Trazza Posted April 26, 2012 Posted April 26, 2012 Is it possible that ther is malaware or spyware on my pc. My monitor keeps going black and I have to switch it off then on again several times to get it to stay on. Have asked several people I know if I might borrow their monitor to check if it is this but alas it seems to be the age of the laptop. Would just like to check before I have to bite the bullet and go and buy a new one. I have done the checks as asked for in the sticky by starbuck and will copy them at the bottom of this thread. Thanks all Trazza Malwarebytes Anti-Malware 1.61.0.1400 http://www.malwarebytes.org Database version: v2012.04.26.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 USER :: ANY-6C5E521BE98 [administrator] 26/04/2012 15:16:15 mbam-log-2012-04-26 (15-16-15).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 280965 Time elapsed: 1 hour(s), 14 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKCU\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. HKLM\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RegTool (Rogue.RegTool) -> Data: C:\Program Files\RegTool\RegTool.exe -boot -> Quarantined and deleted successfully. Registry Data Items Detected: 2 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 4 C:\Documents and Settings\USER\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100 (Rogue.RegTool) -> Quarantined and deleted successfully. Files Detected: 240 C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\resultsw.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\Logs\2009-03-15 20-02-340.log (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\Logs\2009-03-15 20-07-310.log (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\filelist.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-0.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-1.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-10.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-100.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-101.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-102.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-103.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-104.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-105.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-106.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-107.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-108.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-109.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-11.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-110.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-111.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-112.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-113.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-26.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-27.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-28.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-29.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-3.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-30.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-31.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-32.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-33.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-34.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-35.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-36.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-37.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-38.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-39.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-4.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-40.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-41.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-42.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-44.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-45.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-46.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-47.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-48.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-49.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-5.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-50.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-51.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-52.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-53.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-54.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-55.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-56.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-57.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-58.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-59.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-6.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-60.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-62.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-63.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-64.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-65.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-66.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-67.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-68.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-69.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-7.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-70.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-71.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-72.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-73.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-74.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-75.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-76.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-77.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-78.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-79.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-80.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-81.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-82.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-83.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-84.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-85.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-86.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-87.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-88.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-89.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-9.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-90.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-91.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-92.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-93.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-94.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-95.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-96.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-97.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-98.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-99.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-114.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-132.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-150.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-169.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-187.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-204.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-25.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-43.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-61.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-8.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-115.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-116.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-117.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-118.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-119.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-12.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-120.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-121.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-122.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-123.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-124.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-125.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-126.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-127.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-128.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-129.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-13.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-130.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-131.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-133.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-134.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-135.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-136.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-137.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-138.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-139.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-14.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-140.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-141.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-142.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-143.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-144.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-145.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-146.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-147.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-148.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-149.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-15.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-151.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-152.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-153.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-154.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-155.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-156.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-157.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-158.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-159.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-16.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-160.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-161.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-162.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-163.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-164.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-165.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-166.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-167.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-168.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-17.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-170.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-171.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-172.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-173.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-174.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-175.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-176.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-177.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-178.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-179.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-18.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-180.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-181.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-182.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-183.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-184.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-185.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-186.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-188.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-189.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-19.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-190.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-191.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-192.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-193.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-194.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-195.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-196.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-197.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-198.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-199.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-2.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-20.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-200.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-201.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-202.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-203.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-205.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-206.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-207.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-208.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-209.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-21.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-210.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-211.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-212.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-213.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-214.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-215.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-216.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-217.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-218.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-219.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-22.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-220.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-221.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-222.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-223.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-224.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-225.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-226.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-227.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-228.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-229.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-23.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-230.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-231.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-232.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-233.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-234.db (Rogue.RegTool) -> Quarantined and deleted successfully. C:\Documents and Settings\USER\Application Data\RegTool\QuarantineW\2009-03-15 20-06-100\regb-24.db (Rogue.RegTool) -> Quarantined and deleted successfully. (end) OTL files to follow Quote
Trazza Posted April 26, 2012 Author Posted April 26, 2012 OTL logfile created on: 26/04/2012 16:56:07 - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 458.29 Mb Available Physical Memory | 44.84% Memory free 2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.08% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 123.65 Gb Free Space | 82.96% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\USER\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Documents and Settings\USER\Local Settings\Temp\bwgo000090b6.exe (BackWeb Technologies Inc. ) PRC - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) PRC - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) PRC - C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () MOD - C:\Program Files\Belkin\Bluetooth Software\BTKeyInd.dll () ========== Win32 Services (SafeList) ========== SRV - (LVPrcSrv) -- File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe (Symantec Corporation) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (btwdins) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (RPSKT) Security Services Driver (x86) -- system32\DRIVERS\rp_skt32.sys File not found DRV - (PID_08A0) Logitech QuickCam IM(PID_08A0) -- File not found DRV - (pepifilter) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (LVUSBSta) -- File not found DRV - (LVPr2Mon) -- File not found DRV - (LVcKap) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx86.sys (Symantec Corporation) DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120425.001\IDSXpx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120425.032\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120425.032\NAVENG.SYS (Symantec Corporation) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symtdi.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\srtspx.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symefa.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symds.sys (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\ironx86.sys (Symantec Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (w810obex) -- C:\WINDOWS\system32\drivers\w810obex.sys (MCCI) DRV - (w810mdm) -- C:\WINDOWS\system32\drivers\w810mdm.sys (MCCI) DRV - (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\w810mgmt.sys (MCCI) DRV - (w810mdfl) -- C:\WINDOWS\system32\drivers\w810mdfl.sys (MCCI) DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\w810bus.sys (MCCI) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation) DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys () DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation) DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation) DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation) DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation) DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\Lhidusb.sys (Logitech, Inc.) DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS (Logitech, Inc.) DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.) DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB IE - HKCU\..\SearchScopes\{82445343-3524-49A4-9C55-0813E5B12D25}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=GB&ver=18 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/01 13:27:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_7_5 [2012/04/26 16:40:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/19 09:52:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 23:37:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/17 16:28:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/12/20 15:30:18 | 000,000,000 | ---D | M] [2011/12/26 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions [2011/12/26 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com [2012/04/26 16:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions [2010/04/27 13:51:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/02/23 13:16:54 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\DeviceDetection@logitech.com [2011/05/15 19:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\nostmp [2011/01/29 18:46:09 | 000,002,472 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\safesearch.xml [2011/05/15 19:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XE8NKD85.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI [2012/04/25 23:37:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009/08/27 20:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll [2011/09/30 11:41:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/10 08:47:07 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gears.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: BT Broadband Support Tools (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2007/03/16 18:19:25 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\USER\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} https://www.ntrsupport.com/nv/inquiero/mod/setup/ntractivex118_28.cab (NTR ActiveX 1.1.8) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F532D20C-DCA3-4A06-9719-FD84C16FDCE4}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found. O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\Shell - "" = AutoRun O33 - MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\Shell\AutoRun\command - "" = F:\laucher.exe O33 - MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\Shell - "" = AutoRun O33 - MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\Shell\AutoRun\command - "" = F:\laucher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Unable to start System Restore Service. Error code 1056 ========== Files/Folders - Created Within 30 Days ========== [2012/04/26 15:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Malwarebytes [2012/04/26 15:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/26 15:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/04/26 15:10:40 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/04/26 15:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/04/25 23:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2012/04/25 23:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/04/17 16:19:24 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/26 17:00:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job [2012/04/26 17:00:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\B437FEC6918469DA.job [2012/04/26 16:42:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/04/26 16:40:52 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/04/26 16:40:48 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2012/04/26 16:40:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/04/26 16:40:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/04/26 16:23:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/04/26 16:14:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2012/04/26 16:03:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/04/26 15:10:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/23 12:01:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\avast! Antivirus.job [2012/04/23 08:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/04/21 12:34:51 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Microsoft Office Word 2003.lnk [2012/04/17 16:19:24 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/04/17 16:19:24 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/04/11 19:10:55 | 000,469,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/04/11 19:10:55 | 000,081,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/04/11 18:59:30 | 000,788,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1207010.003\Cat.DB [2012/04/11 18:58:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/04/04 07:42:52 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK [2012/03/28 01:40:14 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1207010.003\isolate.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/26 15:10:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/17 16:19:25 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2010/07/29 17:41:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll [2010/07/29 17:41:07 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini ========== LOP Check ========== [2011/01/29 16:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2009/11/29 10:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/09/13 19:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2012/02/23 12:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager [2010/09/17 15:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success [2011/08/29 17:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2007/03/17 11:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Face mode chic admin [2012/02/23 12:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HardwareHelper [2010/09/17 13:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training [2009/12/14 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2010/09/25 08:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX [2008/11/03 15:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2010/06/02 19:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! [2011/09/26 11:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2011/12/20 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2011/12/20 15:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2011/12/20 15:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2011/09/26 11:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2008/05/21 16:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca [2011/08/29 17:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2009/11/23 15:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband [2011/10/16 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2010/09/20 10:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\CheckPoint [2011/08/30 17:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ElevatedDiagnostics [2008/03/03 17:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\EPSON [2006/11/30 20:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FotoWire [2006/11/30 21:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FUJIFILM [2009/12/14 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\iolo [2006/11/30 22:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Leadertech [2006/11/30 20:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\MSNInstaller [2011/12/20 15:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Nokia [2011/12/20 15:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Nokia Suite [2009/11/23 12:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ntr [2011/12/20 16:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\PC Suite [2007/03/17 11:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Pop mail bits [2007/01/19 12:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Teleca [2011/12/29 13:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\TomTom [2009/11/23 15:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Virgin Broadband [2012/04/23 12:01:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\avast! Antivirus.job [2012/04/26 17:00:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\B437FEC6918469DA.job [2012/04/26 16:14:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job [2012/04/26 17:00:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011/08/30 18:37:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008/03/03 16:49:01 | 000,000,504 | ---- | M] () -- C:\dlbt.log [2006/11/29 17:27:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007/07/27 20:43:25 | 000,000,171 | ---- | M] () -- C:\itouch.log [2006/11/30 22:55:28 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log [2007/03/17 13:46:07 | 000,006,769 | ---- | M] () -- C:\lvcoinst.log [2006/11/29 17:27:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/12 15:02:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/09/20 17:49:57 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/04/26 16:40:35 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2007/03/07 00:40:32 | 000,000,731 | ---- | M] () -- C:\Rescued document 1.txt [2007/03/07 00:40:32 | 000,000,731 | ---- | M] () -- C:\Rescued document.txt [2007/09/11 11:53:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2007/09/12 21:44:56 | 000,000,136 | -H-- | M] () -- C:\sqmdata01.sqm [2007/12/13 22:28:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2007/12/31 18:24:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2008/02/03 13:32:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2008/03/08 19:50:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2008/06/07 11:20:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm [2008/06/23 22:28:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm [2008/06/23 22:29:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2008/06/29 23:17:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm [2008/08/01 14:35:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm [2008/08/16 17:01:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2008/10/09 11:11:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2008/10/09 11:12:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm [2008/11/22 15:22:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2008/11/22 15:34:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2008/11/22 15:38:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2009/04/23 16:16:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm [2007/09/09 22:39:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2007/09/11 11:29:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2007/09/12 21:44:56 | 000,000,136 | -H-- | M] () -- C:\sqmnoopt00.sqm [2007/12/13 22:28:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2007/12/31 18:24:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2008/02/03 13:32:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2008/03/08 19:50:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2008/06/07 11:20:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2008/06/23 22:28:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2008/06/23 22:29:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2008/06/29 23:17:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2008/08/01 14:35:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2008/08/16 17:01:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2008/10/09 11:11:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2008/10/09 11:12:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2008/11/22 15:22:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2008/11/22 15:34:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2008/11/22 15:38:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2009/04/23 16:16:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2007/09/09 22:39:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2007/09/11 11:29:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2007/09/11 11:53:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2006/11/29 17:20:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006/11/29 17:20:09 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006/11/29 17:20:09 | 000,892,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/02/29 12:01:00 | 000,634,680 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/02/29 12:01:00 | 000,634,680 | ---- | M] (Microsoft Corporation) ========== Files - Unicode (All) ========== [2009/11/22 12:18:40 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g [2009/11/22 12:18:40 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g < End of report > OTL Extras logfile created on: 26/04/2012 16:56:07 - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 458.29 Mb Available Physical Memory | 44.84% Memory free 2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.08% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 123.65 Gb Free Space | 82.96% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software "{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Belkin Bluetooth Software "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2 "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD "{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools "{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate "{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite "{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "BT Broadband Desktop Help" = BT Broadband Desktop Help "BTHomeHub" = BTHomeHub "DebugMode Wink" = DebugMode Wink "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual "GoToAssist" = GoToAssist Corporate "Hardware Helper_is1" = Hardware Helper "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "Infineon USB driver_is1" = Infineon USB driver 1.0.0.6 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem "Logitech Print Service" = Logitech Print Service "Logitech Resource Center" = Logitech Resource Center "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "MWASPINT" = MicroStaff WINASPI NT "NIS" = Norton Internet Security "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia Suite" = Nokia Suite "QuickTime" = QuickTime "RealPlayer 15.0" = RealPlayer "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07/04/2012 04:57:20 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 07/04/2012 04:57:26 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/04/2012 06:04:49 | Computer Name = ANY-6C5E521BE98 | Source = .NET Runtime Optimization Service | ID = 1101 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe . Error code = 0x80131047 Error - 14/04/2012 05:25:03 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 14/04/2012 05:26:25 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:02:15 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:02:24 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1001 Description = Fault bucket -1413921487. Error - 17/04/2012 11:11:28 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:52:59 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:54:07 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1001 Description = Fault bucket -1413921487. [ System Events ] Error - 26/04/2012 03:06:22 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 26/04/2012 03:06:22 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 26/04/2012 03:07:50 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Error - 26/04/2012 03:13:39 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 26/04/2012 03:13:39 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 26/04/2012 03:15:08 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Error - 26/04/2012 11:40:56 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 26/04/2012 11:40:56 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 26/04/2012 11:42:25 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Quote
Trazza Posted April 26, 2012 Author Posted April 26, 2012 OTL logfile created on: 26/04/2012 16:56:07 - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 458.29 Mb Available Physical Memory | 44.84% Memory free 2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.08% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 123.65 Gb Free Space | 82.96% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\USER\My Documents\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Documents and Settings\USER\Local Settings\Temp\bwgo000090b6.exe (BackWeb Technologies Inc. ) PRC - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) PRC - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) PRC - C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () MOD - C:\Program Files\Belkin\Bluetooth Software\BTKeyInd.dll () ========== Win32 Services (SafeList) ========== SRV - (LVPrcSrv) -- File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe (Symantec Corporation) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (btwdins) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (RPSKT) Security Services Driver (x86) -- system32\DRIVERS\rp_skt32.sys File not found DRV - (PID_08A0) Logitech QuickCam IM(PID_08A0) -- File not found DRV - (pepifilter) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (LVUSBSta) -- File not found DRV - (LVPr2Mon) -- File not found DRV - (LVcKap) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120413.001\BHDrvx86.sys (Symantec Corporation) DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120425.001\IDSXpx86.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120425.032\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120425.032\NAVENG.SYS (Symantec Corporation) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symtdi.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\srtspx.sys (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symefa.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\symds.sys (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1207010.003\ironx86.sys (Symantec Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI) DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI) DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI) DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI) DRV - (w810obex) -- C:\WINDOWS\system32\drivers\w810obex.sys (MCCI) DRV - (w810mdm) -- C:\WINDOWS\system32\drivers\w810mdm.sys (MCCI) DRV - (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\w810mgmt.sys (MCCI) DRV - (w810mdfl) -- C:\WINDOWS\system32\drivers\w810mdfl.sys (MCCI) DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\w810bus.sys (MCCI) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation) DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys () DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation) DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation) DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation) DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation) DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\Lhidusb.sys (Logitech, Inc.) DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS (Logitech, Inc.) DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.) DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB IE - HKCU\..\SearchScopes\{82445343-3524-49A4-9C55-0813E5B12D25}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=GB&ver=18 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..network.proxy.no_proxies_on: "localhost,*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/01 13:27:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_7_5 [2012/04/26 16:40:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/19 09:52:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 23:37:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/17 16:28:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/12/20 15:30:18 | 000,000,000 | ---D | M] [2011/12/26 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions [2011/12/26 09:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com [2012/04/26 16:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions [2010/04/27 13:51:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/02/23 13:16:54 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\DeviceDetection@logitech.com [2011/05/15 19:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\extensions\nostmp [2011/01/29 18:46:09 | 000,002,472 | ---- | M] () -- C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\xe8nkd85.default\searchplugins\safesearch.xml [2011/05/15 19:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XE8NKD85.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI [2012/04/25 23:37:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009/08/27 20:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll [2011/09/30 11:41:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/10 08:47:07 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\Application\11.0.696.60\gears.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: BT Broadband Support Tools (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\USER\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2007/03/16 18:19:25 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\USER\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} http://esupport.epson-europe.com/selftest/en/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} https://www.ntrsupport.com/nv/inquiero/mod/setup/ntractivex118_28.cab (NTR ActiveX 1.1.8) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F532D20C-DCA3-4A06-9719-FD84C16FDCE4}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found. O24 - Desktop WallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\Shell - "" = AutoRun O33 - MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\Shell\AutoRun\command - "" = F:\laucher.exe O33 - MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\Shell - "" = AutoRun O33 - MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\Shell\AutoRun\command - "" = F:\laucher.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Unable to start System Restore Service. Error code 1056 ========== Files/Folders - Created Within 30 Days ========== [2012/04/26 15:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\USER\Application Data\Malwarebytes [2012/04/26 15:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/26 15:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/04/26 15:10:40 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/04/26 15:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/04/25 23:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2012/04/25 23:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/04/17 16:19:24 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/04/26 17:00:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job [2012/04/26 17:00:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\B437FEC6918469DA.job [2012/04/26 16:42:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/04/26 16:40:52 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/04/26 16:40:48 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2012/04/26 16:40:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/04/26 16:40:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/04/26 16:23:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/04/26 16:14:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2012/04/26 16:03:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/04/26 15:10:44 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/23 12:01:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\avast! Antivirus.job [2012/04/23 08:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-261903793-725345543-1004.job [2012/04/21 12:34:51 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\USER\Desktop\Microsoft Office Word 2003.lnk [2012/04/17 16:19:24 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/04/17 16:19:24 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/04/11 19:10:55 | 000,469,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/04/11 19:10:55 | 000,081,554 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/04/11 18:59:30 | 000,788,816 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1207010.003\Cat.DB [2012/04/11 18:58:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/04/04 07:42:52 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK [2012/03/28 01:40:14 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1207010.003\isolate.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/04/26 15:10:44 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/17 16:19:25 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2010/07/29 17:41:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll [2010/07/29 17:41:07 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini ========== LOP Check ========== [2011/01/29 16:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2009/11/29 10:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2010/09/13 19:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2012/02/23 12:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager [2010/09/17 15:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success [2011/08/29 17:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2007/03/17 11:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Face mode chic admin [2012/02/23 12:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HardwareHelper [2010/09/17 13:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hazard Perception Training [2009/12/14 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo [2010/09/25 08:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX [2008/11/03 15:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2010/06/02 19:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! [2011/09/26 11:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2011/12/20 15:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2011/12/20 15:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2011/12/20 15:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2011/09/26 11:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2008/05/21 16:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca [2011/08/29 17:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL [2009/11/23 15:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband [2011/10/16 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 [2010/09/20 10:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\CheckPoint [2011/08/30 17:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ElevatedDiagnostics [2008/03/03 17:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\EPSON [2006/11/30 20:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FotoWire [2006/11/30 21:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\FUJIFILM [2009/12/14 12:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\iolo [2006/11/30 22:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Leadertech [2006/11/30 20:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\MSNInstaller [2011/12/20 15:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Nokia [2011/12/20 15:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Nokia Suite [2009/11/23 12:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\ntr [2011/12/20 16:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\PC Suite [2007/03/17 11:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Pop mail bits [2007/01/19 12:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Teleca [2011/12/29 13:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\TomTom [2009/11/23 15:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\USER\Application Data\Virgin Broadband [2012/04/23 12:01:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\avast! Antivirus.job [2012/04/26 17:00:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\B437FEC6918469DA.job [2012/04/26 16:14:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job [2012/04/26 17:00:13 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F628711-2870-461B-A125-8E66B2BF1907}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011/08/30 18:37:30 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2006/11/29 17:27:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008/03/03 16:49:01 | 000,000,504 | ---- | M] () -- C:\dlbt.log [2006/11/29 17:27:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007/07/27 20:43:25 | 000,000,171 | ---- | M] () -- C:\itouch.log [2006/11/30 22:55:28 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log [2007/03/17 13:46:07 | 000,006,769 | ---- | M] () -- C:\lvcoinst.log [2006/11/29 17:27:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/12 15:02:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/09/20 17:49:57 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/04/26 16:40:35 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2007/03/07 00:40:32 | 000,000,731 | ---- | M] () -- C:\Rescued document 1.txt [2007/03/07 00:40:32 | 000,000,731 | ---- | M] () -- C:\Rescued document.txt [2007/09/11 11:53:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm [2007/09/12 21:44:56 | 000,000,136 | -H-- | M] () -- C:\sqmdata01.sqm [2007/12/13 22:28:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm [2007/12/31 18:24:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm [2008/02/03 13:32:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm [2008/03/08 19:50:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm [2008/06/07 11:20:33 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm [2008/06/23 22:28:58 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm [2008/06/23 22:29:45 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm [2008/06/29 23:17:28 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm [2008/08/01 14:35:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm [2008/08/16 17:01:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm [2008/10/09 11:11:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm [2008/10/09 11:12:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm [2008/11/22 15:22:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm [2008/11/22 15:34:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm [2008/11/22 15:38:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm [2009/04/23 16:16:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm [2007/09/09 22:39:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2007/09/11 11:29:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm [2007/09/12 21:44:56 | 000,000,136 | -H-- | M] () -- C:\sqmnoopt00.sqm [2007/12/13 22:28:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm [2007/12/31 18:24:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm [2008/02/03 13:32:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm [2008/03/08 19:50:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm [2008/06/07 11:20:33 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm [2008/06/23 22:28:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm [2008/06/23 22:29:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm [2008/06/29 23:17:28 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm [2008/08/01 14:35:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm [2008/08/16 17:01:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm [2008/10/09 11:11:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm [2008/10/09 11:12:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm [2008/11/22 15:22:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm [2008/11/22 15:34:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm [2008/11/22 15:38:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm [2009/04/23 16:16:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm [2007/09/09 22:39:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm [2007/09/11 11:29:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2007/09/11 11:53:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2006/11/29 17:20:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006/11/29 17:20:09 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006/11/29 17:20:09 | 000,892,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/02/29 12:01:00 | 000,634,680 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/25 23:37:46 | 000,866,992 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/25 23:37:53 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 13:16:50 | 000,070,656 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/02/29 12:01:00 | 000,634,680 | ---- | M] (Microsoft Corporation) ========== Files - Unicode (All) ========== [2009/11/22 12:18:40 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g [2009/11/22 12:18:40 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g < End of report > OTL Extras logfile created on: 26/04/2012 16:56:07 - Run 1 OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\USER\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1022.09 Mb Total Physical Memory | 458.29 Mb Available Physical Memory | 44.84% Memory free 2.40 Gb Paging File | 2.02 Gb Available in Paging File | 84.08% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 123.65 Gb Free Space | 82.96% Space Free | Partition Type: NTFS Computer Name: ANY-6C5E521BE98 | User Name: USER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime "{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software "{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Belkin Bluetooth Software "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2 "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD "{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools "{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate "{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite "{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "BT Broadband Desktop Help" = BT Broadband Desktop Help "BTHomeHub" = BTHomeHub "DebugMode Wink" = DebugMode Wink "EPSON Printer and Utilities" = EPSON Printer Software "EPSON Scanner" = EPSON Scan "EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual "GoToAssist" = GoToAssist Corporate "Hardware Helper_is1" = Hardware Helper "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "Infineon USB driver_is1" = Infineon USB driver 1.0.0.6 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller "InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour "Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem "Logitech Print Service" = Logitech Print Service "Logitech Resource Center" = Logitech Resource Center "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "MWASPINT" = MicroStaff WINASPI NT "NIS" = Norton Internet Security "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia Suite" = Nokia Suite "QuickTime" = QuickTime "RealPlayer 15.0" = RealPlayer "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 07/04/2012 04:57:20 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 07/04/2012 04:57:26 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/04/2012 06:04:49 | Computer Name = ANY-6C5E521BE98 | Source = .NET Runtime Optimization Service | ID = 1101 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\Driver Manager\Driver Manager\DriverManager.exe . Error code = 0x80131047 Error - 14/04/2012 05:25:03 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 14/04/2012 05:26:25 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:02:15 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:02:24 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1001 Description = Fault bucket -1413921487. Error - 17/04/2012 11:11:28 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:52:59 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 17/04/2012 11:54:07 | Computer Name = ANY-6C5E521BE98 | Source = Application Hang | ID = 1001 Description = Fault bucket -1413921487. [ System Events ] Error - 26/04/2012 03:06:22 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 26/04/2012 03:06:22 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 26/04/2012 03:07:50 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Error - 26/04/2012 03:13:39 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 26/04/2012 03:13:39 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 26/04/2012 03:15:08 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Error - 26/04/2012 11:40:56 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Logitech Process Monitor service failed to start due to the following error: %%3 Error - 26/04/2012 11:40:56 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7000 Description = The Security Services Driver (x86) service failed to start due to the following error: %%2 Error - 26/04/2012 11:42:25 | Computer Name = ANY-6C5E521BE98 | Source = Service Control Manager | ID = 7022 Description = The Bonjour Service service hung on starting. Quote
ExTS Admin Starbuck Posted April 26, 2012 ExTS Admin Posted April 26, 2012 Hi Trazza My monitor keeps going black and I have to switch it off then on again several times to get it to stay on. Although there are items we should address on the system.... i doubt if these are related to the monitor issue. Step 1 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl DRV - (WDICA) -- File not found DRV - (RPSKT) Security Services Driver (x86) -- system32\DRIVERS\rp_skt32.sys File not found DRV - (PID_08A0) Logitech QuickCam IM(PID_08A0) -- File not found DRV - (pepifilter) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (LVUSBSta) -- File not found DRV - (LVPr2Mon) -- File not found DRV - (LVcKap) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npF FApi.dll File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" File not found O4 - Startup: C:\Documents and Settings\USER\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/sh...1/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O33 - MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\Shell - "" = AutoRun O33 - MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\Shell\AutoRun\command - "" = F:\laucher.exe O33 - MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\Shell - "" = AutoRun O33 - MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\Shell\AutoRun\command - "" = F:\laucher.exe [2011/01/29 16:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2009/11/29 10:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2007/03/17 11:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Face mode chic admin [2012/04/23 12:01:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\avast! Antivirus.job [2012/04/26 17:00:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\B437FEC6918469DA.job [2009/11/22 12:18:40 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\??????????????????????????? ?????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩 塜楖睥挮湯楦g [2009/11/22 12:18:40 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\??????????????????????????? ?????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩 塜楖睥挮湯楦g :Files C:\Program Files\AVG ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 2 I'd like you to do an ESET OnlineScan You may find it beneficial to close your resident AV program before running the scan. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Note: It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% ) To prevent this happening: When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology http://img.photobucket.com/albums/v708/starbuck50/eset.png In your next reply, please submit: Otl fix report Eset scan report Thanks. Quote Member of:UNITE
Trazza Posted April 26, 2012 Author Posted April 26, 2012 Hi starbuck Here is the OTL results but not the other you asked for. Could you please advise as to switching off my Norton as I don't think I've ever done it before. All processes killed ========== OTL ========== Service WDICA stopped successfully! Service WDICA deleted successfully! File File not found not found. Error: No service named RPSKT) Security Services Driver (x86 was found to stop! Service\Driver key RPSKT) Security Services Driver (x86 not found. File system32\DRIVERS\rp_skt32.sys File not found not found. Error: No service named PID_08A0) Logitech QuickCam IM(PID_08A0 was found to stop! Service\Driver key PID_08A0) Logitech QuickCam IM(PID_08A0 not found. File File not found not found. Service pepifilter stopped successfully! Service pepifilter deleted successfully! File File not found not found. Service PDRFRAME stopped successfully! Service PDRFRAME deleted successfully! File File not found not found. Service PDRELI stopped successfully! Service PDRELI deleted successfully! File File not found not found. Service PDFRAME stopped successfully! Service PDFRAME deleted successfully! File File not found not found. Service PDCOMP stopped successfully! Service PDCOMP deleted successfully! File File not found not found. Service PCIDump stopped successfully! Service PCIDump deleted successfully! File File not found not found. Service MRENDIS5 stopped successfully! Service MRENDIS5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found not found. Service MREMPR5 stopped successfully! Service MREMPR5 deleted successfully! File C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found not found. Service LVUSBSta stopped successfully! Service LVUSBSta deleted successfully! File File not found not found. Service LVPr2Mon stopped successfully! Service LVPr2Mon deleted successfully! File File not found not found. Service LVcKap stopped successfully! Service LVcKap deleted successfully! File File not found not found. Service lbrtfdc stopped successfully! Service lbrtfdc deleted successfully! File File not found not found. Service i2omgmt stopped successfully! Service i2omgmt deleted successfully! File File not found not found. Service Changer stopped successfully! Service Changer deleted successfully! File File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TomTomHOME.exe deleted successfully. C:\Documents and Settings\USER\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk moved successfully. Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} C:\WINDOWS\Downloaded Program Files\mcinsctl.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23dcabdf-3a73-11df-a133-000a3a63f1fa}\ not found. File F:\laucher.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c96bb988-8035-11de-a2f6-000a3a63f1fa}\ not found. File F:\laucher.exe not found. C:\Documents and Settings\All Users\Application Data\Alwil Software folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully. C:\Documents and Settings\All Users\Application Data\Face mode chic admin folder moved successfully. C:\WINDOWS\Tasks\avast! Antivirus.job moved successfully. C:\WINDOWS\Tasks\B437FEC6918469DA.job moved successfully. File C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩 塜楖睥挮湯楦g not found. File C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩 塜楖睥挮湯楦g not found. ========== FILES ========== C:\Program Files\AVG\AVG9 folder moved successfully. C:\Program Files\AVG\AVG8\log folder moved successfully. C:\Program Files\AVG\AVG8 folder moved successfully. C:\Program Files\AVG folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\USER\My Documents\Downloads\cmd.bat deleted successfully. C:\Documents and Settings\USER\My Documents\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: LocalService ->Temp folder emptied: 2048072 bytes ->Temporary Internet Files folder emptied: 26505215 bytes User: NetworkService ->Temp folder emptied: 1988440 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: USER ->Temp folder emptied: 959851308 bytes ->Temporary Internet Files folder emptied: 80139644 bytes ->FireFox cache emptied: 65105272 bytes ->Google Chrome cache emptied: 473814767 bytes ->Flash cache emptied: 15232428 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2162283 bytes %systemroot%\System32 .tmp files removed: 73233 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 93543199 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 188028136 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 663861139 bytes Total Files Cleaned = 2,453.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.42.1 log created on 04262012_220814 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\Perflib_Perfdata_11c.dat not found! Registry entries deleted on Reboot... Thanks Trazza Quote
ExTS Admin Starbuck Posted April 26, 2012 ExTS Admin Posted April 26, 2012 Hi Trazza Could you please advise as to switching off my Norton as I don't think I've ever done it before. Take a look Here This should explain things. Quote Member of:UNITE
Trazza Posted April 27, 2012 Author Posted April 27, 2012 Did the ESET scan took 2 hours but no infections found also no list to find. went to C:\Program Files\ESET\ESET Online Scanner\log.txt but no list there either. Have I done something wrong? Could not save it to desktop and on finishing it uninstalled itself. Thanks Trazza Quote
ExTS Admin Starbuck Posted April 27, 2012 ExTS Admin Posted April 27, 2012 Hi Trazza 2 hours is about right. (it's a very thorough scan) Could not save it to desktop and on finishing it uninstalled itself. Depending on what options were ticked you may not have had a report and there is an option to remove itself once the scan has completed. (saves us doing it when we finish off lol) As nothing was found, there's nothing to worry about. Is the monitor still playing up? How is the system running now? Quote Member of:UNITE
Trazza Posted April 27, 2012 Author Posted April 27, 2012 Yes the monitor is still playing up. I seem to remember that I had this problem a few years ago but for the life in me I can't remember how I fixed it or even if I asked you all for help with it (it's an age thing I think). Thanks Trazza Quote
ExTS Admin Starbuck Posted April 27, 2012 ExTS Admin Posted April 27, 2012 Hi Trazza, Yes the monitor is still playing up. I had a feeling it would be. Although there was some items for us to deal with in the reports, i couldn't see that any of these would cause problems with the monitor. You may well be right about the age thing. As we've dealt with the items in your reports, we'll finish off the cleaning and i'll ask one of the other staff to take a look and see what they think about the monitor. It's not really my field. I'll get them to reply in this thread. Step 1 Restart MBAM. Click on the Quarantine tab If there are items in quarantine..... Make sure everything is selected and then click Delete All. Close MBAM. Step 2 Please double-click OTL to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will cleanup an assortment of tools used during malware removal, plus itself Note: MBAM will not be removed Step 3 Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: Go to Start > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then go to Start > Run and type: Cleanmgr Click "OK". Select the drive for cleaning then click OK (usually 'C' drive) Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. Quote Member of:UNITE
Jelly Bean Posted April 27, 2012 Posted April 27, 2012 Hey there. Could you do me a favour we are talikng about a laptop here? When the screen goes black could you look real close or shine a tourch onto it and see if you can actualy see the desktop.Very faintly? Quote Rwy'n ceisio fy ngorau......................
Trazza Posted April 27, 2012 Author Posted April 27, 2012 I am still waiting for the screen to go again. It generally only happens on firs start up and then only if the PC has been left idle for a hour or two. I will finish the clear up then leave it for a while and if the PC will cooperate. Quote
Trazza Posted April 27, 2012 Author Posted April 27, 2012 Thanks starbuck I have cleaned everything up and have only the new restore point left on the PC. I will wait to see if monitor goes black again and report my findings to Jelly Bean. Once again thank you Trazza Quote
ExTS Admin Starbuck Posted April 27, 2012 ExTS Admin Posted April 27, 2012 You're more than welcome Trazza. I'm sure that JB will be able to find out what the monitor problem is. Quote Member of:UNITE
Jelly Bean Posted April 27, 2012 Posted April 27, 2012 Have asked several people I know if I might borrow their monitor to check if it is this but alas it seems to be the age of the laptop. Confused. You need to check this monitor on another computer. Have you checked the cables are fully connected? Is your graphics card onboard as intergrated or a PCI slot? Quote Rwy'n ceisio fy ngorau......................
Trazza Posted April 28, 2012 Author Posted April 28, 2012 Confused. You need to check this monitor on another computer. At present I dont Know of anyone who will let me try my monitor on their computer as everyone I've asked has a laptop. Have you checked the cables are fully connected? All cables are fully connected. Is your graphics card onboard as intergrated or a PCI slot? Sorry but this is where you lost me I know the computer needs a Graphics card but I haven't the faintest idea what it is or for that matter where it is. Also when I switched on this morning it stayed on no problems and you say your confused Cheers Jelly Bean for trying to help me but when it says in my profile PC illiterate there was no joke. Thanks Trazza Quote
Jelly Bean Posted April 28, 2012 Posted April 28, 2012 You can test your monitor on a laptop.These days laptops have VGA and DVI port to add a monitor,VGA is blue coloured connection DVI is white,do you know which your monitor has? I need you to power off the computer.Unplug from wall socket.Open up your computer and touch your power supply for a few seconds once it has cooled down this will eliminate static. Now look were your monitor cable is connected.Is it connected to a little socket that is intergrated to your mainboard or is it in a coloured slot? If its in a coloured slot then this means it is a PCI card little box on mainboard is intergrated. If its is PCI and has any cables connected to it make sure they are fully fitted and make sure the card is pushed into the slot fully. What is the model and number of your computer? Have you checked your power settings for this monitor? Try turning off hibernation and sleep mode and see if it still occurs. Update the graphics card driver via device manager if you need help doing this please ask. A little late replying due to family needing help. JB. Quote Rwy'n ceisio fy ngorau......................
Trazza Posted April 28, 2012 Author Posted April 28, 2012 Wow Jelly Bean your really scaring me now "open up your computer" the only time it has been opened was when hubby put a new battery in it (he doesn't let me near a screwdriver) My computer is a Dell Dimension 8400 Sorry what are my power settings Where will I find hibernation and sleep mode Actually found Device manager but could not see a graphics card driver to update Really I am very sorry but you will have your work cut out with me I am a coward when it come to computers, and it has still to happen again (the monitor I mean) maybe all that stuff Starbuck sorted out really did work. Thanks for trying to help me I do appreciate it. Trazza Quote
Jelly Bean Posted April 30, 2012 Posted April 30, 2012 Thats ok,I am just getting you a link. Here is a YouTube video: According to your computer specifications you have a PCI express graphics card. Can you get your hubby to clean the internals of the computer with a natural brissle brush and reasit the graphics card and RAM.Or someone who knows a little about computers. Sorry about the wait for a reply I have not been well. Dont worry about anything,if you feel you dont understand I can explain further for you. Download and install Speedfan do not be afriad of it. Once installed allow it to run and check the tempratures of your computer,do not change anything just allow it to run.Just write down what it says for me please. JB. Quote Rwy'n ceisio fy ngorau......................
Trazza Posted April 30, 2012 Author Posted April 30, 2012 Hubby away till weekend but will ask him to do as you say when he returns. I have downloaded speedfan but what do i do with it now. It didn't automatically start and seemed to come with loads more stuff that I didn't want. the only difference with my PC is now I have something called sweetPCfix on my desktop. Is this anything to do with speedfan? Quote
Trazza Posted May 1, 2012 Author Posted May 1, 2012 are you there Jelly Bean? Can you help me with speedfan issues? Quote
Trazza Posted May 7, 2012 Author Posted May 7, 2012 Hubby has done the clean-up thing and everything is reconnected. On first start-up screen turned blank but only once. Still cannot get speedfan to auto run so don't have any readings to report. Is there anything else you can suggest I do? Thanks Trazza Quote
Trazza Posted May 9, 2012 Author Posted May 9, 2012 Could someone please let Jelly Bean Know that I have done what she asked and am waiting to see if she can help with the sppedfan issues. Thanks Trazza Quote
Plastic Nev Posted May 12, 2012 Posted May 12, 2012 Hi Trazza, I will let JB know, in the mean time are you sure you downloaded and installed speedfan, I have just checked the download site and no sign of the extra things you mentioned. If you did download and install it, you should have a square black icon on the desktop labelled "Speedfan". If you do, just double click on that icon and speedfan will then open and first will check all system readings, once done it presents a small window with the details. Close any hint window that appears we don't need that. If possible post a screen shot of what is shown in the speedfan window. Nev. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. --------------------------------------------------------------------I have installed Windows, now how do I install the curtains? :Dhttp://i7.photobucket.com/albums/y282/plasticpig/Nev2.gif
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.