 | RHS- | M] () -- C:\cmldr

[2001/01/01 00:15:48 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2012/02/13 07:38:20 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/08 14:34:26 | 000,420,459 | ---- | M] () -- C:\hpfr3420.log

[2012/02/08 14:32:19 | 000,000,522 | ---- | M] () -- C:\hpfr3420.xml

[2001/01/01 00:15:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/03/06 23:48:54 | 000,000,211 | -H-- | M] () -- C:\IPH.PH

[2001/01/01 00:15:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/05/27 13:57:48 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/10/25 11:02:52 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2012/02/13 07:38:19 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\System32\config\*.sav >

[2003/01/01 23:14:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2003/01/01 23:14:15 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2003/01/01 23:14:15 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 

< %PROGRAMFILES%\* >

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -preferences

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -safe-mode

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/01/20 16:57:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -preferences

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -safe-mode

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/01/20 16:57:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Starbuck Newbie

Starbuck

Posted
Posted

Hi PEV,

 

Have just seen your reply.

 

Also thought I'd mention that two icons have appeared on 'my dicuments'

They are called thumbs.db and desktop ini Also an existing file had been changed in appearance and when I try to open it gives a message 'words cannot start the converter mswrd 632.wpc' any idea what this is all about?

When OTL runs it will change some settings to show hidden files etc, this causes the thumbs.db and desktop ini icons to show.

It's nothing to worry about.

Once we have finished and uninstalled OTL.... all will be made back to normal.

 

As for:

word cannot start the converter mswrd 632.wpc

This is a separate issue.

Take a look here:

http://support.microsoft.com/kb/973904

 

Unfortunately I don't have time to go through all the entries in the OTL report now.

But I'll reply tomorrow once i've had time to go through everything properly.

Member of:

UNITE

PEV Newbie

PEV

Posted
  • Author
Posted

I Am replying to my own thread here so don't know if this is 'correct?' Anyway whilst deleting an unwanted programme from add/remov progammes I notice I have around 80 updates stored there. They are mostly microsoft security or windows updates. I dont recall seeing all this stuff when looking before!

Is this normal? could it be to do with the continual updating that paralyses my PC fot 10-20 minutes each time I start it up?

PEV (Ray)

Starbuck Newbie

Starbuck

Posted
Posted

Hi Ray,

 

I Am replying to my own thread here so don't know if this is 'correct?'

Perfectly ok.

As the thread starter you are entitled to reply or add posts whenever you want.

 

Anyway whilst deleting an unwanted programme from add/remov progammes I notice I have around 80 updates stored there. They are mostly microsoft security or windows updates. I dont recall seeing all this stuff when looking before!

Is this normal?

Some people have these hidden, so they don't normally show in the add/remove.

There's a button at the top 'Show Updates'..... this toggles them to show or not.

Even if not shown, they'll still be there.

As i mentioned before, OTL does show hidden files when scanning.... just so we get a better picture, but not all of the hidden files are shown in the reports.

The M$ entries you see are M$ updates that have been added to the system, Normally on 'Patch Tuesday'.... the second Tuesday of each month. (today in fact)

Occasionally there will be other high security updates other than these.... but they don't happen every month.

 

 

A couple of things before I write the OTL fix. ( nothing serious).

 

Recommendation.

SuperAntiSpyware doesn't need to start when Windows starts.

You can start it manually when you need to do a scan.

 

To change this:

Restart SuperAntiSpyware...

Then from the main page, Click on the Preferences button....then untick... 'Start SuperAntiSpyware when Windows starts'.

Then click Close. and then Close on the next screen to exit the program.

 

 

I see no Symantec/Norton products installed, but did you have some installed before?

If so, then these are leftovers and can be removed using the add/remove:

LiveReg (Symantec Corporation)

LiveUpdate 1.80 (Symantec Corporation)

 

 

Windows Live OneCare safety scanner can also be removed as it has been discontinued by M$ for nearly 12 months.

 

 

Also, please uninstall the ALOT Toolbar.

It's actually detected by Kaspersky antivirus as AdWare.Win32.Comet.be

http://www.systemlookup.com/search.php?type=clsid&client=malwaresearch-ff&search=14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) 7 Update 2 and save it to your desktop.
  • Scroll down to where it says "Java SE 7 Update 2".
  • Click the "Download JRE" button to the right.
  • Accept the license agreement.
  • select 'Windows x86'offline from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    .
    Java™ 6 Update 29
    Java™ 6 Update 7
    Java 2 Runtime Environment, SE v1.4.1_02
    .
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u2-windows-i586-p.exe to install the newest version.

 

 

Could you also tell me, do you use StorageGuard to backup your Pc? (it's in your startup folder)

 

When you have removed the items i mentioned and updated Java, please run another quick scan with OTL.

The changes that will be made will change the entries in the report and i may not need to remove as many. ( you have some orphan Java entries which may well be taked care of with the update).

You only need to click the scan button. ( it'll probably only produce the one report.... that's all i need).

 

Thanks

Member of:

UNITE

PEV Newbie

PEV

Posted
  • Author
Posted

Hi again Starbuck

I have done all you suggest but could not find jre-7 u2 On the Java download page the nearest available was jre-7-u3 which I have installed and hopefully it is a more recent version of the one you suggest or have I messed up? In any case jre- 7 u2 does not seem to be there.

No I don't use or have heard of Storageguard to back up my PC but would love to be able to back up but understood it would need about a million remote discs to get all the stuff from a standard PC bscked up!

 

Anyway here is the report - good luck!

Ray

OTL logfile created on: 14/02/2012 22:49:36 - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

511.36 Mb Total Physical Memory | 241.72 Mb Available Physical Memory | 47.27% Memory free

1.22 Gb Paging File | 0.76 Gb Available in Paging File | 62.34% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 69.34 Gb Total Space | 51.29 Gb Free Space | 73.98% Space Free | Partition Type: NTFS

Drive D: | 5.17 Gb Total Space | 1.13 Gb Free Space | 21.90% Space Free | Partition Type: FAT32

 

Computer Name: DESKTOP | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)

PRC - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)

PRC - C:\Program Files\O2\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program Files\O2\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)

PRC - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)

PRC - C:\Program Files\McAfee.com\Personal Firewall\Mp***ent.exe (McAfee Security)

PRC - c:\Program Files\McAfee.com\Agent\Mcdetect.exe (McAfee, Inc)

PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)

PRC - c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)

PRC - C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)

PRC - C:\Program Files\HP\HP Software Update\hpwuSchd.exe (Hewlett-Packard)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\Jessops\Picture Suite\InsDetect.exe ()

PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqUtil.dll ()

MOD - C:\Program Files\Jessops\Picture Suite\InsDetect.exe ()

MOD - C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)

SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)

SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)

SRV - (sprtsvc_O2) SupportSoft Sprocket Service (O2) -- C:\Program Files\O2\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (MpfService) -- C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe (McAfee Corporation)

SRV - (McDetect.exe) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe (McAfee, Inc)

SRV - (McTskshd.exe) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)

SRV - (mcupdmgr.exe) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (MPFIREWL) -- C:\WINDOWS\system32\drivers\MpFirewall.sys (McAfee)

DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)

DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)

DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)

DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)

DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.o2.co.uk/"

 

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/02 11:18:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/03 22:51:31 | 000,000,000 | ---D | M]

 

[2011/02/17 16:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ukky7w9z.default\extensions

[2001/01/01 04:56:37 | 000,000,000 | ---D | M] (United States English Dictionary) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ukky7w9z.default\extensions\en-US@dictionaries.addons.mozilla.org

[2009/01/23 00:57:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX

File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF

[2008/02/27 16:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll

 

========== Chrome ==========

 

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

 

O1 HOSTS File: ([2003/01/21 07:21:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()

O4 - HKLM..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found

O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)

O4 - HKLM..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)

O4 - HKLM..\Run: [MPFExe] C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe (McAfee Security)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [O2] C:\Program Files\O2\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [storageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)

O4 - HKCU..\Run: [Jessops Insert Detect] C:\Program Files\Jessops\Picture Suite\InsDetect.exe ()

O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)

O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)

O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)

O16 - DPF: {245338C3-BCA3-4A2C-A7B7-53345999A8E8} http://www.torro.org.uk/forum/registered/wspellam.cab (WSpell ActiveX Spelling Checker V5.15)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211706165984 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://amersfoortcam.vedor.nl/AxisCamControl.cab (CamImage Class)

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)

O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2283653A-C62F-452D-8CA7-A001BBF940F1}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2001/01/01 00:15:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 21:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2002/09/10 18:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: kdx - hkey= - key= - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)

MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - File not found

MsConfig - StartUpReg: MoneyAgent - hkey= - key= - File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/02/14 22:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/02/14 22:38:29 | 000,141,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2012/02/14 22:38:28 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll

[2012/02/14 22:38:25 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2012/02/14 22:38:21 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2012/02/14 22:38:20 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2012/02/14 22:21:59 | 020,320,648 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\Owner\Desktop\jre-7u3-windows-i586.exe

[2012/02/13 01:20:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2012/02/13 00:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

[2012/02/12 23:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware

[2012/02/02 01:00:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com

[2012/02/02 00:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2012/02/02 00:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2012/02/02 00:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/01/26 23:36:28 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/02/14 22:38:49 | 000,266,944 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF

[2012/02/14 22:37:39 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2012/02/14 22:37:38 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2012/02/14 22:37:38 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2012/02/14 22:37:38 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2012/02/14 22:37:36 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll

[2012/02/14 22:37:35 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2012/02/14 22:32:23 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/14 22:32:14 | 000,000,542 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2012/02/14 22:32:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/02/14 22:32:07 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/14 22:31:05 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-641102270-331075232-3512642251-1003Core.job

[2012/02/14 22:22:00 | 020,320,648 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Owner\Desktop\jre-7u3-windows-i586.exe

[2012/02/14 22:02:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/14 18:31:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-641102270-331075232-3512642251-1003UA.job

[2012/02/14 17:40:53 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk

[2012/02/14 17:17:23 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\YouTube - Broadcast Yourself..url

[2012/02/14 00:24:18 | 000,000,277 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\UKweatherworld Forums.url

[2012/02/14 00:11:24 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Storm Prediction Center (2).url

[2012/02/13 18:17:33 | 088,896,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012/02/13 17:42:36 | 000,000,377 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Netweather Extra (2).url

[2012/02/13 17:42:26 | 000,000,306 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Current ESTOFEX Convective Forecasts - ESTOFEX.url

[2012/02/13 01:20:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2012/02/13 00:48:24 | 000,001,687 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Met Office Fax Weather Charts - Netweather.tv.url

[2012/02/13 00:29:38 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google.url

[2012/02/12 23:35:37 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2012/02/12 23:35:08 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat

[2012/02/12 23:35:08 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

[2012/02/12 10:54:51 | 000,384,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/02/12 10:54:51 | 000,054,280 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/02/12 10:38:08 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Extreme Tech Support - Free PC Help.url

[2012/02/12 00:31:38 | 000,000,412 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\football.mitoo (2).url

[2012/02/09 23:28:27 | 000,000,329 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\medical.url

[2012/02/09 22:51:47 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Menorca, Spain Forecast Weather Underground.url

[2012/02/08 14:32:19 | 000,000,522 | ---- | M] () -- C:\hpfr3420.xml

[2012/02/08 14:30:29 | 000,000,360 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Barclaycard Enter your log-in details.url

[2012/02/08 14:01:54 | 000,000,321 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AvBrief - Flight Briefing for Pilots.url

[2012/02/06 12:29:53 | 000,000,378 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1,000's of Hotels, Guest Houses, Lodgings - Worldwide Accommodation Directory - Europe.url

[2012/02/03 22:51:36 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

[2012/02/03 21:06:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/02/02 23:14:48 | 000,007,567 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LEIGHTON SUNDAY LEAGUE.url

[2012/02/02 00:58:47 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/01/31 19:27:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/01/26 23:36:26 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2012/01/23 02:02:11 | 000,000,311 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Book cheap flights and find last minute flight deals – easyJet.com.url

[2012/01/23 01:56:06 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Tariffs - O2 Pay monthly tariffs.url

[2012/01/23 00:59:29 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fixture List Generator, Free web based sports league management software (2).url

[2012/01/21 20:22:50 | 000,000,253 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stony medical.url

[2012/01/20 18:58:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/01/19 21:19:41 | 000,000,172 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Driving Lessons l Find Driving Instructors l DrivingInstructor.co.uk.url

[2012/01/17 17:19:02 | 000,000,304 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Luton Airport Parking, Cheap Luton Airport Car Parking, Airport CarParkz.url

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/02/12 10:38:08 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Extreme Tech Support - Free PC Help.url

[2012/02/09 23:28:27 | 000,000,329 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\medical.url

[2012/02/07 00:17:36 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2012/02/02 00:58:47 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012/01/31 14:40:25 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Met Office Fax Weather Charts - Netweather.tv.url

[2012/01/29 23:32:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

[2012/01/29 23:32:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

[2012/01/23 00:59:29 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Fixture List Generator, Free web based sports league management software (2).url

[2012/01/19 21:19:41 | 000,000,172 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Driving Lessons l Find Driving Instructors l DrivingInstructor.co.uk.url

[2010/09/24 20:11:50 | 000,087,540 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/06/05 18:51:52 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini

[2008/11/14 20:36:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008/10/14 14:59:50 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SPEA.INI

[2008/10/08 22:05:54 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini

[2008/09/30 18:27:33 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\PixText.dll

[2008/09/30 10:43:05 | 000,020,475 | ---- | C] () -- C:\WINDOWS\hpoins01.dat

[2008/09/30 10:43:05 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat

[2008/04/14 11:49:45 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/02/27 16:52:20 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT

[2008/02/27 14:39:59 | 000,000,728 | ---- | C] () -- C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini

[2003/12/05 14:23:18 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe

[2003/12/05 14:23:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

[2003/03/09 20:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2003/01/02 06:11:22 | 000,000,531 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/01/02 06:10:46 | 000,384,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2003/01/02 06:10:46 | 000,054,280 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2003/01/02 01:05:09 | 000,023,042 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2003/01/02 01:04:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll

[2003/01/02 01:04:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2003/01/02 01:03:31 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini

[2003/01/02 01:03:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini

[2003/01/02 00:54:34 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat

[2003/01/02 00:42:11 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat

[2003/01/02 00:41:58 | 000,018,403 | ---- | C] () -- C:\WINDOWS\HPHins01.dat

[2003/01/02 00:41:58 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat

[2003/01/02 00:33:24 | 000,014,598 | ---- | C] () -- C:\WINDOWS\hpdins01.dat

[2003/01/02 00:23:35 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003/01/02 00:15:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin

[2003/01/02 00:15:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin

[2003/01/02 00:12:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/01/01 23:55:30 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2003/01/01 23:44:51 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2003/01/01 23:44:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2003/01/01 23:44:29 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2003/01/01 23:28:45 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/01/01 23:26:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2003/01/01 23:21:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2003/01/01 23:15:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003/01/01 23:14:52 | 000,383,224 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2003/01/01 12:30:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003/01/01 10:31:45 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2003/01/01 10:31:45 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2003/01/01 10:31:42 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003/01/01 10:31:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003/01/01 10:31:31 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/01/01 10:31:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2003/01/01 10:31:12 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2003/01/01 10:30:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003/01/01 10:29:25 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2001/01/05 17:34:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2001/01/01 04:51:14 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2001/01/01 00:15:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat

[2001/01/01 00:12:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll

 

========== LOP Check ==========

 

[2011/11/24 09:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2010/10/20 09:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/10/20 09:49:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/03/24 11:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents

[2003/01/02 00:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo

[2012/02/14 22:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki

[2012/02/13 18:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2009/03/03 16:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

[2009/03/03 16:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2008/02/27 14:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2012/02/13 00:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/09/24 20:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012/02/13 00:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

[2011/11/24 08:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG2012

[2008/12/19 23:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2003/01/02 01:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2010/05/16 19:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue

[2012/02/12 23:35:37 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2009/01/18 12:28:27 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1222773798.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2001/01/01 00:15:48 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2001/01/01 00:09:00 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK

[2010/08/20 13:06:02 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2003/01/20 17:01:00 | 000,245,920 | RHS- | M] () -- C:\cmldr

[2001/01/01 00:15:48 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2012/02/14 22:32:07 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/08 14:34:26 | 000,420,459 | ---- | M] () -- C:\hpfr3420.log

[2012/02/08 14:32:19 | 000,000,522 | ---- | M] () -- C:\hpfr3420.xml

[2001/01/01 00:15:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/03/06 23:48:54 | 000,000,211 | -H-- | M] () -- C:\IPH.PH

[2001/01/01 00:15:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/05/27 13:57:48 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/10/25 11:02:52 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2012/02/14 22:32:06 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\System32\config\*.sav >

[2003/01/01 23:14:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2003/01/01 23:14:15 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2003/01/01 23:14:15 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 

< %PROGRAMFILES%\* >

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -preferences

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -safe-mode

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/01/20 16:57:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -preferences

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -safe-mode

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 11:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/01/20 16:57:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Starbuck Newbie

Starbuck

Posted
Posted

Hi Ray,

 

I have done all you suggest but could not find jre-7 u2 On the Java download page the nearest available was jre-7-u3 which I have installed and hopefully it is a more recent version of the one you suggest or have I messed up?

I don't always get a notification of the new Java updates straight away.

Another member of staff (plastic Nev) informed me this evening that Java had bought out a new update.

I tried to edit my post to reflect the latest version, but you had already replied.

So, you did good in getting Java7 U3, You didn't mess up at all. :cool2:

 

No I don't use or have heard of Storageguard to back up my PC but would love to be able to back up but understood it would need about a million remote discs to get all the stuff from a standard PC bscked up!

Ok, we can remove it from the startup entries then.

If you want advice on backing up your system, we can do that once we finish this cleaning process..... that isn't a problem.

 

This OTL fix will clean up some orphan entries in your registry and will reset a few things.

The Reg entries in the fix are the StartUp entries we'll remove. (they are not needed to run at startup)

This won't remove any of the files..... only stop them from starting at startup.

All of these program will still be accessible from the Start menu.

 

 

Step 1

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:Otl
[2009/01/23 00:57:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - File not found
MsConfig - StartUpReg: MoneyAgent - hkey= - key= - File not found
[2012/02/12 23:35:37 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=_
"IMJPMIG8.1"=_
"KernelFaultCheck"=_
"MSPY2002"=_
"NvCplDaemon"=_
"nwiz"=_
"O2"=_
"PHIME2002A"=_
"PHIME2002ASync"=_
"StorageGuard"=_

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jessops Insert Detect"=_
"kdx"=_
"NVIEW"=_

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
     
  • Click the red Run Fix button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
     
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

 

Step 2

I'd like you to do an ESET OnlineScan

This scan will take awhile to run, possibly an hour or so......Try to run it when you don't need to use the Pc.

 

You may find it beneficial to close your resident AV program before running the scan.

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
     
  • Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
     
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

    [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

    [*]Click the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

    [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.

    Include the contents of this report in your next reply.

    [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.

    [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

 

 

Note:

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )

To prevent this happening:

When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

 

Enable Anti-Stealth technology

 

http://img.photobucket.com/albums/v708/starbuck50/eset.png

 

 

In your next reply, please submit:

Otl fix

Eset scan report.

 

 

Thanks.

Member of:

UNITE

PEV Newbie

PEV

Posted
  • Author
Posted

Thanks for this

I may not be able to action for a while as I am extremly busy for a day or two but will get it done ASAP.Many thanks for all the time you have given me.

Ray

PEV Newbie

PEV

Posted
  • Author
Posted

Starbuck

Here's first read out sneding it now in case I lose it whilst doing the other thing

ll processes killed

========== OTL ==========

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\locale folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome\content folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\locale folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome\content folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions folder moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\WINDOWS\Downloaded Program Files\erma.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\WINDOWS\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Malwarebytes Anti-Malware (reboot)\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MoneyAgent\ deleted successfully.

C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job moved successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"HP Software Update"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"IMJPMIG8.1"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"KernelFaultCheck"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"MSPY2002"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"NvCplDaemon"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"nwiz"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"O2"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"PHIME2002A"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"PHIME2002ASync"|_ /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"StorageGuard"|_ /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"Jessops Insert Detect"|_ /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"kdx"|_ /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\"NVIEW"|_ /E : value set successfully!

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

 

User: LocalService

->Temp folder emptied: 65536 bytes

->Temporary Internet Files folder emptied: 11250212 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 4438051 bytes

 

User: Owner

->Temp folder emptied: 140141165 bytes

->Temporary Internet Files folder emptied: 12504194 bytes

->Java cache emptied: 713602 bytes

->FireFox cache emptied: 4477143 bytes

->Google Chrome cache emptied: 6138516 bytes

->Flash cache emptied: 6144 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 39097 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 57536699 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 198539467 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 6611599 bytes

RecycleBin emptied: 9269221 bytes

 

Total Files Cleaned = 431.00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 02162012_202745

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF2097.tmp not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF2136.tmp not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF229F.tmp not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF22C6.tmp not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF23C9.tmp not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF241A.tmp not found!

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\R3J14NFE\page2[1].htm moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HTFGJ0ML\ads[4].htm moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6YFMX7Z2\ads[1].htm moved successfully.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

 

 

Ray

PEV Newbie

PEV

Posted
  • Author
Posted

If you're about to answer now.

Wont disabling my AVG leave my system open to infection whilst the eset scan is being run?

PEV Newbie

PEV

Posted
  • Author
Posted

Hi Starbuck

This was found in the eset scan, is it a virus?

C:\Program Files\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined

Ray

Starbuck Newbie

Starbuck

Posted
Posted

It's one of those programs that seems to get a lot of press.

Quite a few don't seem to like it.

We here at FPCH don't recommend registry cleaners at all.

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

 

Maybe Eset agree and are targeting it because of the damage it could cause.

Member of:

UNITE

RandyL Newbie

RandyL

Posted
Posted

Hi everyone.

 

Starbuck I take it the malware scans are clean. I hope Uniblue didn't damage too much.

 

Is the system running better?

 

Just my thoughts here again but in my opinion if it is not........

 

Uninstall AVG and Google products.

If you have Realplayer you are one of the few in my opinion. I won't have it.

 

That's all I have. I'll go away now.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

PEV Newbie

PEV

Posted
  • Author
Posted

Randyl the system seems to be a 100% better now on start up but I shall give it a couple more days before I start to dance on the table!

Yes I do have realplayer and it works fine for me and also AVG seems to have been 'hung for a crime it did not commmit!' I don't quite understand what uniblue is? it's described on google search in one entry as a virus yet Starbuck and other people say its an over aggressive registry cleaner - someone please explain.

You guys have been fantastic and special thanks to Starbuck for all your help and patience.

Backing up my PC was discusssed and I would like to know the feasability of doing this in the future so any advice is very welcome.

Hopefully I'm not being too premature here but thanks again to all who have given their help and input.

Oh one more thing I notice their seems no way to send a private message to other folk. IMO It would sometimes be good to sometimes communicate without going 'public'?

Thanks again PEV(Ray)

RandyL Newbie

RandyL

Posted
Posted

Good to hear that all is working Ray. Starbuck is really quite amazing with these things.

 

One way to send a private message is to click on a name on the left of their post. You will get a context menu where you will see that option. Please keep in mind though that all help should be posted on the forum so that others can benefit.

 

Starbuck or Ken can give you advice on uniblue and backup. Starbuck may also advise you finishing up.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

KenB Newbie

KenB

Posted
Posted
Starbuck or Ken can give you advice on uniblue and backup

It would be best to finish the tidying up fist - if there is any to do.

 

I wrote a tutorial re. making an image of your system. ( complete copy of the hard drive )

You may be interested in this.

There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !!

 

MiniToolBox

Network Test

Wireless Test

Starbuck Newbie

Starbuck

Posted
Posted
Starbuck may also advise you finishing up.

Yes, we should remove the programs we've used and finish off the cleaning process.

 

I wrote a tutorial re. making an image of your system. ( complete copy of the hard drive )

You may be interested in this.

It's already been suggested to me that Ken would be the person to help you with the backup help you need.

So it looks like Ken talked himself into a job. :o

 

Step 1

Restart MBAM.

Click on the Quarantine tab

If there are items in quarantine.....

Make sure everything is selected and then click Delete All.

Close MBAM.

 

Step 2

  • Please double-click OTL to run it.
  • You should see a CleanUp! button, press that button,
     
    http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png
     
  • This will cleanup an assortment of tools used during malware removal, plus itself

 

Note:

MBAM will not be removed

 

 

Step 3

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

 

The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Select the drive for cleaning then click OK (usually 'C' drive)
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

 

 

To find out how you may have been infected....read this topic:

How did i get infected?

 

Not all of the following information will be applicable to you, but it's still best to read it all.

 

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  • Use an AntiVirus Software

     

    Note*:

    Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation.

     

    Note**:

    Upon installation MS Security Essentials will check that your OS is a legal copy.

     

    Only install one AntiVirus program

     

    [*]Update your AntiVirus Software regularly

     

    [*]Use a 3rd party Firewall

    NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option.

     

    Only install one software Firewall

     

    Some 3rd party Firewalls will turn off the windows firewall when they are installed.

    It's always best to check that the Windows Firewall is turned off:

     

    How to turn off Windows Firewall:

    Start ... Control Panel ...click on 'Classic View'.

    now select Windows Firewall.

    When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok

     

    [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner:

    Installing another scanner that you can run once or twice a week is always beneficial.

    Something like:

    Malwarebytes Anti-Malware

    SUPERAntiSypware

    Remember to update these programs each time before running.

    You can install more than one of these if you only run them as stand alone programs.

     

    [*] Use an alternative browser:

    Some excellent alternatives to MS Internet Explorer are:

     

    Firefox

    For added security, add the NoScript extension to this browser:

    Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks

    also consider adding:

    WOT - Safe Browsing Tool

     

    Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.

    Btw: you don't have to make a contribution.

     

    Opera

     

    They offer better security, more stability, and better speed.

     

    [*]Keep a backup of your registry

    Keeping a regular backup of your registry will help when something goes wrong.

    Use a program like:

    Erunt

     

    A full tutorial on how to set up and use Erunt can be found here:

    Erunt tutorial

     

    [*]Keep your system clean of temp files etc, using a 'Cleaner':

    Cleaners are programs that will help to clean out your:

    Windows temp files

    Current user temp files

    Cookies

    Temporary Internet flies

    Browser history

    Recycle bin

    Etc.......

    In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.

    Programs like:

    TFC by OldTimer

    ATF Cleaner

     

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

     

    [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

     

    A tutorial on installing & using this product can be found here:

    Using and installing SpywareBlaster

     

    [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

 

Glad I was able to help.

 

Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif

Member of:

UNITE

PEV Newbie

PEV

Posted
  • Author
Posted

Guys

Just a quick thanks to all for the great help and advice I have received. I am so grateful!

I will be looking at doing some/all of the actions that you have suggested but am manic with work ATM.

-Am a full time driving instructor and also involved with running a football league.

I felt I needed to let you know now how appreciative as I may not get back on this forum for a while so again thanks. And as Terminator said' I'll be back!'

Ray

KenB Newbie

KenB

Posted
Posted

From a PM sent by PEV

 

Hi Ken

 

I have set a system restore point as instructed by Starbuck and believe you have offered to help with backing up my PC?

If this is correct how complicated is it - how long would it take and what are thr risks of cocking up my end?(I am pretty prone to that!)

 

Hi Ray,

 

I wrote a tutorial on "How to Create a Backup Image of your System" a while ago.

The software is free - unlike some others.

 

An image is a direct copy of your hard drive - errors too. So if you are still sorting things with etavares I would get the all clear first.

 

The tutorial is here:

http://kenspchelp.co.uk/viewtopic.php?f=36&t=190

 

You need somewhere to store the image.

I suggest an external hard drive as it keeps the image in one place.

DO NOT attempt to store it on a partition on the hard drive being imaged.

 

You will also need to create the recovery disks ( it is no use trying to do this on a dead computer :) )

There are 2 options - Linux and Windows PE

I suggest burning both. ( Just in case )

 

The process does take a few hours - so one rainy Sunday sounds perfect.

There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !!

 

MiniToolBox

Network Test

Wireless Test

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...